Recording of the presentation is available via Twitch if you'd like to understand the context in which these tools were mentioned - https://www.twitch.tv/videos/513885075
InterLace - https://github.com/codingo/Interlace Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
FFuF - https://github.com/ffuf/ffuf Fast web fuzzer written in Go.
RecurseBuster - https://github.com/C-Sto/recursebuster Rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments.
https://github.com/hakluke/weaponised-XSS-payloads XSS payloads designed to turn alert(1) into P1
https://github.com/hoodoer/WP-XSS-Admin-Funcs JavaScript functions intended to be used as an XSS payload against a WordPress admin account.
DNSValidator - https://github.com/vortexau/dnsvalidator Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.
DNSGrep - https://github.com/erbbysam/DNSGrep Quickly Search Large DNS Datasets
findomain - https://github.com/Edu4rdSHL/findomain The fastest and cross-platform subdomain enumerator, don't waste your time.
KeyHacks - https://github.com/streaak/keyhacks Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
secretz - https://github.com/lc/secretz Minimizing the large attack surface of Travis CI.
Dr.Watson - https://github.com/prodigysml/Dr.-Watson Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's your very own discovery side kick, the Dr. Watson to your Sherlock!
Jenkinz - https://github.com/lc/jenkinz jenkinz is a tool to retrieve every build for every job ever created and run on a given Jenkins instance.
jLoot - https://github.com/netspooky/jLoot JIRA Secure Attachment Looter
Can I Take Over List - https://github.com/EdOverflow/can-i-take-over-xyz "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Cloud_enum - https://github.com/initstring/cloud_enum Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.