Ever wonder how vulnerable you site or web application is to being hacked?  Try Wapiti, a great little tool that scans your web application or site for vulnerabilities to a variety of hacking exploits.  Wapiti is written in Python and has a simple command line interface.  I've been using it as part of the PCI compliance certification process for a customer.

 Wapiti can detect the following vulnerabilities :

• File Handling Errors (Local and remote include/require, fopen, readfile...)
• Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
• XSS (Cross Site Scripting) Injection
• LDAP Injection
• Command Execution detection (eval(), system(), passtru()...)
• CRLF Injection (HTTP Response Splitting, session fixation...)

http://wapiti.sourceforge.net/