skipfish - Google's Free Web Security Testing Tool
As stated within their own documentation the primary design goals are to be high-performance, easy to use, and employ well designed security checks. I will be comparing this tool to several other tools including AppScan, BurpSuite, and several others, and providing some findings of my own.
Thanks again Google / Michael, this type of continued support helps us and our clients find and fix vulnerabilities!
Update 1: redspin has a bit of an initial writeup on it.
Update 2: Simple instructions for 10.6.2 OSX install:
a) download and unpack both skipfish and libidn.
b) ./configure and make libidn
c) select a dictionary that you want to use for bruteforcing server resources (these are used to find server resources not linked from the applications being assessed). Copy the selected file to the root skipfish directory as skipfish.wl
d) make skipfish
e) run skipfish with selected options: skipfish -h for a list.