I know this seems like an odd query, as what is the point if there is no connection between the server and the web. However, there IS a good use case for seeking something I can download, and run on one or more of my workstations to scan one of my servers. You see, I write a lot of Perl code to create dynamic content for an number of websites, and, obviously, I have a number of test web servers on which I test this code. I need an automated method to test both the configuration of these test websites and the security of the code I have written (and, of course, what I learn from applying such a tool to my development websites would determine how my production websites are configured and coded).
I know that Qualys SSL Labs - Projects / SSL Server Test tests public servers, which is of utility for those that own the websites, but that does not help developers who must write secure code and who needs a rigorous, automated means of testing their product BEFORE releasing it to the world. Is there anything that supports this use case (ideally open source)? Even better would be something I can invoke from a Perl script, (analogous to the Perl profiler: nytprof), which produces a report that is viewable within a browser: if something like this exists, it could be readily incorporated into automated testing and profiling; something every coder would appreciate.
As an aside, almost worthy of a second query, is the question of whether or not your test page does enough rigourous penetration testing to provide guidance in obtaining PCI compliance certification (for ecommerce): and does the report it produces provide information adequate to determine how to correct any detected vulnerabilities?