Mentsh
Information Security Professional. GCIH | GMON | GWAPT || Security Architect, WebApp PenTester by day, Security Researcher & Bug Bounty hunter by night.
Pinned Repositories
API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
assessment-mindset
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
AutoSecurity
awesome-appsec
A curated list of resources for learning about application security
awesome-bug-bounty
awesome-incident-response
A curated list of tools for incident response
penetration-testing-cheat-sheet
Starting Point
Pentesters-Mindmap
Pentesters Mindmap of tasks
Mentsh's Repositories
Mentsh/assessment-mindset
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Mentsh/penetration-testing-cheat-sheet
Starting Point
Mentsh/Pentesters-Mindmap
Pentesters Mindmap of tasks
Mentsh/API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
Mentsh/awesome-bug-bounty
Mentsh/awesome-security
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
Mentsh/AwesomeXSS
Awesome XSS stuff
Mentsh/Blazy
Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .
Mentsh/bugcrowd-levelup-subdomain-enumeration
This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
Mentsh/bypass-403
Curl script for 403 attempted bypass
Mentsh/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Mentsh/cloudflare_enum
Cloudflare DNS Enumeration Tool for Pentesters
Mentsh/Down-The-Rabbit-Hole
Blue Team Operations
Mentsh/fuzz-lightyear
A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
Mentsh/github-dorks
Collection of github dorks and helper tool to automate the process of checking dorks
Mentsh/Gray-Hacker-Resources
👾Useful for CTFs, wargames, pentesting. For fun or profit. 👾
Mentsh/hakrevdns
Small, fast tool for performing reverse DNS lookups en masse.
Mentsh/Interlace
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Mentsh/ios-penetration-testing-cheat-sheet
Work in progress...
Mentsh/knock
Knock Subdomain Scan
Mentsh/LazyRecon
An automated approach to performing recon for bug bounty hunting and penetration testing.
Mentsh/Markdown-XSS-Payloads
XSS payloads for exploiting Markdown syntax
Mentsh/MobileHackingCheatSheet
Basics on commands/tools/info on how to assess the security of mobile applications
Mentsh/mrr3boot.github.io
Quick Repo for any Bug Hunter
Mentsh/Offensive-Security-Cheatsheets
Offensive Security / Pentesting Cheat Sheets
Mentsh/OSINT-Framework
OSINT Framework
Mentsh/pentest-wiki
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
Mentsh/Scanners-Box
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
Mentsh/the-book-of-secret-knowledge
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
Mentsh/wifi-penetration-testing-cheat-sheet
Work in progress...