WSSAT – Web Service Security Assessment Tool

WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities

Cloudsplaining – AWS IAM Security Assessment Tool

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report.

Rtfobj – Detect and Extract Embedded Objects in RTF

rtfobj is a Python module to detect and extract embedded objects stored in RTF files, such as OLE objects. It can also detect OLE Package objects

Arachni – Web Application Security Scanner Framework

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators

Shadowd – The Shadow Daemon Web Application Firewall

Shadowd (Shadow Daemon) is a collection of tools to detect, record and prevent attacks on web applications. Shadow Daemon is a web application firewall

Droopescan – Plugin-based Scanner for Several CMSs

Droopescan is a plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets

w3af – Web Application Attack and Audit Framework

w3af is a not a standard web application scanner but it is an advanced framework that may allow penetration tester to make automated