w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
This project has been migrated to github! See details in our project site: http://w3af.org/
There are no 4 star reviews.