We recently had an attack on one of our web applications and following the logs led me to Burp Suite https://portswigger.net/ I wasn't aware that automated tools like this existed and I would be interested in running one across our suite of web applications. Any recommendations? Thanks in advance.