Wapiti is a free and open-source application designed to scan web applications for known vulnerabilities. It performs black-box scans and can be used to detect a variety of problems such as SQL injection, cross-site scripting, and directory traversal. Wapiti is written in Python and it can be used in both a graphical and command-line interface. It supports several file formats like HTML, XML, JSON, and plain text. Wapiti is easy to use and can be used to evaluate the security of web applications. It is an ideal tool for developers and system administrators who need to audit the security of their web applications.
Skipfish is no longer maintained. The latest version, 2.10 beta, released in December 2012, can still be downloaded from Google Code Archive.