I am adding the tools in random order.
With available plugins, you can extend the functionality of the tool.
So, a penetration tester can easily perform SQL injection check on a website.
It performs black-box testing by scanning web pages and injecting data.It can detect following vulnerabilities: File Disclosure, file inclusion, cross Site Scripting (XSS).In this article, I will list out free tools to scan your site for security vulnerabilities, malware.Download Wapiti with source code: t/ W3af elsner flake font collection W3af is a popular web application attack and audit framework.So, you can go with those environments.Related: 10 Tests Covered Under the Gamut of Web Application Penetration Testing http w3af.
Open source tools are those which offer source codes to developers so that developers can modify the tool or help in further development.
A code review tool finds and fixes mistakes introduced into an application in the development phase, improving both the overall quality of software and the developers' skills.Here are 8 open source tools that are popular among security testers: Vega, it is a vulnerability scanning and testing tool written in Java.With this tool, you can perform security testing of a web application.Below chart from Cenzic shows different types of the vulnerable trend found.You can read those articles to know more about this tool.You need to register a free account to perform this scan.Org iron Wasp, it is a GUI based powerful scanning tool which can check over 25 kinds of web vulnerabilities.