Open Source Invicti (Netsparker) Alternatives
A fully automated, active web application security reconnaissance tool. Key features: High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.Discontinued
Skipfish is no longer maintained. Last version, 2.10 beta, released in December 2012, can be still downloaded from Google Code Archive
Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc.