Related link: http://oedipus.rubyforge.org
A friend and old colleague of mine has been working on a tool for penetration testing and exploitation of web applications for quite a while now and he has recently released it publicly. It is called Oedipus, and it is available on Rubyforge here.
The reporting functionality is pretty basic at the moment, but the testing framework seems pretty robust. The entire thing is written in Ruby, and is designed on a modular plugin basis to enable easy maintenance and extension. I’ll probably be covering more on it sometime soon… he is working on a GUI, so I am looking forward to that too.