Imminent Monitor
[Imminent Monitor] was a commodity remote access tool (RAT) offered for sale from 2012 until 2019, when an operation was conducted to take down the Imminent Monitor infrastructure. Various cracked versions and variations of this RAT are still in circulation.(Citation: Imminent Unit42 Dec2019)
Ruler
[Ruler] is a tool to abuse Microsoft Exchange services. It is publicly available on GitHub and the tool is executed via the command line. The creators of [Ruler] have also released a defensive tool, NotRuler, to detect its usage.(Citation: SensePost Ruler GitHub)(Citation: SensePost NotRuler)
Forfiles
[Forfiles] is a Windows utility commonly used in batch jobs to execute commands on one or more selected files or directories (ex: list all directories in a drive, read the first line of all files created yesterday, etc.). Forfiles can be executed from either the command line, Run window, or batch files/scripts. (Citation: Microsoft Forfiles Aug 2016)
Winexe
[Winexe] is a lightweight, open source tool similar to [PsExec](https://attack.mitre.org/software/S0029) designed to allow system administrators to execute commands on remote servers. (Citation: Winexe Github Sept 2013) [Winexe] is unique in that it is a GNU/Linux based client. (Citation: Überwachung APT28 Forfiles June 2015)
MCMD
[MCMD] is a remote access tool that provides remote command shell capability used by [Dragonfly 2.0](https://attack.mitre.org/groups/G0074).(Citation: Secureworks MCMD July 2019)
Nltest
[Nltest] is a Windows command-line utility used to list domain controllers and enumerate domain trusts.(Citation: Nltest Manual)
MailSniper
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms h the mailboxes of every user in a domain.(Citation: GitHub MailSniper)
sqlmap
[sqlmap] is an open source penetration testing tool that can be used to automate the process of detecting and exploiting SQL injection flaws. (Citation: sqlmap Introduction)
pwdump
[pwdump] is a credential dumper. (Citation: Wikipedia pwdump)
Responder
Responder is an open source tool used for LLMNR, NBT-NS and MDNS poisoning, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.