โกZap
https://www.zaproxy.org/docs/
Automated Web Site Scan
put textbox URL to attack -> http://testphp.vulnweb.com
check use traditional spider
click on attack button
After scan, clicking on the Spider section we can see all URL/path of web site scanned.
While, clicking on the Alerts sections we ca see the vulnerabilities that're found and theirs relative methods (POST or GET):
Absence of Anti-CSRF;
SQL Injection.
Additional References:
Last updated