XSS and SQLI Website Vunerabilities

Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.

http://pixybox.seclab.tuwien.ac.at/pixy/index.php