I stumbled upon this tool while following a link to a website that performs passive scans on various content management systems.  Instead of keeping their scanning technique a mystery, they list a bunch of open source tools that they leverage in parallel.  In addition to Joomscan which is something I already use, they mentioned JoomlaVS. 

The description states:  "JoomlaVS is a Ruby application that can help automate assessing how vulnerable a Joomla installation is to exploitation. It supports basic finger printing and can scan for vulnerabilities in components, modules and templates as well as vulnerabilities that exist within Joomla itself."

EmailGen (found here) is an email harvester that was based off of another tool but simplified.  Those are my words, not those of the maker.  Prior to using this tool, you could setup a free Hunter.io account and use the API but that is not necessary.

It's been some time since I've been on HTB.  Mostly because I tried to get as far as I could in a month on TryHackMe.  I made it to #73 overall and then I stopped so I'm sure I've fallen a bit since then.  TryHackMe is a good platform to round out your knowledge and it's quite a bit more friendly than say HTB.  That being said, this box, Celestial, is straightforward which is atypical for HTB.  Not only that, the low privilege shell is an attack I don't think I've performed previously.  Maybe there's something on Pentesterlab and when I'm done, I'm going to check it out to confirm or deny.