w3af - Open Source Web Application Security Scanner
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. Our framework is proudly developed using Python to be easy to use and extend, and licensed under GPLv2.0. The easiest way to learn about what w3af is and how you can use it to secure your web applications is to take our project tour and read our FAQ.
• Penetration Testing Tools and How2s