Rich McIver sent over an article on itsecurity.com entitled 103 Free Security Tools. It’s actually a pretty thorough list. Of course it’s not everything, but it actually covered quite a few programs that I personally have used.
There is one program that is missing from this list that I use every day all day long that I personally swear by. It’s Cygwin. In essence it is a Linux shell on top of Windows. It makes the possible to run apache under windows (without another install), wget, ssh, scp, vim, perl, c++, python, php etc… etc… It’s truly one of the most useful tools on my desktop. Also, tools like nmap, unicornscan, fierce etc… are all missing. For the penetration testers out there, these are pretty damn useful to keep on your desktop and all nicely run under cygwin. If you have no access to a Linux/FreeBSD box, this is the next best thing.
Btw, apparently I am behind the times, or wasn’t paying attention but winscp did fix that URL handler vulnerability (changelog can be found here). So if you haven’t updated winscp in a year or more, time to get rid of that vuln and update. Personally I’ve stuck to scp under cygwin, but for the people who never got the hang of command line apps, winscp is a great alternative. And for anyone who doesn’t know what scp is or is otherwise new to security - FTP is vulnerable to man in the middle attacks, scp and sftp use encryption, so while potentially a little slower, they are far more secure.