Take it like a gift
Invoke-ACLPwn
Automates the discovery and pwnage of ACLs in Active Directory that are unsafe configure.
hakfindinternaldomains
Feed it a list of subdomains, it will resolve them and tell you which ones are internal.
HTTP Request Smuggler
Extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks.