OWASP ZAP

Open-source dynamic application security testing proxy for finding web app vulnerabilities.