ITT post a tool or tools you find useful when attacking, maintaining access, bug hunting, recon or whatever else. I'll start:
Weevely3 is my favourite out of the box PHP/.htaccess web shell. Its payload is very small and you can sneak it in to many places and has many features that make the job faster, especially with its pivoting functionality
and lastly its modular allowing easy creation and sharing of new functionality such as adding privilege escalation methods and automated further backdoor and persistent access creation.
https://github.com/epinna/weevely3