I think discovering security holes is clearly benefitial but inventing new tools that make it easier to exploit those holes seem overzealous to me. Yes, I understand these tools can be used to protect but what about tools that use questionable means? Jikto, for example, uses unsuspecting website visitors' browser to scan other websites for holes. Would any businesses use such tools to protect their sites? If not, who does it benefit? Is it security researchers' job to push the envelope of black hat's state of art?
<p>I believe that even the loftiest principles should be bounded by context. While I don't think security research should only be done reactively, I think active research community should provide better guidelines to prevent people going overboard.