EH-Net

I typically use Burp Spider and the BuiltWith Chrome Extension to map websites I'm testing.  Does anyone use anything else?  I'm always looking for new things to play around with.

I use Burp (the spider) as well, but Burp has several features, i.e. Discover Content, and even the Intruder, can be used to launch the wordlists DirBuster has. The OWASP DirBuster is however, quite fast most of the time for discovering well known content.

Nikto, is another web scanner that's good at finding common vulnerabilities, misconfigurations and even some content. (DirBuster is a lot more efficient.)

@MaXe what settings do you typically use for Dirbuster? Are you also using the raft wordlist

Wordlist: http://code.google.com/p/raft/downloads/detail?name=raft-wordlists-20110803.7z

I've only used Dirbuster once, I'll have to play around with it some more.

How accurate is nikto?  I've used it on 2 different servers and got a lot of false positives (PHP related issues on sites not running PHP!)

For me, I am working with
1. BurpSuite for web application crawling and mapping.
2. DirBuster for directory or file name enumeration.
3. HTTrack for saving some web contents in order to extract interesting metadata.
4. nikto for checking web server configuration
5. w3af for quick web application scanning

These activities pave a way to the next step.

......have you had issues doing authenticated scans with w3af?

What does it mean? If you meant the problem, my w3af often crashed during the scan.