Experiments on GNU/Linux

skipfish - web application security scanner
"Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes."

Installing skipfish :

Get libidn
wget -qO - "http://ftp.gnu.org/gnu/libidn/libidn-1.18.tar.gz" | tar zxf - && cd cd libidn-1.18 && ./configure && make && sudo make install
Get skifish
wget http://skipfish.googlecode.com/files/skipfish-1.05b.tgz | tar zxf - && cd skipfish && make

Read the official wiki here