Enum4linux is a tool for enumerating information from Windows and Samba systems. very useful during CTF if you’re facing a Windows machine, it can help you find the initial foothold.
It does come preinstalled with most Security Distros.
+============================================+
John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems. John the Ripper jumbo supports hundreds of hash and cipher types, including for user passwords of Unix flavors (Linux, *BSD, Solaris, AIX, QNX, etc.), macOS, Windows, “web apps” (e.g., WordPress), groupware (e.g., Notes/Domino), and database servers (SQL, LDAP, etc.); network traffic captures (Windows network authentication, WiFi WPA-PSK, etc.); encrypted private keys (SSH, GnuPG, cryptocurrency wallets, etc.), filesystems and disks (macOS .dmg files and “sparse bundles”, Windows BitLocker, etc.), archives (ZIP, RAR, 7z), and document files (PDF, Microsoft Office’s, etc.) These are just some of the examples - there are many more.
+============================================+
Hashcat is a popular and effective password cracker widely used by both penetration testers and sysadmins as well as criminals and spies. Cracking passwords is different from guessing a web login password, which typically only allows a small number of guesses before locking your account. Instead, someone who has gained access to a system with encrypted passwords (“hashes”) will often try to crack those hashes to recover those passwords.
+============================================+
Feature-limited manual tools for researchers and hobbyists
Burp Suite is a multipurpose security tool for bug hunting that has a lot of useful features, for example, the repeater, the intruder and the sequencer. You can use these features when pentesting
More info here on the Enterprise Edition
+============================================+
The Metasploit Project is a computer security project that shows the vulnerabilities and aids in Penetration Testing. Penetration Testing is an authorized simulated attack on computer system looking for security weaknesses, and Instruction Detection System (IDS) signature, which on the other hand monitors a network or systems for malicious activities. The other most related sub-project is the Metasploit Framework. Metasploit Framework is open source and it is the most common exploit development framework in the world.
However, one can utilize it to perform some legitimate and unauthorized accesses and activities on computer systems. In this regard, it is no different from any other similar commercial products such as Immunity’s Canvas or Core Security Technologies. However, Metasploit is commonly used to break into remote systems or test for a computer system vulnerability.
+============================================+