Nmap: nmap -sC --min-rate 1000 -oX out.xml—aggressive vuln scans.
Hashcat: hashcat -m 13100 -O kerbhash dict.txt—Kerberos TGS cracks.
Kali: airgeddon for WPA2 PSK dumps.
Cuckoo: API hooks—e.g., CreateRemoteThread tracing.
