-
sonar.js
A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration combined with WebSockets and external resource fingerprinting.
-
Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Abuse a CSRF vulnerability on another site. If commenting on reddit is vulnerable to CSRF, and you visit my malicious website, then I could make you make reddit comments without your knowledge. There's a lot of interesting attacks that can be done with this in mind - maybe even fingerprinting your internal network.
I am pretty sure that there's a way to make an attack work with Responder and stealing network credential components via a webdav server. There's probably a few attacks that are specific to being on the same domain or LAN that we could come up with, but your scenario made it sound more like you were interested in a public website vs an arbitrary user visiting.