A command-line installer for Windows
https://scoop.sh/
The Package Manager for Windows
https://chocolatey.org/
Using a specific shell
https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell
Available Environments
https://github.com/actions/virtual-environments
the Sam Spade utility provides all these tools and more in a graphical user interface.
assist in determining the source of Internet traffic. These tools include: whois,traceroute, finger, ping, and nslookup
https://www.sans.org/reading-room/whitepapers/tools/sam-spade-934
Hyena is designed to both simplify and centralize nearly all of the day-to-day management tasks, while providing new capabilities for system administration
https://www.systemtools.com/hyena/
TaskShell, enumeration, recon
https://github.com/RiccardoAncarani/TaskShell
SSDP Service Discovery
https://github.com/rvrsh3ll/SharpSSDP
Open source Active Directory security audit framework
https://github.com/airbus-seclab/bta
UAC-bypass
https://github.com/winscripting/UAC-bypass
Powershell SAP assessment tool
https://github.com/airbus-seclab/powersap
W3af is an extremely popular, powerful, and flexible framework for finding and exploiting web application vulnerabilities
skipfish is an active web application security reconnaissance tool
Wfuzz is a tool for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforcing GET and POST parameters for different kinds of injections (SQL, XSS, LDAP, etc.), bruteforcing form parameters (user/password), fuzzing
Wapiti allows you to audit the security of your web applications
https://sectools.org/tag/fuzzers/
An extension for the original Fiddler web debugger to analyze malicious web traffic
https://github.com/malwareinfosec/EKFiddle
Burp Suite Community Edition,manual tools for exploring web security. Proxy your HTTPS traffic, edit and repeat requests, decode data
https://portswigger.net/burp/communitydownload
Hetty is an HTTP toolkit for security research
https://github.com/dstotijn/hetty
WinDump is the Windows version of tcpdump
https://www.winpcap.org/windump/default.htm
cpu_rec is a tool that recognizes cpu instructions in an arbitrary binary file. It can be used as a standalone tool, or as a plugin for binwalk
https://github.com/airbus-seclab/cpu_rec
Firmware Analysis Tool
https://github.com/ReFirmLabs/binwalk
Debugging Tools for Windows 10 (WinDbg)
https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools
GRR Rapid Response: remote live forensics for incident response
https://github.com/google/grr
Command line interface to dump LSASS memory to disk via SilentProcessExit
https://github.com/deepinstinct/LsassSilentProcessExit
vagrant
builds Windows 2012R2/10/2016/2019 base Vagrant boxes using Packer and VirtualBox/Hyper-V/libvirt/qemu
https://github.com/rgl/windows-vagrant
GitHub’s official command line tool
https://github.com/cli/cli
office365
https://github.com/eshlomo1/Microsoft-365-for-IT-and-Security
https://github.com/Vet-2-tech/Office365-Security-Compliance-Screen-Scrapping-Checklist
https://github.com/cscannell-inacloud/Office365-Security-Docs/tree/AndreaBarr-patch-1/SecurityCompliance
https://github.com/diogo-fernan/powershell-ad-office365
Elastic Beat for fetching and shipping Office 365 audit events
https://github.com/counteractive/o365beat
https://github.com/londonc/LMC-PSC
Gets events from the Office 365 unified audit log and outputs their details into the pipeline
https://github.com/counteractive/Get-UnifiedAuditLog
Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover v1, or office.com login page
https://github.com/gremwell/o365enum