Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
☆759Apr 12, 2022Updated 4 years ago
Alternatives and similar repositories for assessment-mindset
Users that are interested in assessment-mindset are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,807Apr 26, 2024Updated 2 years ago
- This script is intended to automate your reconnaissance process in an organized fashion☆2,035Aug 19, 2021Updated 4 years ago
- List of Awesome Asset Discovery Resources☆2,693Jan 22, 2025Updated last year
- A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.☆559Mar 6, 2023Updated 3 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,507Oct 12, 2024Updated last year
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- A collection of custom security tools for quick needs.☆3,306May 1, 2023Updated 3 years ago
- A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, al…☆2,192Dec 11, 2022Updated 3 years ago
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, al…☆1,300Aug 18, 2025Updated 10 months ago
- Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]☆306Oct 14, 2018Updated 7 years ago
- A curated list of amazingly awesome Burp Extensions☆3,420Feb 17, 2026Updated 4 months ago
- CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.☆135Sep 25, 2019Updated 6 years ago
- This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtu…☆632Feb 5, 2019Updated 7 years ago
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆358Oct 14, 2020Updated 5 years ago
- ☆2,322Jun 10, 2026Updated 3 weeks ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.☆397Apr 17, 2020Updated 6 years ago
- A collection of tools to perform searches on GitHub.☆1,494Feb 9, 2023Updated 3 years ago
- A list of interesting payloads, tips and tricks for bug bounty hunters.☆6,499Sep 14, 2023Updated 2 years ago
- A tool to capture all the git secrets by leveraging multiple open source git searching tools☆1,142Jun 25, 2019Updated 7 years ago
- Organize your API security assessment by using MindAPI. It's free and open for community collaboration.☆875May 27, 2026Updated last month
- Multi Tool Subdomain Enumeration☆722Apr 11, 2021Updated 5 years ago
- This tool can be used to brute discover GET and POST parameters☆1,396Aug 24, 2019Updated 6 years ago
- A script to set up a quick Ubuntu 17.10 x64 box with tools I use.☆1,240Jul 3, 2024Updated 2 years ago
- A tool to hunt for publicly accessible DigitalOcean Spaces☆157Jan 21, 2020Updated 6 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.☆5,750Feb 8, 2025Updated last year
- A Tool for Domain Flyovers☆5,947May 22, 2022Updated 4 years ago
- Note: Going through a full re-write of the tooling so the current versions in the repo do not work!☆417May 18, 2020Updated 6 years ago
- Generates permutations, alterations and mutations of subdomains and then resolves them☆2,499Jan 9, 2025Updated last year
- Penetration tests guide based on OWASP including test cases, resources and examples.☆2,807Mar 23, 2022Updated 4 years ago
- Generates lists of live hosts and URLs for targeting, automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts a…☆366Jul 23, 2022Updated 3 years ago
- DNS Takeover tool written in Go☆2,100Mar 16, 2026Updated 3 months ago
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…☆3,954Sep 27, 2021Updated 4 years ago
- Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.☆65Feb 26, 2019Updated 7 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- A small tool that extracts relative URLs from a file.☆769Sep 23, 2020Updated 5 years ago
- The Bug Hunters Methodology☆4,366Aug 1, 2023Updated 2 years ago
- This repository contains all the supplement material for the book "The art of sub-domain enumeration"☆663Jan 30, 2019Updated 7 years ago
- You can read the writeup on this script here☆273Jul 12, 2020Updated 5 years ago
- The Swiss Army knife for automated Web Application Testing☆2,358Jun 20, 2026Updated 2 weeks ago
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…☆1,033Feb 5, 2021Updated 5 years ago
- Compilation of JavaScript XSS oneliners payloads that rocks your nuts!☆24Jul 14, 2017Updated 8 years ago