W3af

w3af, acronym for Web Application Attack and Audit Framework, is a web application security framework for scanning, auditing and exploiting vulnerabilities in web applications. From July 2010 on wards, w3af project has been sponsored by Rapid7.