Tools

Bettercap - The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.

BloodHound - Easily identify highly complex attack paths that would otherwise be impossible to quickly identify.

Cobalt Strike - Software for Adversary Simulations and Red Team Operations.

CrackMapExec - Post-exploitation tool that helps automate assessing the security of large Active Directory networks.

Empire - PowerShell and Python post-exploitation agent.

Koadic - Windows post-exploitation rootkit

Legion - Semi-automated network penetration testing tool.

Merlin - Cross-platform post-exploitation HTTP/2 Command & Control server and agent

smbspider.py - Spiders SMB Shares.

SPartan - Sharepoint and Frontpage fingerprinting and attack tool.

Sublist3r - Enumerates subdomains.