This repository stores and houses various Mindmaps for bug bounty Hunters🧑🦰, pentesters🧑🦰 and offensive(🔴)/defensive(🔵) security Professionals🫂 provided by me as well as contributed by the community🧑🏻🤝🧑🏽. Your contributions and suggestions are welcomed.
Name | Link | Type | Description | Author |
---|---|---|---|---|
Bug Hunters Methodology | 🔗 | 🔴 | This Mindmap explains how to test for bugs on Bug bounty programs | Jhaddix |
Fiding Server side issues | 🔗 | 🔴 | This mind-map explains how to look for server side issues on your bug-bounty/pentest targets | Imran parray |
Javascript Recon | 🔗 | 🔴 | How to perform recon on JavaScript files | Imran parray |
My Recon | 🔗 | 🔴 | This mind-map explains how to look for various server side and client side bugs on Bug bounty programs | Imran parray |
Testing 2FA | 🔗 | 🔴 | How to test 2FA for Bugs | hackerscrolls |
Testing 2FA [2] | 🔗 | 🔴 | How to test 2FA for Bugs | hackerscrolls |
2FA Bypass Techniques | 🔗 | 🔴 | 2FA Bypass Techniques | Harsh Bothra |
Android Attacker Vectors | 🔗 | 🔴 | Detailed Mindmap on How to find and exploit Android bugs. | hackerscrolls |
Testing oAuth for Vulnerabilities | 🔗 | 🔴 | How to test Oauth for Bugs | hackerscrolls |
Security Assesment Mindmap | 🔗 | 🔴 | General security Assessment Mind-map | Sopas |
Red Teaming Mind Map from The Hacker Playbook 3 | 🔗 | 🔴 | Mind-map containing several techniques and approaches used by Red team members | Marcon Lencini |
SSRF MindMap | 🔗 | 🔴 | How to test SSRF for Bugs | hackerscrolls |
Code Review Mindmap | 🔗 | 🔴🔵 | Mindmap containing several techniques and approaches that can be used during code reviews. | www.amanhardikar.com |
Android Application Penetration Testing Mindmap | 🔗 | 🔴 | A simple mind-map which explains various test cases around Android Application Penetration Testing | Harsh Bothra |
Cookie Based Authentication Vulnerabilities | 🔗 | 🔴 | a comprehensive Mind-map which includes various techniques to test Cookie based authentication mechanism. | Harsh Bothra |
Tesing JIRA for CVE's | 🔗 | 🔴 | Detailed Mind-map on How to find and exploit JIRA CVE's. | Harsh Bothra |
Scope Based Testing | 🔗 | 🔴 | This Mind-map explains how to test for bugs based on the scope of your target. | Harsh Bothra |
OAuth 2.0 Threat Model Pentesting Checklist | 🔗 | 🔴 | The following checklist represents a simplified visual alternative to IETF OAuth 2.0 Security Best Current Practice publication combined with various other public resources we found usefull. | Binary Brotherhood |
Bug Bounty Platforms | 🔗 | 🔴 | list of bug bounty platform available | fujie gu |
Web App Pentest | 🔗 | 🔴 | Web application Pentest Mindmap | Ding Jayway |
Web App Pentest | 🔗 | 🔴 | This mind-map has the list of bugs and the corresponding tools and techniques used to find those bugs | Ninad Mathpati |
Mobile Security Mindmap | 🔗 | 🔴 | a comprehensive Mind-map which includes various techniques to test Mobile Application for security issues | Aman Hardikar |
Web Security Field Mindmap | 🔗 | 🔴🔵 | This mindmap is an combination of Web Attacks, AppSec and Bug Bounty stuff | jois |
Security Consulting & Implementation | 🔗 | 🔵 | Security Consulting & Implementation mindmap | Lawrence Pingree |
Information Security Technologies & Markets | 🔗 | 🔴🔵 | This Mindmap is an combination of Information Security Technologies & Markets | ovens ffdf |
Information Security Technologies & Markets | 🔗 | 🔴🔵 | This mindmap contains different Information Security Technologies & Markets | John Fortner |
Nmap Scans Mindmap | 🔗 | 🔴🔵 | This mindmap show how different type of scans can be performed via Nmap Scanner | Only Hacker |
Cross Site Request Frogery Mindmap | 🔗 | 🔴🔵 | This mindmap show how different type of security tests can be performed while testing CSRF | alexlauerman |
Access Control Vulnerabilities | 🔗 | 🔴 | List of Techniques that can be use to test access control models of an Application | Pratik Gaikwad |
CISO MindMap 2021 | 🔗 | 🔵 | is the latest and updated CISO MindMap for 2021 with a number of updates and new recommendations for 2021-22 | Rafeeq Rehman |
Common Vulnerabilites on Forgot Password Functionality | 🔗 | 🔴 | List of Test cases that can be perform on an Forgot password functionalities within the web apps | Harsh Bothra |
Common XML Attacks | 🔗 | 🔴 | In this Mindmap Harsh Bothra Tired to list all the attacks that can be performed on an XML endpoints/services | Harsh Bothra |
Copy of Vulnerability Checklist for SAML | 🔗 | 🔴 | List of all the Vulnerability that can be tested on SAML Endpoints/Services | Harsh Bothra |
Exploting Grafana | 🔗 | 🔴 | Possible test cases to Exploit Publicly Avilable Grafa Instance | Muhammad Daffa |
FILE READ vulnerabilities | 🔗 | 🔴 | Practical strategies for exploiting FILE READ vulnerabilities | Lukasz Mikuła |
Special Thanks to all the authors for publishing these mindmaps 🥳🥳🥳