A few SQL and XSS attack tools
Inspired but not based on the popular tool SQLmap, SQLi is a SQL vulnerability checker and a database takeover tool
xfuzz is a Python script to check for cross-site scripting attacks and what payload is used to cleanly break out of the code. xfuzz takes care of crafting the payload for you by first detecting the location of the parameter reflection, then using a number of tests to determine what payload is needed.
xfuzz-simple is a simple, more easier and clean way for the pentesters that just want the payload and no extra details. (same as xfuzz, but with less detail)
Xss.py checks for cross-site scripting attacks in websites and reports it back to you.
sql.py checks for cross-site scripting attacks in websites and reports it back to you.