Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
☆749Apr 12, 2022Updated 3 years ago
Alternatives and similar repositories for assessment-mindset
Users that are interested in assessment-mindset are comparing it to the libraries listed below
Sorting:
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,774Apr 26, 2024Updated last year
- This script is intended to automate your reconnaissance process in an organized fashion☆2,014Aug 19, 2021Updated 4 years ago
- List of Awesome Asset Discovery Resources☆2,377Jan 22, 2025Updated last year
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆356Oct 14, 2020Updated 5 years ago
- A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.☆557Mar 6, 2023Updated 2 years ago
- A collection of custom security tools for quick needs.☆3,284May 1, 2023Updated 2 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,482Oct 12, 2024Updated last year
- This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtu…☆629Feb 5, 2019Updated 7 years ago
- ☆2,316Dec 8, 2023Updated 2 years ago
- A tool to hunt for publicly accessible DigitalOcean Spaces☆156Jan 21, 2020Updated 6 years ago
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, al…☆1,285Aug 18, 2025Updated 6 months ago
- CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.☆135Sep 25, 2019Updated 6 years ago
- A curated list of amazingly awesome Burp Extensions☆3,372Feb 17, 2026Updated 2 weeks ago
- A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, al…☆2,184Dec 11, 2022Updated 3 years ago
- Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.☆469Nov 14, 2019Updated 6 years ago
- Penetration tests guide based on OWASP including test cases, resources and examples.☆2,764Mar 23, 2022Updated 3 years ago
- A tool to capture all the git secrets by leveraging multiple open source git searching tools☆1,142Jun 25, 2019Updated 6 years ago
- A script to set up a quick Ubuntu 17.10 x64 box with tools I use.☆1,237Jul 3, 2024Updated last year
- Issues to consider when planning a red team exercise.☆616Aug 23, 2017Updated 8 years ago
- Multi Tool Subdomain Enumeration☆723Apr 11, 2021Updated 4 years ago
- A collection of tools to perform searches on GitHub.☆1,467Feb 9, 2023Updated 3 years ago
- Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]☆305Oct 14, 2018Updated 7 years ago
- A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.☆397Apr 17, 2020Updated 5 years ago
- Note: Going through a full re-write of the tooling so the current versions in the repo do not work!☆416May 18, 2020Updated 5 years ago
- Wiki to collect Red Team infrastructure hardening resources☆4,450Oct 1, 2025Updated 5 months ago
- A Tool for Domain Flyovers☆5,906May 22, 2022Updated 3 years ago
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…☆3,903Sep 27, 2021Updated 4 years ago
- "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.☆5,572Feb 8, 2025Updated last year
- This tool can be used to brute discover GET and POST parameters☆1,394Aug 24, 2019Updated 6 years ago
- Generates lists of live hosts and URLs for targeting, automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts a…☆367Jul 23, 2022Updated 3 years ago
- A list of interesting payloads, tips and tricks for bug bounty hunters.☆6,382Sep 14, 2023Updated 2 years ago
- The Swiss Army knife for automated Web Application Testing☆2,323May 8, 2024Updated last year
- Reconnaissance tool which scans javascript files for subdomains and then iterates over all javascript files hosted on subsequent subdomai…☆223Jul 10, 2020Updated 5 years ago
- You can read the writeup on this script here☆274Jul 12, 2020Updated 5 years ago
- This repository contains all the supplement material for the book "The art of sub-domain enumeration"☆662Jan 30, 2019Updated 7 years ago
- The Bug Hunters Methodology☆4,260Aug 1, 2023Updated 2 years ago
- ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.☆727May 6, 2022Updated 3 years ago
- A small tool that extracts relative URLs from a file.☆768Sep 23, 2020Updated 5 years ago
- RedSnarf is a pen-testing / red-teaming tool for Windows environments☆1,213Sep 14, 2020Updated 5 years ago