OSWAP ZAP can help a system administrator find malicious codes embedded in a Web application.
Maybe you already know Nmap, a security scanner used to discover hosts and services on a computer network.
Scapy is a tool which permits to interactively decode and inject packets and get answers.
BeEF (Browser Exploitation Framework) it’s a GUI-based open source tool, which examines how someone could use the Web browser to exploit vulnerabilities.
sqlmap is a CLI software designed for automating the process of detecting and exploiting SQL injection flaws and taking over of database servers. It as full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB and HSQLDB database management systems.