Vulnerabilty Assessment & Whisker Doubts

[kaps lock <secnerdkaps () yahoo com>]

Hi all,
Am right now trying to design a VA/penetration testing
lab at work and looking into various options tools
that are available and the procedures to follow
,follwoing are the things i have outlined ....please
add on whatever you feel is imporant and i have missed
out:

Get acquainted with Client Network
Google Hacking
Arin
getting names from email bouncing

DNS Finger printing and using dig for trying ZONE
TRANSFERS OR cash poisioning vulnerabilties.

get on with your NMAP and finding open ports/and
perform some OS Fingerprinting.

Now for Vulnerabilty detection on open ports ....
Nessus
NessusWX??
NeWT--->>>does it have a linux version too to
download??
which is better

Now the gray area where i am wanting to use all open
source web application testing tools:
1) Whisker--->could anybody point me to a good
documentation on its usage,wiretrip doesnt have it ,if
any link for command usage you could share I wil
highly appreciate it.
2)Nikto....


Other Aspects would be social engineering...
checking out physical security...war dialing ,dumpster
driving...


Basically I would like to know what are the best open
source scanners/tools/Vulnerabilty DETECTION Tools i
could use to make my kit complete and as good as one
Qualys uses.

thanks in advance.
a real sec nerd :)


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com