evil-winrm
Ruby WinRM shell for pentesting: remote commands, file upload, Pass-the-Hash, and menu helpers.
Why it is included
Lightweight open alternative to heavier RDP when WinRM is exposed in scope.
Best for
Authorized Windows server testing over WinRM.
Strengths
- Simple UX
- PTH support
- Extensible
Limitations
- Requires WinRM exposure and valid creds in scope
Good alternatives
NetExec · PowerShell Remoting
Related tools
Security & Privacy
NetExec
Network post-exploitation Swiss Army knife for SMB/WinRM/LDAP/MSSQL/WMI—successor spirit to CrackMapExec.
Security & Privacy
Impacket
Python classes and scripts for low-level Windows network protocols (SMB, MSRPC, Kerberos, LDAP, etc.).
Security & Privacy
Responder
LLMNR/NBT-NS/mDNS poisoner and rogue server suite for credential capture in internal test networks.
Security & Privacy
Metasploit Framework
Modular exploitation framework with payloads, encoders, auxiliaries, and integration points for exploit development.
Security & Privacy
OWASP ZAP
OWASP flagship web app scanner and proxy: automated checks, manual request tampering, scripting, and CI integrations.
Security & Privacy
sqlmap
Automatic SQL injection and database takeover helper with fingerprinting, data exfiltration, and OS-shell paths.