Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
☆759Apr 12, 2022Updated 4 years ago
Alternatives and similar repositories for assessment-mindset
Users that are interested in assessment-mindset are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,807Apr 26, 2024Updated 2 years ago
- This script is intended to automate your reconnaissance process in an organized fashion☆2,035Aug 19, 2021Updated 4 years ago
- List of Awesome Asset Discovery Resources☆2,645Jan 22, 2025Updated last year
- A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.☆558Mar 6, 2023Updated 3 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,498Oct 12, 2024Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A collection of custom security tools for quick needs.☆3,301May 1, 2023Updated 3 years ago
- A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, al…☆2,189Dec 11, 2022Updated 3 years ago
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, al…☆1,298Aug 18, 2025Updated 9 months ago
- Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]☆306Oct 14, 2018Updated 7 years ago
- A curated list of amazingly awesome Burp Extensions☆3,423Feb 17, 2026Updated 3 months ago
- CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.☆136Sep 25, 2019Updated 6 years ago
- This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtu…☆633Feb 5, 2019Updated 7 years ago
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆357Oct 14, 2020Updated 5 years ago
- ☆2,322Updated this week
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.☆397Apr 17, 2020Updated 6 years ago
- A collection of tools to perform searches on GitHub.☆1,495Feb 9, 2023Updated 3 years ago
- A list of interesting payloads, tips and tricks for bug bounty hunters.☆6,494Sep 14, 2023Updated 2 years ago
- A tool to capture all the git secrets by leveraging multiple open source git searching tools☆1,141Jun 25, 2019Updated 6 years ago
- Organize your API security assessment by using MindAPI. It's free and open for community collaboration.☆873May 27, 2026Updated 2 weeks ago
- Multi Tool Subdomain Enumeration☆723Apr 11, 2021Updated 5 years ago
- This tool can be used to brute discover GET and POST parameters☆1,395Aug 24, 2019Updated 6 years ago
- A script to set up a quick Ubuntu 17.10 x64 box with tools I use.☆1,239Jul 3, 2024Updated last year
- A tool to hunt for publicly accessible DigitalOcean Spaces☆157Jan 21, 2020Updated 6 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.☆5,730Feb 8, 2025Updated last year
- A Tool for Domain Flyovers☆5,940May 22, 2022Updated 4 years ago
- Note: Going through a full re-write of the tooling so the current versions in the repo do not work!☆416May 18, 2020Updated 6 years ago
- Generates permutations, alterations and mutations of subdomains and then resolves them☆2,502Jan 9, 2025Updated last year
- Penetration tests guide based on OWASP including test cases, resources and examples.☆2,802Mar 23, 2022Updated 4 years ago
- Generates lists of live hosts and URLs for targeting, automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts a…☆367Jul 23, 2022Updated 3 years ago
- DNS Takeover tool written in Go☆2,088Mar 16, 2026Updated 3 months ago
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…☆3,948Sep 27, 2021Updated 4 years ago
- Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.☆65Feb 26, 2019Updated 7 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- A small tool that extracts relative URLs from a file.☆768Sep 23, 2020Updated 5 years ago
- The Bug Hunters Methodology☆4,356Aug 1, 2023Updated 2 years ago
- This repository contains all the supplement material for the book "The art of sub-domain enumeration"☆663Jan 30, 2019Updated 7 years ago
- The Swiss Army knife for automated Web Application Testing☆2,346May 8, 2024Updated 2 years ago
- You can read the writeup on this script here☆273Jul 12, 2020Updated 5 years ago
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…☆1,033Feb 5, 2021Updated 5 years ago
- Compilation of JavaScript XSS oneliners payloads that rocks your nuts!☆24Jul 14, 2017Updated 8 years ago