Pen-test vs vulnerability assessment
The vulnerability test gets into system till it isn't compromised while the penetration tests can compromise a system as per the contract with the company.

Most organizations carry out vulnerability tests instead of penetration tests. Vulnerability test is only about identifying and quantifying the security flaws, while penetration testing is active analysis of the system for any weaknesses or flaws and can involve active exploitation of security vulnerabilities. Security issues are reported to the owner and often a technical solution is suggested.

Penetration tools
Many penetration tools are existent today and most are freeware, however our focus is on two important tools, VoIP and firewall testing tools.

To test VoIP we selected Cain & Abel since this tool is developed for Microsoft operating systems. It is basically a password recovery tool with many useful utilities like dictionary attack, cryptanalysis, brute forcing attack, and ARP poisoning, recovering local security asserts secrets. An important feature of Cain and Abel is that it works within in an established LAN as soon as we move out from LAN this test is of little use. We performed some interesting tests with this tool, namely brute forcing attack, ARP poisioning and recovered LSA secrets for a local machine. Some useful and tested features of this test are:

Protected password recovery:  Reveals locally stored passwords of Outlook, Outlook Express, Outlook Express Identities, Outlook 2002, Internet Explorer and MSN Explorer.

Brute force attack: The most effective technique to generate password based on various combinations. It is applied to hash files generated through PwDump  utility.

LSA Secrets Dumper: Dumps the contents of the Local Security Authority Secrets.

Sniffer: Captures passwords, hashes and authentication information while they are transmitted on the network. Includes several filters for application specific authentications and routing protocols. The VoIP filter enables the capture of voice conversations transmitted with the SIP/RTP protocol saved later as WAV files.

ARP Poisoning Attack: This attack is based on poisoning of the ARP cache of the switch, as it is known that all the traffic in a LAN is passed through a switch which maintains ARP (Address Resolution protocol) cache.

The attack basically poisons the ARP cache of the switch so that all traffic will move through the attacker's machine without the knowledge of the user. Cain and Abel is user friendly and its results are 99% accurate. The newest version, v49.35, has added support for Windows 2008 Server in APR-RDP sniffing filter.

For more references you can log on to www.oxid.it. A limitation with Cain and Abel is that you have to get into the network to use it. Another limitation is that since it is free and created for use in educational and security purposes, it can also be used by hackers to hack into your network.