A few of the things I use when pentesting webapps, mostly.

clickjack tester

xss helpers

payloads db