[Travis]

The web apps I've seen that do this all look pretty scammy. I wouldn't want them poking around my site. Then again, it is a public site, so...

Anyhow, since there are several major attack vectors, there are also several different types of scanners. I recommend you read the book "breaking web software" to get a better understanding of the types of attacks.

As far as tools, if you have a PHP install I recommend https://chorizo-scanner.com/

No recommendation, but http://www.acunetix.com/cross-site-scripting/scanner.htm looks like they can help.

IBM has a good article/series on web app vulnerabilities at http://www.ibm.com/developerworks/web/library/wa-appsecurity...

And finally, wapiti is a vulnerability checker written in python that will do scans of web apps. COmmand line, not web, but pretty good - http://wapiti.sourceforge.net/