W3af, the Web application attack and audit framework is a version of Metasploit, covering Web applications. W3af is used to exploit Web applications and presents information regarding vulnerabilities, supporting the penetration testing process. W3af consists of two main parts -- the core and plugins. Custom plugins can be written, with inter-plugin communication dealt with by the knowledge base. There is a provision for saving scan reports to text files for later reference.
You can download this tool here.