Nikto - An Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including vulnerabilities and misconfigurations.
Clickjack Testing - HTML pages to quickly test the validity of site framing/click-jacking.
lw_build_req - A PERL script to build valid LibWhisker PERL code from raw HTTP headers.
CMS-Explorer - Discover plugins and themes installed on popular content management systems.
DAVTest - Test and exploit WebDAV enabled servers.
Nessus Plugins - Plugins for the Nessus security scanner.
MP3 Duplicate Finder - Find MP3 file duplicates based on the audio content's hash.
pjl-file - A script to act like an FTP front end to PCL/PJL compatible printers.
CMS Explorer - Figure out the installed components on Content Management System sites.
Click Jacking Test Page - A visual demonstration of click jacking suitable for screen shots in reports.
SVN cloner - For when people check out their subversion repo directly into web root.
htmap - An nmap styled scanner that looks for HTTP ports.
YaHa - An experiment in brute-force HTTP authentication. Fully working code, and perhaps a jumpstart for someone's larger application.