![](https://assets.offsec.tools/tools/webpalm-4724.png) |
webpalm |
A tool that traverses a website and generates a tree of all the webpages and their links. |
|
|
![](https://assets.offsec.tools/tools/nanodump-9230.png) |
NanoDump |
A flexible tool that creates a minidump of the LSASS process. |
|
|
![](https://assets.offsec.tools/tools/hrekt-7908.png) |
hrekt |
A really fast HTTP prober. |
|
|
![](https://assets.offsec.tools/tools/subnerium-5482.png) |
subnerium |
A fast passive subdomain enumeration tool that uses various sources to gather data. |
|
|
![](https://assets.offsec.tools/tools/sharpsccm-3768.png) |
SharpSCCM |
A post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager. |
|
|
![](https://assets.offsec.tools/tools/go365-5581.png) |
Go365 |
Go365 performs user enumeration and password guessing attacks on organizations that use Office365. |
|
|
![](https://assets.offsec.tools/tools/haktrails-3047.png) |
haktrails |
Golang client for querying SecurityTrails API data. |
|
|
![](https://assets.offsec.tools/tools/msolspray-6530.png) |
MSOLSpray |
A password spraying tool for Microsoft Online accounts (Azure/O365). |
|
|
![](https://assets.offsec.tools/tools/s3cxsser-3022.png) |
s3cXSSer |
This extension will help you to detect GET/POST based XSS vulnerability in any website easily. |
|
|
![](https://assets.offsec.tools/tools/certmon-2181.png) |
certmon |
A simple certificate expiration monitor script. |
|
|
![](https://assets.offsec.tools/tools/pymeta-4757.png) |
Pymeta |
Search the web for files on a domain to download and extract metadata. |
|
|
![](https://assets.offsec.tools/tools/ctfd-9229.png) |
CTFd |
A Capture The Flag framework focusing on ease of use and customizability. |
|
|
![](https://assets.offsec.tools/tools/spidersuite-5284.gif) |
SpiderSuite |
Advanced web spider/crawler for cyber security professionals. |
|
|
![](https://assets.offsec.tools/tools/hakip2host-4614.png) |
hakip2host |
Takes a list of IP addresses then does a series of checks to return associated domain names. |
|
|
![](https://assets.offsec.tools/tools/hakoriginfinder-2675.png) |
hakoriginfinder |
Discover the origin host behind a reverse proxy, useful for bypassing cloud WAFs!. |
|
|
![](https://assets.offsec.tools/tools/hakfindinternaldomains-8655.png) |
hakfindinternaldomains |
Feed it a list of subdomains, it will resolve them and tell you which ones are internal. |
|
|
![](https://assets.offsec.tools/tools/haklistgen-1904.png) |
haklistgen |
Turns any junk text into a usable wordlist for brute-forcing. |
|
|
![](https://assets.offsec.tools/tools/powermeta-5437.png) |
PowerMeta |
Searches for publicly available files hosted on various websites for a particular domain. |
|
|