You can sell gpl software as long as you include the gpl license and the source code.

You can't really sell free (GPL) software but you can sell a support agreement for GPL software. The source code for any application that is based on GPL software must be, as I understand it, released however if this pen tester is merely a front end and isn't directly (compiler) linked with the GPL apps/libraries then it may be possible to circumvent the GPL and release the front end under a more restrictive licence.

For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.

directly from th GPL

my emphasys

However, presumably their software isn't GPL (they wouldn't want people copying it).

"Not selling GPL software" is a utterly wrong meme which keeps getting repeated. Nokia are doing it. Red Hat do it. SuSE do it.

Well, there have been many replies sofar, most of them sort of correct. There is nothing in the GPL that prohibits anyone from selling GPL-ed software; you can even sell someone else's software if you can get away with it (that's why I suggested this thing be slashdotted). The only limits are, as mentioned, that you have to give whoever you sell/give away GPL software to the same rights as you got, that you have to include the GPL license text and that you have to make the source code available (strictly speaking you don't have to include it; a permanent link to the source is considered acceptable, but you're responsible for keeping up that link).

You also don't have to explain to anyone where the software came from. I used to work for a company that rebranded the AMPortal software for Asterisk and sold it as their own total product. GPL licences and source code all included.. but most users who would pay for stuff that they could get for free with 30 minutes of googling.. won't know or care what the gpl is.

I don't know about that. I'm pretty sure not mentioning the original author would violate copyright law, which the GPL expressly supports.

Author is usually mentioned somewhere in the source. If asked if they wrote the software they would say they made the interface, which was a half truth, but trust me.. no one asks that kinda stuff

There is no requirement under the GPL to reference the original author anywhere prominently (the so-called "advertising clause" of some BSD licences).

There are some wrong claims in this thread. IANAL, but I've actually read the license..

1) There is no advertising clause in GPL (see previous post)
2) You can sell the source or the binary for whatever amount of money you are able to get for it. It must, however, include the GPL (the actual license file).
3) If you sell or give binary code to someone you are also required to provide the source code, for a nominal fee if necessary (only to cover transport/packing) if, and only if, they ask for it, and only for a limited time (some years, mentioned in the GPL). NB: Only for this case is there a limitation on what you can charge: i.e. when you provide the source code _after_ you gave away or sold the original binary.
4) 'they' in the above means the ones you gave or sold the binaries to.
5) You are not required to give away any source to GPL code that you modified, unless you actually distribute binaries (programs, whatever). In other words, if you take some GPL code and make a special version for your own use, you're not required to give the source to anyone even if you tell (or brag) about it to someone.
6) Including a modified version as a part of some piece of hardware is of course equal to distribution.

For the rest, better read the actual license.. it's not _that_ much text.