Google Firing Range is an automated Web Application Security Scanner.
Version 0.42, which was released Tuesday checks for
- Address DOM XSS
- Redirect XSS
- Reflected XSS
- Tag based XSS
- Escaped XSS
- Remote inclusion XSS
- DOM XSS
- CORS related vulnerabilities
- Flash Injection
- Mixed content
- Reverse ClickJacking
It is available here on GitHub