- use Owasp ZAP or Webscarab for their proxy functionality.
- use Nikto and W3AF to scan web applications.
- use SQLMap to exploit SQL injections vulnerabilities.
- use XSSer to detect and exploit XSS vulnerabilities.
- use Powefuzzer to fuzz parameters
- use online encoder/decoders
- use DirBuster to find hidden resources