Google released Ratproxy – passive web application security assessment tool. It is released under terms and conditions of the Apache License, version 2.0.
Here is Google’s description of tool:
Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.