Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections... It use the Python programming language.
Extract from the output of a scan with the -u option
Extract : top of a generated vulnerability report in HTML format