This page contains numerous tools that I have stumbled upon and have arbitrarily deemed useful
- Nmap - Port/ip/network scanning
- nc/netcat - anything TCP/IP related. Connections, listeners, etc
- msfconsole - db_nmap and others store information gathered for later attacks
- gobuster - alternative to dirbuster - brute force URIs (paths), DNS subdomains, Virtual Host names on webservers, open S3 buckets
- enum4linux - smb enumeration from a linux machine. Built into most kali distributions
- AMASS - open-source tool by OWASP to fully discover, map, and enumerate assets. DNS, certificates, APIs, etc.
- gsf-vba-dump - part if libgsf, vba macro extraction tool that runs on mac (brew install libgsf), works better that olevba
- impacket - python tools to pwn windows boxes (smb, ps, mimikatz, mysql)
- msfconsole - exploiting vulnerabilities with precrafted payloads
- PayloadsAllTheThings - every type of payload imaginable, including reverse shells in many languages
- mimikittenz - post-exploitation powershell tool to extract plain-text passwords from target processes.
- pwn - Python library for CTFs/Scripting, contains 'tubes' module which makes network sessions significantly easier than requests, with ssh, sockets, serial ports, etc
- Basecrack - identifies/decodes alphanumeric strings (i.e base64). Also is a stenography solver with "magic mode", saves time on unoriginal stenography challenges
- aperisolve - online stenography solving tool, displays color layers, zsteg, steghide, outguess, binwalk, exiftool, foremost, and more.
- ssconvert - (not steno-specific) can be used to extract hidden data from xlsx into readable formats (i.e
ssconvert infile.xlxs outfile.txt)
- diagrams.net - online, free, no signup required diagram/flowchart/etc tool. Useful for presenting topologies
- Active Directory Checklist - Comprehensive checklist of offensive active directory vectors (amp link)