W3af is a free Open Sourcer GUI tool written in Python for Web Application Attack and Audit Framework.
This web vulnerability scanner is easy to use and extend, allowing the execution of more than 130 plug-in, check for SQL injection, cross site scripting (XSS) inclusion of local/remote files, and more.
W3af 1.0-Stable adds significant improvements of the framework, including:
Various layers for exploited vulnerability in order to be able to write payloads and execute files on the compromised web server.
Javier Andalia created a PHP static code analyzer in order to identify SQL injections and introducevery interesting feature as a web application payload.
After exploiting a vulnerability is possible try --> "payload php_sca" and will download the remote PHP code in your box to analyze it to find vulnerabilities.
Auto-Update, allow you to keep your w3af installation updated easily and without any effort.
More details about this release and latest version download can be found on the w3af Official WebSite.