Audacity - Windows version - Allows for analysis of audio files.
WaoN - Windows/Linux - command line tool that takes in sound files and outputs midi files
MidiSheetMusic - Windows - Translates Midi files to 1) Sheet Music, and 2) Letter Notes
John the Ripper (Magnum) - Brute force passwords
rsatool.py - Takes p and q and returns a private key
xortool - Tries to find the key for xor encrypted data
PEDA - Irreplaceable addition to GDB. Adds a lot of useful features for finding and exploiting bugs in binaries.
ROPGadget - Finds gadgets in programs. For use with ROP exploits.
pwntools - Very useful when coding remote exploits for CTFs. Has a feature rich library that aims at making exploit developement for CTFs easier. Definitely check this one out.
Wireshark - The standard pcap analysis tool. Displays network traffic.
pcapfix - Fixes corrupt pcap files.
aircrack-ng - WEP and WPA-PSK cracking tool (uses pcap files).
HxD - Windows - Freeware Hex and Disk Editor.
HexEdit - Windows - Another Hex Editor.
binwalk - Linux/OSX - Firmware analysis tool.
Java Decompiler - Useful when needing to decompile Java class files.
IDA - The standard decompiler.
Radare2 - Seems like a better GDB. There appears to be a slight learning curve but this looks promising.
VB Decompiler - This program will take a VB program and give you a decent amount of information about it. Helpful for seeing the code inside of forms.
Stegsolve - Displays various aspects of pictures.
Steganabara - Provides additional tools for analyzing pictures.
binwalk - Linux/OSX - See binwalk in Forensics. Also capable of retrieving embedded photos.
Burp Suite - Web proxy. Very helpful for web challenges.
sqlmap - This helps automate easy SQL injection challenges. Most CTFs try to prevent the brute force approach but this should be useful for the easier challenges.
Postman - Chrome Extension - Create and send POST requests from within Chrome.
Tamper Data - Firefox add-on - Intercept, tamper with, and resend POST requests from within Firefox.