Ammonite

Ammonite is a security scanner extension for Fiddler that allows you to detect all the usual suspects including SQLi, XSS, file inclusion, buffer overflows etc. It has some pretty cool features I haven't seen elsewhere. My favs are exporting requests to python urllib2 code, breadth first vuln search, and scanner throttling. In breadth first search mode, the scanner only looks for the first instance of a vuln for a given session. This is great on a pentest where you don't have much time and want to get as deep as you can in the shortest possible time. Throttling is useful in a variety of scenarios but the most common one is where you are testing in an unstable environment and too many requests per second knock the thing over or make your results unreliable. It also fuzzes XML and JSON POST bodies which are now standard on most recently created apps.