Some of the most useful tools that work in association with the w3af web application security scanner, are listed below:
- Wapiti (http://wapiti.sourceforge.net/): a Python-based script that discovers attackable URLs and then cycles through a list of evil parameters.
- Nikto (http://cirt.net/nikto2): a Perl script that quickly summarizes system details and looks for the most obvious of defects.
- Skipfish (https://code.google.com/p/skipfish/downloads/list): a C program that bashes away with many requests over a prolonged period. You can choose from different dictionaries of attacks. This is an excellent poor man’s stress test; if your system stays up; you know that it has reached a minimal level of stability.
- Nmap (http://nmap.org/): A simple to use, highly popular, award-winning network scanner.