From: http://www.securityfocus.com/archive/101/492134

Here's a list of useful resources on Lotus Domino/Notes security:

http://www.dominosecurity.org/
http://www.ngssoftware.com/papers/hpldws.pdf
http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf
http://seclists.org/pen-test/2002/Nov/0034.html (all thread)
http://seclists.org/pen-test/2007/Jul/0111.html (all thread)
http://documents.iss.net/whitepapers/domino.pdf
http://www-128.ibm.com/developerworks/views/lotus/library.jsp
http://www-128.ibm.com/developerworks/lotus/security/
http://www.redbooks.ibm.com/redbooks/pdfs/sg247017.pdf
http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg245341.pdf
http://www.nsftools.com/

Some testing tools:

http://packetstormsecurity.org/UNIX/scanners/DominoHunter-0.92.zip
http://packetstormsecurity.org/UNIX/scanners/domino.tar.gz
http://www.cqure.net/wp/?page_id=17
http://www.appsecinc.com/products/appdetective/domino/ (commercial!)
http://www.rapid7.com/nexpose/features.jsp (commercial!)
http://www.openwall.com/john
http://usuarios.lycos.es/reinob/
http://www.nestonline.com/lcrack/
http://www.securiteinfo.com/download/dhb.zip
http://www.cqure.net/wp/?page_id=12
http://www-128.ibm.com/developerworks/lotus/downloads/
Other commercial password crackers from Elcomsoft/Passware/etc.

And some exploits:

http://www.0xdeadbeef.info/exploits/raptor_dominohash
http://www.milw0rm.com/exploits/3602
http://www.milw0rm.com/exploits/3616
http://www.milw0rm.com/exploits/4207
http://www.milw0rm.com/exploits/4574