Metagoofil alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

100

Alternative: CIRCLean

CIRCLean is a hardware solution to clean documents from untrusted USB drives and sticks. The device automatically disarms harmful documents.

Project details

CIRCLean is written in shell script.

Strengths

  • + The source code of this software is available

Typical usage

  • data sanitizing
  • data transfers

CIRCLean project page

60

Alternative: PCredz

PCredz is a tool to extract sensitive data from pcap files like credit card numbers, session information, and authentication details.

Project details

PCredz is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • data extraction

PCredz project page

85

Alternative: swap_digger

The swap_digger tool helps with extracting sensitive data from a mounted swap partition. It can be used for forensics, post exploitation, or data discovery.

Project details

swap_digger is written in shell script.

Strengths

  • + The source code of this software is available

Typical usage

  • data extraction
  • information gathering
  • penetration test

swap_digger project page

85

Alternative: Xplico

Xplico is a forensics analysis tool to investigate the traffic patterns in a pcap file. It is released as a GPL project, with some scripts under a CC license.

With Xplico analysis can be performed on captured internet traffic. The data stored in a pcap file can then be displayed and the related protocol data can be extracted from the capture file. This may include emails, HTTP sessions, VoIP calls, or anything that can be recognized and stored.

84

Alternative: Belati

Belati is security tool to collect public data and information and calls itself a Swiss army knife for OSINT purposes.

Project details

Belati is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • information gathering

Belati project page

85

Alternative: dirsearch

Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

Project details

dirsearch is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

dirsearch project page

64

Alternative: DirSearch (Go)

DirSearch is a scanning tool to find directories and files on web applications. It is a remake of the dirsearch tool that was created by Mauro Soria.

Project details

DirSearch (Go) is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

DirSearch (Go) project page

84

Alternative: Gitem

Gitem is a reconnaissance tool to extract information about organizations on GitHub. It can be used to find the leaking of sensitive data.

Project details

Gitem is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • security assessment
  • security monitoring
  • self-assessment

Gitem project page

76

Alternative: Gitrob

Gitrob is a security tool to find sensitive information on GitHub. During the audit, it may detect passwords, API keys, or other secrets.

Project details

Gitrob is written in Ruby.

Strengths

  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

Gitrob project page

100

Alternative: osquery

The osquery tool allows querying your Linux, Windows, and macOS infrastructure. It can help with intrusion detection, infrastructure reliability, or compliance.

Project details

osquery is written in C++, Python.

Strengths

  • + More than 100 contributors
  • + More than 9000 stars
  • + The source code of this software is available
  • + Supported by a large company

Typical usage

  • compliance testing
  • information gathering
  • security monitoring

osquery project page

64

Alternative: OSRFramework

OSRFramework is an open source research framework. The project helps with information gathering and can be classified as an OSINT tool.

Project details

OSRFramework is written in Python.

Strengths

  • + Available as package (simplified installation)
  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available

Typical usage

  • information gathering

OSRFramework project page

89

Alternative: SearchSploit

Exploit-DB's CLI search tool to find any exploits from the database. The tool is written in shell script and maintained by Offensive Security.

Project details

SearchSploit is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - Full name of author is unknown

Typical usage

  • information gathering
  • penetration test

SearchSploit project page

56

Alternative: theHarvester

theHarvester is a tool to gather email accounts, subdomains, virtual hosts, open ports, banners, and employee names. It uses different public sources.

This tool is a typical information collection tool to retrieve public data and get it all into one place. It is useful for penetration tests, or if you want to see what is available for your company.

64

Alternative: web-hunter

Web-hunter is a tool to crawl search engines like Google and Bing to find emails, sub domains, and URLs associated with a specified target domain.

Project details

web-hunter is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering

web-hunter project page

64

Alternative: weblocator

The weblocator security tool performs a discovery search to find directories and files. This can be useful for penetration tests to find sensitive data.

Project details

weblocator is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • penetration test
  • security assessment

weblocator project page

67

Alternative: MAT (Metadata Anonymisation Toolkit)

MAT is a privacy tool to remove metadata from files. This enhances your privacy levels by removing those bits of data that may store sensitive information.

Project details

MAT is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • privacy enhancement

MAT project page

74

Alternative: peepdf

peepdf is a tool to explore a PDF file in order to find out if the file can be harmful or not. It helps security researchers in simplifying the analysis of PDF

With peepdf it's possible to see all the objects in the document. It shows suspicious elements and supports the most used filters and encodings. It can also parse different versions of a file, object streams, and encrypted files. With the installation of PyV8 and Pylibemu it provides Javascript and shellcode analysis wrappers too. Apart of this, it is able to create new PDF files, modify existent ones, and obfuscate them.

Project details

peepdf is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • digital forensics

peepdf project page

56

Alternative: Admin Page Finder (PHP)

Admin Page Finder is a tool written in PHP to find admin sections within a website. It can be used during pentesting and security assessments.

Project details

Admin Page Finder (PHP) is written in PHP.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Unknown project license

Typical usage

  • penetration test
  • reconnaissance

Admin Page Finder (PHP) project page

64

Alternative: DorkNet

DorkNet helps with the discovery of vulnerable web apps. It is a script written in Python that leverages Selenium.

Project details

DorkNet is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • vulnerability scanning
  • web application analysis

DorkNet project page

84

Alternative: hsecscan (hsecscan)

hsecscan performs a security scan of a website and analyses any discovered HTTP headers. For each header, it will provide details and recommendations.

The hsecscan utility is written in Python and opens a connection (via HTTP or HTTPS) to the related web server. It will return all headers found and includes an explanation of what each header does. Any security recommendations are listed as well.

Project details

hsecscan is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • learning
  • penetration test
  • security assessment
  • web application analysis

hsecscan project page

64

Alternative: shcheck (Security Header Check)

Security header check (shcheck) is a security tool to scan web applications and their HTTP headers. It can help securing web applications or detect weaknesses.

Project details

shcheck is written in Python.

Strengths

  • + Very low number of dependencies
  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available

Typical usage

  • application security
  • web application analysis

shcheck project page

85

Alternative: SSLyze

SSLyze provides a library for scanning services that use SSL/TLS for encrypted communications. It can be used to test their implementation.

78

Alternative: XSS Hunter

XSS Hunter helps with finding XSS attacks and trigger a warning when one is succesful. It exists as an online service, or self-hosted installation.

By using a specific link, XSS Hunter can see when some attack successfully is triggered. It will then store information like the vulnerable page's URI, referer, HTML DOM, the screenshot of page, and cookies. Regarding the victim, it stores the IP address and the user agent.