I usually watch the Hacker News network which is a weekly video cast, and they have a section called Tool Time which discusses new tools and the latest releases.  There are probably better ones out there, that's just the one I'm thinking of at the moment.

This is a good general list: http://sectools.org/ There was recently a new survey, so that will hopefully be updated soon.

New tools might be discussed in some general mailing lists: http://seclists.org/

If you're looking to be notified about updates to specific tools, you should get on their respective mailing lists. Most are very light in traffic and only notify you when there's an update.

Sites like Darker Reading or pod casts like PaulDotCom might touch upon notable releases as well.

i totally forgot about that survey! i am curious about the results!

@dynamik sectools.org is a good site but alot of there stuff is really outdated.  I was hoping to look for something similar on how Security Database Tools Watch used to be where it would report out when a new update of a tool would be released.

@Equix3n- Thank you I do follow Tools Watch on twitter, once the website stopped being updated he stated that all of the information would be put through the twitter feed.  I do look through the twitter feed, but it can be painful to read through.

@sil Thanks for the help.  I knew comments like this were gonna pop up

"Remember... You should at least *try* to understand how tools work and at one time, try making something similar for yourself. It allows you to understand the process of what the tool does a lot more yielding better (more granular) results."

Thats why I almost didn't post.  I do understand how the tools work I work with them everyday.  I was just simply looking for any websites people would suggest.  I am not trying to be rude to you, but it is comments like that that make people not want to post on this website at all. 

I really do appreciate the help from everyone and thanks for the suggestions.

@steven1664 - I'll second sil's advice / comments.  (NOT ill intended...)

If you're pentesting some environment, where you KNOW the folks have little / no security knowledge, then very often, you won't care about being noisy, or what may or may not be seen by the site admins, or whomever.  (Or, if the scope document for the test allows for you being seen, and they simply want to know what vulnerabilities they have, and could potentially be exploited.)  But he's absolutely right, with regards to using custom tools, and understanding how they work, from the standpoint of knowing that, while "Tool A" might give me the results I need in every case, "Tool B" will give me the same results, but in a more covert / quiet way, with less risk to the environment / servers being tested, etc.  Becoming a truly exceptional pentester involves gathering tools (and / or now or eventually writing your own,) and understanding not just WHAT they do, but HOW they do it, so you can wisely pick and choose.

I firmly believe that sil was NOT trying to 'belittle' you, and I don't think, in general, you'll get much of that, here, from any of the regulars, and particularly sil.  Sometimes wording on a web forum doesn't adequately convey thoughts, nor does it give you a sense of real intention, sarcasm, humor, or otherwise, unless the person leaves comments that further clarify those things.  I'd suggest, if you feel that way with regards to future replies, rather than openly blasting back, perhaps first PM the poster who replied, and ask for clarification, as, quite often (at least here), you'll find no ill intent was there to begin with.  

Cheers!

There are a few initiatives for this kind of documentation out there atm. One i like a lot is:

http://tools.securitytube.net/index.php?title=Main_Page

Which has syntax and videos for a lot of tools.

gl!

@steven what I've noticed is that I get a lot more tools that never hit those sites (and likely never will) by following certain people via say twitter, mailing lists, personal blogs. For example Chimichurri


http://www.zdnet.com/blog/security/windows-token-kidnapping-returns-to-haunt-microsoft/6849

Chimichurri and Churraskito have been out for a little bit and they still haven't hit "tool sites":


(EVERYBODY uses tools)... My initial point was just you explained in your response. I tend to see a lot of questions aimed towards: "Hi do I point and click 'pwn' something!" Where my responses tend to explain certain things to enable someone to think outside the box...

Anyhow, I'd pick the top 20 "scary people I wouldn't want on my network" and follow them. For that, I name: Charlie Miller, Dave Aitel, Kostya, Dino Dai Zovi, HD Moore, Adam Shostack, Dan Guido, Pedro Amini, Alex Sotirov, Cesar Cerrudo, Halvar Flake, FX, Steven Ridley, Nico Waisman, Aaron Portnoy, Tavis Ormandy, wushi of team509, kingcope... Following those will lead you to LOTS of informative tools, methods, concepts, etc. I'd rather roll around in broken glass then fsck around even playing CTF with them.

Lastly If you can find him and or if he'd even wanna talk, (old schoolers would know him)... Eugene of the old group Ghettohackers (Where my dawg @). Probably the scariest guy I've ever corresponded with via way of security on the "hacking" level. Well him and a friend of mine named minga. (if you can find him) Your mileage may vary though, I talk to many of those listed from time to time and I admire their expertise and knowledge but am not intimidated by them so I tend to bug them like a mosquito in their ear from time to time. If I HAD to follow just 20 people, either to learn about tools, find out what *really* works, those would be them.

These guys all make tools (well most) and if they don't they know and explain enough "hardcore" stuff that'll make even the most experience security practitioner feel like a newborn. I try to follow most of their blogs, tweets, etc., and in the end, sometimes come up with my own "WTF" tools.