w3af - Web Application Attack and Audit Framework
w3af is an open source web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.
The scanner is able to identify 200+ vulnerabilities, including Cross-Site Scripting, SQL injection and OS commanding.
Contributing
Pull requests are always welcome! If you're not sure where to start, please take a look at the First steps as a contributor document in our wiki. All contributions, no matter how small, are welcome.