Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
☆749Apr 12, 2022Updated 4 years ago
Alternatives and similar repositories for assessment-mindset
Users that are interested in assessment-mindset are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,794Apr 26, 2024Updated last year
- This script is intended to automate your reconnaissance process in an organized fashion☆2,030Aug 19, 2021Updated 4 years ago
- List of Awesome Asset Discovery Resources☆2,466Jan 22, 2025Updated last year
- A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.☆557Mar 6, 2023Updated 3 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,485Oct 12, 2024Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- A collection of custom security tools for quick needs.☆3,287May 1, 2023Updated 2 years ago
- A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, al…☆2,188Dec 11, 2022Updated 3 years ago
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, al…☆1,285Aug 18, 2025Updated 7 months ago
- Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]☆304Oct 14, 2018Updated 7 years ago
- CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.☆136Sep 25, 2019Updated 6 years ago
- This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtu…☆628Feb 5, 2019Updated 7 years ago
- A curated list of amazingly awesome Burp Extensions☆3,391Feb 17, 2026Updated last month
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆355Oct 14, 2020Updated 5 years ago
- ☆2,320Dec 8, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.☆397Apr 17, 2020Updated 5 years ago
- A collection of tools to perform searches on GitHub.☆1,481Feb 9, 2023Updated 3 years ago
- A tool to capture all the git secrets by leveraging multiple open source git searching tools☆1,140Jun 25, 2019Updated 6 years ago
- Organize your API security assessment by using MindAPI. It's free and open for community collaboration.☆867Sep 22, 2025Updated 6 months ago
- Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.☆472Nov 14, 2019Updated 6 years ago
- A list of interesting payloads, tips and tricks for bug bounty hunters.☆6,416Sep 14, 2023Updated 2 years ago
- Multi Tool Subdomain Enumeration☆723Apr 11, 2021Updated 5 years ago
- This tool can be used to brute discover GET and POST parameters☆1,393Aug 24, 2019Updated 6 years ago
- A script to set up a quick Ubuntu 17.10 x64 box with tools I use.☆1,235Jul 3, 2024Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- A tool to hunt for publicly accessible DigitalOcean Spaces☆156Jan 21, 2020Updated 6 years ago
- "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.☆5,624Feb 8, 2025Updated last year
- A Tool for Domain Flyovers☆5,921May 22, 2022Updated 3 years ago
- Note: Going through a full re-write of the tooling so the current versions in the repo do not work!☆416May 18, 2020Updated 5 years ago
- Penetration tests guide based on OWASP including test cases, resources and examples.☆2,780Mar 23, 2022Updated 4 years ago
- Generates lists of live hosts and URLs for targeting, automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts a…☆367Jul 23, 2022Updated 3 years ago
- DNS Takeover tool written in Go☆2,046Mar 16, 2026Updated 3 weeks ago
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…☆3,913Sep 27, 2021Updated 4 years ago
- Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.☆65Feb 26, 2019Updated 7 years ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Generates permutations, alterations and mutations of subdomains and then resolves them☆2,483Jan 9, 2025Updated last year
- A small tool that extracts relative URLs from a file.☆768Sep 23, 2020Updated 5 years ago
- The Bug Hunters Methodology☆4,273Aug 1, 2023Updated 2 years ago
- This repository contains all the supplement material for the book "The art of sub-domain enumeration"☆663Jan 30, 2019Updated 7 years ago
- The Swiss Army knife for automated Web Application Testing☆2,328May 8, 2024Updated last year
- You can read the writeup on this script here☆272Jul 12, 2020Updated 5 years ago
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…☆1,030Feb 5, 2021Updated 5 years ago