I’ve started out to build a web application scanner. The first usable iteration is ``wascan’’ (sorry, I’m bad at naming things, if you have a better idea, let me know). The current version can crawl a target url and then by performing a brute-forcing step, it can discover further resources. The goal is to create a scanner which can automatically perform authentication, find and fuzz parameters, detect CSRF tokens, recognize session cookies and discover most of the OWASP top 10 vulnerabilities.
more here..........http://itinsight.hu/en/posts/articles/2015-03-17-wascan/
more here..........http://itinsight.hu/en/posts/articles/2015-03-17-wascan/