![](https://assets.offsec.tools/tools/msdat-2150.png) |
MSDAT |
Microsoft SQL database attacking tool. |
|
|
![](https://assets.offsec.tools/tools/ntlmrecon-1795.png) |
NTLMRecon |
Enumerate information from NTLM authentication enabled web endpoints. |
|
|
![](https://assets.offsec.tools/tools/wmeye-6914.gif) |
WMEye |
Post exploitation tool that uses WMI event filter and MSBuild execution for lateral movement. |
|
|
|
|
|
|
|
|
![](https://assets.offsec.tools/tools/dumpcreds-9890.png) |
dumpcreds |
May be used to extract various credentials from running processes. |
|
|
![](https://assets.offsec.tools/tools/vbad-6833.png) |
VBad |
VBA obfuscation tools combined with an MS Office document generator . |
|
|
|
|
![](https://assets.offsec.tools/tools/unix-privesc-check-5942.png) |
unix-privesc-check |
Shell script to check for simple privilege escalation vectors on Unix systems. |
|
|
![](https://assets.offsec.tools/tools/awsgoat-6552.png) |
AWSGoat |
A damn vulnerable AWS infrastructure. |
|
|
![](https://assets.offsec.tools/tools/azuregoat-9808.png) |
AzureGoat |
A damn vulnerable Azure infrastructure. |
|
|
![](https://assets.offsec.tools/tools/dvws-3398.png) |
DVWS |
Vulnerable application with a web service and an API. |
|
|
![](https://assets.offsec.tools/tools/vampi-7488.jpg) |
Vampi |
Vulnerable REST API with OWASP top 10 vulnerabilities for security testing. |
|
|
![](https://assets.offsec.tools/tools/dvca-1222.png) |
DVCA |
Damn vulnerable cloud application. |
|
|
![](https://assets.offsec.tools/tools/moniorg-9855.png) |
moniorg |
Leverage crt.sh website to monitor domains of a target. |
|
|