The Google security team has released a free, open-source Web app security assessment tool. The tool is called Ratproxy, and can be found here:
Google describes it as a semi-automated, largely passive web application security audit tool— to automatically pinpoint, annotate, and prioritize potential flaws or areas of concern on the fly.
Ratproxy remains in Beta (like most Google's products, it may be in permanent beta :))
It is currently available as source code, and needs to be compiled before use. According to Google's information, it should successfully compile on Linux, FreeBSD, MacOS X, and Windows (with Cygwin) .
Shortinfosec will publish a review of Ratproxy use, so stay tuned
Talckback and comments are most welcome