OWASP Top 10 penetration testing software

- Burp Suite <http://www.portswigger.net/burp/  The premier tool for performing manual web application vulnerability  assessments and penetration tests. The pro version includes a scanner, and  the Intruder tool makes the offering stand out amongst its peers.  - HP WebInspect <https://download.spidynamics.com/webinspect/default.htm  An enterprise-focused tool suite that includes a scanner, proxy, and  assorted other tools.  - WebScarabNG <https://download.spidynamics.com/webinspect/default.htm  The latest version of this famous suite from OWASP. Includes a web  services module that allows you to parse WSDLs and interact with their  associated functions.  - IBM AppScan <http://www-01.ibm.com/software/awdtools/appscan/  IBM's enterprise-focused suite.  - Acunetix <http://www.acunetix.com/  Acunetix's enterprise-focused suite.  - NTOSpider <http://www.acunetix.com/  NTObjectives's enterprise-focused suite.  - W3af <http://w3af.sourceforge.net/  w3af is a Web Application Attack and Audit Framework. The project's goal  is to create a framework to find and exploit web application  vulnerabilities that is easy to use and extend.  - Websecurify <http://www.websecurify.com/  Websecurify is a powerful web application security testing environment  designed from the ground up to provide the best combination of automatic  and manual vulnerability testing technologies.  - Samurai <http://samurai.inguardians.com/  Websecurify is a powerful web application security testing environment  designed from the ground up to provide the best combination of automatic  and manual vulnerability testing technologies.  - Skipfish <http://code.google.com/p/skipfish/>  A fully automated, active web application security reconnaissance tool  written by Michal Zalewski of Google.  - RAFT (Response Analysis and Further TestingTool)<http://code.google.com/p/raft/>  RAFT is a testing tool for the identification of vulnerabilities in web  applications. RAFT is a suite of tools that utilize common shared elements  to make testing and analysis easier. The tool provides visibility in to  areas that other tools do not such as various client side storage.  - Zed Attack Proxy(ZAP)<https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project  The Zed Attack Proxy (ZAP) is an easy to use integrated penetration  testing tool for finding vulnerabilities in web applications. It is  designed to be used by people with a wide range of security experience and  as such is ideal for developers and functional testers who are new to  penetration testing. ZAP provides automated scanners as well as a set of  tools that allow you to find security vulnerabilities manually.Standalone Web Assessment Tools:  - Nikto <http://www.cirt.net/nikto2  Nikto is an command line Open Source (GPL) web server scanner which  performs comprehensive tests against web servers for multiple items,  including over 6400 potentially dangerous files/CGIs, checks for outdated  versions of over 1000 servers, and version specific problems on over 270  servers.  - Wikto <http://www.sensepost.com/labs/tools/pentest/wikto  Wikto is Nikto for Windows - but with a couple of fancy extra features  including Fuzzy logic error code checking, a back-end miner, Google  assisted directory mining and real time HTTP request/response monitoring.  Wikto is coded in C# and requires the .NET framework.