A command-line installer for Windows
https://scoop.sh/

The Package Manager for Windows
https://chocolatey.org/  

Using a specific shell
https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell

Available Environments
https://github.com/actions/virtual-environments

the Sam Spade utility provides all these tools and more in a graphical user interface.
assist in determining the source of Internet traffic. These tools include: whois,traceroute, finger, ping, and nslookup
https://www.sans.org/reading-room/whitepapers/tools/sam-spade-934
Hyena is designed to both simplify and centralize nearly all of the day-to-day management tasks, while providing new capabilities for system administration
https://www.systemtools.com/hyena/
TaskShell, enumeration, recon
https://github.com/RiccardoAncarani/TaskShell
SSDP Service Discovery
https://github.com/rvrsh3ll/SharpSSDP
Open source Active Directory security audit framework
https://github.com/airbus-seclab/bta

UAC-bypass
https://github.com/winscripting/UAC-bypass
Powershell SAP assessment tool
https://github.com/airbus-seclab/powersap

W3af is an extremely popular, powerful, and flexible framework for finding and exploiting web application vulnerabilities
skipfish is an active web application security reconnaissance tool
Wfuzz is a tool for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforcing GET and POST parameters for different kinds of injections (SQL, XSS, LDAP, etc.), bruteforcing form parameters (user/password), fuzzing
Wapiti allows you to audit the security of your web applications
https://sectools.org/tag/fuzzers/
An extension for the original Fiddler web debugger to analyze malicious web traffic
https://github.com/malwareinfosec/EKFiddle
Burp Suite Community Edition,manual tools for exploring web security. Proxy your HTTPS traffic, edit and repeat requests, decode data
https://portswigger.net/burp/communitydownload
Hetty is an HTTP toolkit for security research
https://github.com/dstotijn/hetty
WinDump is the Windows version of tcpdump
https://www.winpcap.org/windump/default.htm

cpu_rec is a tool that recognizes cpu instructions in an arbitrary binary file. It can be used as a standalone tool, or as a plugin for binwalk
https://github.com/airbus-seclab/cpu_rec
Firmware Analysis Tool 
https://github.com/ReFirmLabs/binwalk
Debugging Tools for Windows 10 (WinDbg)
https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools  
GRR Rapid Response: remote live forensics for incident response
https://github.com/google/grr
Command line interface to dump LSASS memory to disk via SilentProcessExit 
https://github.com/deepinstinct/LsassSilentProcessExit

builds Windows 2012R2/10/2016/2019 base Vagrant boxes using Packer and VirtualBox/Hyper-V/libvirt/qemu
https://github.com/rgl/windows-vagrant

GitHub’s official command line tool
https://github.com/cli/cli

https://github.com/eshlomo1/Microsoft-365-for-IT-and-Security  
https://github.com/Vet-2-tech/Office365-Security-Compliance-Screen-Scrapping-Checklist  
https://github.com/cscannell-inacloud/Office365-Security-Docs/tree/AndreaBarr-patch-1/SecurityCompliance  
https://github.com/diogo-fernan/powershell-ad-office365  
Elastic Beat for fetching and shipping Office 365 audit events 
https://github.com/counteractive/o365beat  
https://github.com/londonc/LMC-PSC  
Gets events from the Office 365 unified audit log and outputs their details into the pipeline
https://github.com/counteractive/Get-UnifiedAuditLog  
Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover v1, or office.com login page
https://github.com/gremwell/o365enum