w3af

w3af is a Web Application Attack and Audit Framework

Acunetix

Audit your website security and web applications for SQL injection, Cross site scripting and other…

Burp Suite is an integrated platform for performing security testing of web applications.

Censys helps organizations, individuals, and researchers find and monitor every server on the Internet to reduce exposure and improve security.

HTTP proxy / HTTP monitor / Reverse Proxy

Network recon framework, including a web interface to browse Nmap scan results.

Intruder is a security monitoring platform for internet-facing systems.

Learn, download and use the most flexible and powerful web application security testing framework.

Netsparker is a tool for scanning web sites for security vulnerabilities.

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web…

PunkSPIDER is a global-reaching web application vulnerability search engine.

Find security vulnerabilities right from your browser.

Shodan is the world’s first search engine for Internet-connected devices.

Firefox add-on that lets you change headers and request parameters before they’re sent to the…

Search engine for the Internet of Things

Subgraph Vega | Free and Open Source Web Application Vulnerability and Security Scanner

Websecurify free and premium security tools automatically scan websites for vulnerabilities like SQL Injection, Cross-site Scripting and others

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding…

Network mapping service

A fully automated, active web application security reconnaissance tool.

Wapiti allows you to audit the security of your web applications. Wapiti is a command line tool.