framework to find and exploit web application vulnerabilities

 w3af is a Web Application Attack and Audit Framework which aims
 to identify and exploit all web application vulnerabilities.
 .
 This package provides a graphical user interface (GUI) for the framework. If
 you want a command-line application only, install w3af-console.
 .
 The framework has been called the "metasploit for the web", but it's actually
 much more than that, because it also discovers the web application
 vulnerabilities using black-box scanning techniques!
 .
 The w3af core and it's plugins are fully written in Python. The project has
 more than 130 plugins, which identify and exploit SQL injection, cross site
 scripting (XSS), remote file inclusion and more.