It has finally arrived!  The long awaited version 3 of the most popular and most powerful penetration testing livecd is here!  Backtrack 3 takes what you loved about Backtrack 2 and pumps it full of steroids.  With a bunch of new tools and a snazzy new bootsplash, Backtrack is back and it's kickin ass!  It looks like the Remote-Exploit team has seen the need for more application layer and fuzzing tools and delivered the best of the best tools for web application testing and fuzzing.  There are a couple neat new tools you've never seen before and might get you excited to try the new BT.

I will highlight the tools that really stood out to me here but keep in mind that there are plenty more that may be more suitable for the testing you're more accustomed to so don't think this is all the disc has to offer.  The first tool I found and played with for a couple hours is metagoofil.  metagoofil is a simple little application that lets you utilize google to search domains for several filetypes and automatically download the files it finds.  metagoofil can cut information gathering time down to nothing and give you a nice directory full of everything it finds.  Very simple concept, but also a tool I bet alot of penetration testers will drool over.

hackomatix is an automated SQL injection tool that you can configure via an ini file.  It looks to be very versatile and customizable to whatever db structure you can think of.  Very handy tool, but I'll have to test it more to get a real feel for it.  Worth a look for anyone that does alot of SQL security testing.

Something new and original in Backtrack 3 is EzPWN.  EzPWN is a "Backtrack companion" that allows you to do some common things with minimal effort, such as nmap, amap, unicorn, etc scans, access to Metasploit, and access to common utilities such as XHydra.  This is clearly just a jumpoff point to those standard utilities that every pentester uses and while it may not add alot of NEW features, it sure does add some convenience.

Something else I had never seen before is Metasploit's companion webapp (no, not msfweb), FastTrack.  FastTrack allows you to quickly run some popular attacks with Metasploit, such as the MSSQL Root SQL Injector, SQL Bruter, Metasploit Mass Client Attacker, Remote Command Shell, and "Metasploit Autopwn Automated" which portscans a target and runs some common exploits against ports it finds open.  Given, this won't work on a properly secured host, but pentesters aren't looking for properly secured hosts, now are they?

Something else I should mention, they have 3 distinct versions of Backtrack 3 to download.  There's the USB version, which you can either install on a USB drive or burn to a DVD; there's the stripped down version that will fit on a CD; and there's the VMWare image of Backtrack 3 that you can just plug into your VMWare implementation and run with it.  Very cool to have these options.

There are lots of interesting tools to play with in BT3.  Far too many for me to mention here.  Go download it and have fun.  Great job, Backtrack team!