GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. It is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, ...

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust ...

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items ...

A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. Detects ...

Hackvertor is an online conversion tool which can serve as many tools to aide browser hacking, XSS testing, SQL injection, fuzzing, hashing, and lots more. Thanks to Gareth Heyes for suggesting this tool!

WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In ...

Paros is an HTTP and HTTPS proxy application written in Java. It allows for easy interception and manipulation of web traffic to and from a client.

Firefox plugin by Adam Judson. Use Tamper Data to view and modify HTTP/HTTPS headers and post parameters, trace and time http response/requests, and security test web applications by modifying POST parameters.

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. ...