w3af - w3af is a Web Application Attack and Audit Framework
Shodan - Shodan is the world's first search engine for Internet-connected devices.
Censys - Censys helps organizations, individuals, and researchers find and monitor every server on the Internet to reduce exposure and improve security.
Zed Attack Proxy - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding...
Exploit Pack - Exploit Pack is an open source project security that will help you adapt exploit codes on-the-fly.
Grabber Web Application Scanner - Grabber is a web application scanner. It detects vulnerabilities in your website.