w3af is a Web Application Attack and Audit Framework. The w3af core and its plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much.
First install the latest version of w3af in your pc
Open your backtrack terminal and type
svn co //w3af.svn.sourceforge.net/svnroot/w3af/trunk w3af
In the console, type in help to look at the list of available commands
In the console, type plugins to Enable and configure plugins.
In the console, type Exploit to Exploit the Vulnerability.
In the console, type profiles to list and use scan profiles
In the console, type http-settings to configure the HTTP settings of the framework.
In the console, type misc-settings to configure w3af misc settings.
in the console, type target configure the target URL.
In the console, type versions to show w3af version information.
In the console, type keys to Display key shortcuts.