W3af is an extremely popular, powerful, and flexible framework for finding and exploiting web application vulnerabilities. It is easy to use and extend and features dozens of web assessment and exploitation plugins. In some ways it is like a web-focused Metasploit.
Changelog:
Considerably increased performance by implementing gzip encodingEnhanced embedded bug report system using Trac's XMLRPC
Fixed hundreds of bugs
Fixed critical bug in auto-update feature
Enhanced integration with other tools (bug fixed and added more info to the file)
Download it from here:
http://www.w3af.com/The software is listed in 18 th place in the Top Network Security Tool list .