Burp Suite!

mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP. It provides a console interface that allows traffic flows to be inspected and edited on the fly. It also features mitmdump, a commandline tool that provides a tcpdump-like interface for saving, viewing and manipulating HTTP traffic.

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Audit your website security and web applications for SQL injection, Cross site scripting and other web vulnerabilities with Acunetix Web Security Scanner. Download Free Edition!

Netsparker is the only False-positive-free web application security scanner. Simply point it at your website and it will automatically discover the flaws that could leave you dangerously exposed.

w3af is a Web Application Attack and Audit Framework

Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.

Find security vulnerabilities right from your browser. Experience the next generation security tools without the need to install any additional software

Intruder is a proactive security monitoring platform for internet-facing systems.

Welcome to PatrolServer. We scan your server real-time for outdated software and exploits. All delivered by mail and an easy to use dashboard.

Ammonite is a web application security scanner extension for Fiddler. Ammonite detects common vulnerabilities such as SQL injection, OS command injection, cross-site scripting, file inclusion, format string vulnerabilities, and buffer overflows. Ammonite includes unique features that make it particularly well suited for penetration testers and security professionals.

Golem Security Scanner is a powerful and intuitive website security scanner which uses a combination of proprietary and open source scanners to maximize the scan findings. Much less expensive for the paid version than other providers, with a free option which scans a portion of the site.

Firefox add-on that lets you change headers and request parameters before they're sent to the server. Unlike proxy request modifiers, it's integrated into the browser, so it has no problem with HTTPS connections, client authentication certificates, or other features that the browser supports.