Today i am going to write about a penetration testing tool for finding vulnerabilities in web application tool. I found it on code.google.com . 
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pentester's toolbox.
Some of ZAP's features:
- Intercepting Proxy
- Automated scanner
- Passive scanner
- Brute Force scanner
- Spider
- Port Scanner
Some of ZAP's characteristics:
- Easy to install (just requires java 1.6)
- Ease of use a priority
- Comprehensive help pages
- Under active development
- Open source
- Free (no paid for 'Pro' version)
- Cross platform
- Involvement actively encouraged
Download Here: