These are some of my tools I use at work
Apache JMeter isn’t my main tool when doing performance tests, but in certain situations it comes handy. Especially in locked down environments. I use it to simulate heavy loads on the web servers we deploy to at work. By using this tool I can easily spot error situations, pages that crumbles under heavy load and general bloopers our developers has made. JMeter offers a GUI for easy setup of testplans and a in general smooth interface for daily use managing the testplan/tests. Most often I run it in GUI mode but there are also occasions where I need to run it in a distributed setting in CLI mode. One great things is that is is written in Java, thus it is cross platform compatible. On top of this I also, on occasion, I pair it with Blazemeter. Blazemeter is an online service offering a “run” tool for running bigger tests than from my localhost.
For further information see their respective homepage:
Another load testing tool with great capabilities. This tools is slightly different from JMeter since it features extended functionality and a really easy to use GUI.
XDebug is a tool for debugging and profiling of PHP applications. It is provided as a extension for PHP. I mostly use it for profiling webpages we produce at work. XDebug is capable of providing output from profiling which I can open in KCacheGrind. KCachegrind is tool used for visualizating profiling data from XDebug. It runs under Linux (as far as I know).
I am using the free edition. For the most part I am using it as an intercepting proxy together with Foxyproxy for Firefox.
Acunetix is a tool that lets you scan your application and services looking for vulnerabilities. It’s a great product in the stiffer price range – but it is worth it if you know how to utilize it.
OWASP Zap is a freely available vulnerability scanner. It works great and it compares to Acunetix. However – from what I’ve seen Zap does not find the same amount of vulnerabilites as Acunetix. But close.
Various CLI tools
Over the years I have written many CLI scripts in Ruby, Python and PHP to support my daily workflow. They range from header sniffing tools, network sniffers, fuzzers, MYSQL bruteforcers and whatnots. It is highly unlikely I would ever release them into the wild due to their nature.