skipfish
Skipfish - web vulnerability scanner from Michal Practice (known under the nickname lcamtuf). Written in C, cross platform (for Win needs Cygwin). Recursively scans the entire site and finds all sorts of gaps...
nikto
Nikto is an Open Source (GPL) Web scanner. Eliminates the routine manual work. Looking on the target site for unremoved scripts (some test.php, index_.php, etc.), database administration tools (/phpmyadmin/,/pma and similar)...
w3af
w3af (web application attack and audit framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security...
nmap
Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish...
sqlmap
Sqlmap - is one of the most popular open source tool for automated SQL Injection scanning and exploitation and it is very popular among security specialists and pentesters. It works not only...
