• use Owasp ZAP or Webscarab for their proxy functionality.
  • use Nikto and W3AF to scan web applications.
  • use SQLMap to exploit SQL injections vulnerabilities.
  • use XSSer to detect and exploit XSS vulnerabilities.
  • use Powefuzzer to fuzz parameters
  • use online encoder/decoders
  • use DirBuster to find hidden resources