Alternatives and similar repositories for metasecjs

Users that are interested in metasecjs are comparing it to the libraries listed below

• crawl3r / PortswiggerXSS

  View on GitHub
  gathers the XSS cheatsheet payloads and creates a usable wordlist
  ☆74Jan 4, 2021Updated 5 years ago
• hoodoer / postBasedXSS

  View on GitHub
  Demo of various ways to exploit post based reflected XSS
  ☆18Jul 6, 2023Updated 2 years ago
• abdilahrf / shania

  View on GitHub
  Scan secrets from Continuous Integration Build Logs
  ☆53Oct 14, 2019Updated 6 years ago
• lanmaster53 / cef

  View on GitHub
  Proof-of-concept CORS exploitation tool.
  ☆35Sep 7, 2019Updated 6 years ago
• dsecuredcom / yataf

  View on GitHub
  yataf extracts secrets and paths from files or urls - its best used against javascript files
  ☆52Sep 11, 2024Updated last year
• FSecureLABS / timeinator

  View on GitHub
  Timeinator is an extension for Burp Suite that can be used to perform timing attacks over an unreliable network such as the internet.
  ☆22May 9, 2023Updated 2 years ago
• mindedsecurity / graphqlschema2payload

  View on GitHub
  Reverse engineers GQL Schema and generates template payloads
  ☆46Apr 5, 2019Updated 6 years ago
• maK- / scanomaly-2years

  View on GitHub
  This is a web application fuzzer scanner - the goal was CLI flexibility and rapid prototyping
  ☆48Nov 12, 2019Updated 6 years ago
• TROUBLE-1 / Type-juggling

  View on GitHub
  Lab that will help you to understand how type juggling vulnerability works.
  ☆22Sep 23, 2020Updated 5 years ago
• ettic-team / EndpointFinder

  View on GitHub
  ☆53Dec 3, 2025Updated 2 months ago
• MilindPurswani / Syborg

  View on GitHub
  Recursive DNS Subdomain Enumerator with dead-end avoidance system (BETA)
  ☆146Apr 9, 2021Updated 4 years ago
• redhuntlabs / BurpSuite-Asset_Discover

  View on GitHub
  Burp Suite extension to discover assets from HTTP response.
  ☆231Jan 22, 2025Updated last year
• rahulkadavil / Buggyapp

  View on GitHub
  Buggyapp is an vulnerable android application. This app can be used by pentesters, security researchers to practice Android application p…
  ☆13Jun 4, 2022Updated 3 years ago
• teknogeek / ssrf-sheriff

  View on GitHub
  A simple SSRF-testing sheriff written in Go
  ☆336Oct 31, 2024Updated last year
• pwntester / ViewStatePayloadGenerator

  View on GitHub
  ViewState Payload Generator
  ☆27Aug 17, 2018Updated 7 years ago
• teknogeek / get_schemas

  View on GitHub
  Print out URL schemas from an Android app
  ☆128Feb 9, 2025Updated last year
• ameenmaali / wordlistgen

  View on GitHub
  Quickly generate context-specific wordlists for content discovery from lists of URLs or paths
  ☆239May 4, 2022Updated 3 years ago
• gand3lf / semgrepper

  View on GitHub
  An extension to use Semgrep inside Burp Suite.
  ☆89May 23, 2025Updated 8 months ago
• jtmelton / attack-surface-analyzer

  View on GitHub
  A tool for analyzing the attack surface of an application
  ☆19Mar 5, 2025Updated 11 months ago
• lc / hacks

  View on GitHub
  Repo of useful scripts
  ☆105Jun 30, 2020Updated 5 years ago
• almroot / dnsresolvers

  View on GitHub
  A bash script that fetches and maintains thousands of DNS resolvers
  ☆65Aug 24, 2020Updated 5 years ago
• defparam / h1stats

  View on GitHub
  a tool that compiles a csv of all h1 program stats
  ☆49Jul 2, 2023Updated 2 years ago
• dwisiswant0 / leakz-passive-workflow

  View on GitHub
  Caido's passive workflow to find potential leaked secrets, PII, and sensitive fields.
  ☆21Jan 13, 2025Updated last year
• gwen001 / graphql-introspection-analyzer

  View on GitHub
  Graphql introspection query analyzer.
  ☆18Mar 28, 2023Updated 2 years ago
• ollseg / ttt-ext

  View on GitHub
  Chrome extension to aid in finding DOMXSS by simple taint analysis of string values.
  ☆80Jun 1, 2019Updated 6 years ago
• pry0cc / jf

  View on GitHub
  A wrapper around jq, to help you parse jq output!
  ☆30Aug 23, 2020Updated 5 years ago
• random-robbie / Jira-Scan

  View on GitHub
  CVE-2017-9506 - SSRF
  ☆190Feb 14, 2022Updated 4 years ago
• nccgroup / tracy

  View on GitHub
  A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
  ☆558Mar 6, 2023Updated 2 years ago
• prodigysml / Dr.-Watson

  View on GitHub
  Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's yo…
  ☆218Oct 31, 2019Updated 6 years ago
• cablej / FileChangeMonitor

  View on GitHub
  Continuous monitoring for JavaScript files
  ☆225Dec 29, 2019Updated 6 years ago
• SilverPoision / Rock-ON

  View on GitHub
  Rock-On is a all in one Recon tool that will just get a single entry of the Domain name and do all of the work alone.
  ☆295Nov 30, 2019Updated 6 years ago
• arbazkiraak / LinksDumper

  View on GitHub
  Extract (links/possible endpoints) from responses & filter them via decoding/sorting
  ☆93Aug 27, 2019Updated 6 years ago
• dustyfresh / PHP-vulnerability-audit-cheatsheet

  View on GitHub
  This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabi…
  ☆361Mar 6, 2025Updated 11 months ago
• AlephNullSK / dnsgen

  View on GitHub
  DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intel…
  ☆1,044Jan 3, 2025Updated last year
• C0DEbrained / Stepper

  View on GitHub
  A natural evolution of Burp Suite's Repeater tool
  ☆200Feb 9, 2024Updated 2 years ago
• honoki / bbrf-client

  View on GitHub
  The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
  ☆642Jul 7, 2025Updated 7 months ago
• Sudistark / xss-writeups

  View on GitHub
  ☆41Oct 20, 2023Updated 2 years ago
• proabiral / inception

  View on GitHub
  A highly configurable Framework for easy automated web scanning
  ☆381Jul 13, 2020Updated 5 years ago
• random-robbie / cloud-cidr

  View on GitHub
  AWS,AZURE,GOOGLE CLOUD IP CIDRS
  ☆50Feb 14, 2022Updated 4 years ago