Thank you Muhammad!

It really depends on the framework, but I used to use brakeman a lot (for Ruby on Rails) and I like it.

Keep in mind that commercials tools that support multiple languages, might work great with language X but awful with language Y.

So if you get recommendations to use a commercial tool, make sure that that recommendation applies to the language/framework you have.