Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
☆749Apr 12, 2022Updated 3 years ago
Alternatives and similar repositories for assessment-mindset
Users that are interested in assessment-mindset are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,787Apr 26, 2024Updated last year
- This script is intended to automate your reconnaissance process in an organized fashion☆2,025Aug 19, 2021Updated 4 years ago
- List of Awesome Asset Discovery Resources☆2,429Jan 22, 2025Updated last year
- A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.☆557Mar 6, 2023Updated 3 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,482Oct 12, 2024Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- A collection of custom security tools for quick needs.☆3,286May 1, 2023Updated 2 years ago
- A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, al…☆2,188Dec 11, 2022Updated 3 years ago
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, al…☆1,284Aug 18, 2025Updated 7 months ago
- Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]☆305Oct 14, 2018Updated 7 years ago
- CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.☆136Sep 25, 2019Updated 6 years ago
- This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtu…☆628Feb 5, 2019Updated 7 years ago
- A curated list of amazingly awesome Burp Extensions☆3,379Feb 17, 2026Updated last month
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆356Oct 14, 2020Updated 5 years ago
- ☆2,321Dec 8, 2023Updated 2 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.☆397Apr 17, 2020Updated 5 years ago
- A collection of tools to perform searches on GitHub.☆1,471Feb 9, 2023Updated 3 years ago
- A tool to capture all the git secrets by leveraging multiple open source git searching tools☆1,144Jun 25, 2019Updated 6 years ago
- Organize your API security assessment by using MindAPI. It's free and open for community collaboration.☆866Sep 22, 2025Updated 6 months ago
- Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.☆471Nov 14, 2019Updated 6 years ago
- A list of interesting payloads, tips and tricks for bug bounty hunters.☆6,399Sep 14, 2023Updated 2 years ago
- Multi Tool Subdomain Enumeration☆723Apr 11, 2021Updated 4 years ago
- A script to set up a quick Ubuntu 17.10 x64 box with tools I use.☆1,236Jul 3, 2024Updated last year
- This tool can be used to brute discover GET and POST parameters☆1,396Aug 24, 2019Updated 6 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.☆63Feb 26, 2019Updated 7 years ago
- "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.☆5,605Feb 8, 2025Updated last year
- A tool to hunt for publicly accessible DigitalOcean Spaces☆156Jan 21, 2020Updated 6 years ago
- A Tool for Domain Flyovers☆5,912May 22, 2022Updated 3 years ago
- Note: Going through a full re-write of the tooling so the current versions in the repo do not work!☆416May 18, 2020Updated 5 years ago
- Penetration tests guide based on OWASP including test cases, resources and examples.☆2,773Mar 23, 2022Updated 4 years ago
- DNS Takeover tool written in Go☆2,034Mar 16, 2026Updated last week
- Generates lists of live hosts and URLs for targeting, automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts a…☆367Jul 23, 2022Updated 3 years ago
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…☆3,907Sep 27, 2021Updated 4 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Generates permutations, alterations and mutations of subdomains and then resolves them☆2,476Jan 9, 2025Updated last year
- A small tool that extracts relative URLs from a file.☆768Sep 23, 2020Updated 5 years ago
- The Bug Hunters Methodology☆4,265Aug 1, 2023Updated 2 years ago
- This repository contains all the supplement material for the book "The art of sub-domain enumeration"☆662Jan 30, 2019Updated 7 years ago
- The Swiss Army knife for automated Web Application Testing☆2,321May 8, 2024Updated last year
- You can read the writeup on this script here☆274Jul 12, 2020Updated 5 years ago
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…☆1,026Feb 5, 2021Updated 5 years ago