I have been using Skipfish. Very impressive with the amount of requests it makes and presents the data in a nice user friendly web GUI. It takes quite a bit of time to sift through the results. Nonetheless, great for identifying potential injections, Cross-scripting vulnerabilities, login screens, "interesting" files, etc. Sometimes generates a handful of false positives, but then again, it could just be attributed to my lack of skill with verifying the vulnerabilities.
The BurpSuite is another great tool. Not sure if you have experimented with it yet.