In answering your question: Rapid7 makes some great tools and resources for learning how to secure your environment. Nexpose is one such tool, and fairly easy to understand/operate. Nessus is also another very good one that is free* to use, from their .org site its a bit delayed with updates for obvious reasons. From their the tools take a bit more learning up on to get good results. Sqlmap is a good one for SQL injection testing.
After that it just become how much you are willing to invest in time to learn how to operate other tools. Metasploit is wonderful but has a large learning curve.
Without knowing how he was able to get your credentials, it might be worth pointing out, there are other methods that are easier to defend against in which he may have employed. Sniffing the traffic for example, one may just pull out in plain text your passwords as you login or stealing your browser cookies is very trivial. Good implementation of safe browsing techniques could at the very least prevent some of these hacks. Some examples are like never using an open Wifi and using SSL.
I hope this answers some of your questions
Fact, Science and the Pursuit of Knowledge. Working to secure your networks from threats; Outside and Within.