Arachni is an open source web application security scanner framework coded in ruby that helps website administrators and penetration testers evaluate the security of a web application.
SecuBat is another web vulnerability scanner which automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities
Webshag is a multi-threaded, multi-platform web server auditing tool coded in python. It is used for crawling a URL, port scanning, file fuzzing and audits your website.
WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach.
Projectx WHMCS Pentesting Tool v.1 is a vulnerability scanner coded in VB.NET that uses a black box approach. It echos the db_username and the db_password of a website that is vulnerable to WHMCS Local File Disclosure. This kind of vulnerability is only applicable to versions 3.x.x and some 4.x.x which was a viral exploit last year that some website administrators took for granted
Web vulnerable scan tool SQL injection XSS Cross Site Scripting 404/500 server error Admin/Manage folder search web-base or command-line scanner by PHP Check up collate with HTML FORM and LINK
PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn’t even need a user specified starting URI.
Absinthe is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.
Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery
Marathon Tool is a POC for using heavy queries to perform a Time-Based Blind SQL Injection attack. This tool is still work in progress but is right now in a very good alpha version to extract information from web applications using Microsoft SQL Server, Microsoft Access, MySQL or Oracle Databases.
BinNavi is a binary code reverse engineering tool that was built to assist vulnerability researchers who look for vulnerabilities in disassembled code.
With BinNavi you can analyze disassembled x86, ARM, PowerPC, and MIPS code using the powerful built-in static code analysis techniques. In cases where static code analysis is not enough, you can use the built-in debuggers to get a live view on the program you are analyzing.