This repository stores and houses various Mindmaps for bug bounty Huntersπ§βπ¦°, pentestersπ§βπ¦° and offensive(π΄)/defensive(π΅) security Professionalsπ« provided by me as well as contributed by the communityπ§π»βπ€βπ§π½. Your contributions and suggestions are welcomed.
| Name | Link | Type | Description | Author |
|---|---|---|---|---|
| Bug Hunters Methodology | π | π΄ | This Mindmap explains how to test for bugs on Bug bounty programs | Jhaddix |
| Fiding Server side issues | π | π΄ | This mind-map explains how to look for server side issues on your bug-bounty/pentest targets | Imran parray |
| Javascript Recon | π | π΄ | How to perform recon on JavaScript files | Imran parray |
| My Recon | π | π΄ | This mind-map explains how to look for various server side and client side bugs on Bug bounty programs | Imran parray |
| Testing 2FA | π | π΄ | How to test 2FA for Bugs | hackerscrolls |
| Testing 2FA [2] | π | π΄ | How to test 2FA for Bugs | hackerscrolls |
| 2FA Bypass Techniques | π | π΄ | 2FA Bypass Techniques | Harsh Bothra |
| Android Attacker Vectors | π | π΄ | Detailed Mindmap on How to find and exploit Android bugs. | hackerscrolls |
| Testing oAuth for Vulnerabilities | π | π΄ | How to test Oauth for Bugs | hackerscrolls |
| Security Assesment Mindmap | π | π΄ | General security Assessment Mind-map | Sopas |
| Red Teaming Mind Map from The Hacker Playbook 3 | π | π΄ | Mind-map containing several techniques and approaches used by Red team members | Marcon Lencini |
| SSRF MindMap | π | π΄ | How to test SSRF for Bugs | hackerscrolls |
| Code Review Mindmap | π | π΄π΅ | Mindmap containing several techniques and approaches that can be used during code reviews. | www.amanhardikar.com |
| Android Application Penetration Testing Mindmap | π | π΄ | A simple mind-map which explains various test cases around Android Application Penetration Testing | Harsh Bothra |
| Cookie Based Authentication Vulnerabilities | π | π΄ | a comprehensive Mind-map which includes various techniques to test Cookie based authentication mechanism. | Harsh Bothra |
| Tesing JIRA for CVE's | π | π΄ | Detailed Mind-map on How to find and exploit JIRA CVE's. | Harsh Bothra |
| Scope Based Testing | π | π΄ | This Mind-map explains how to test for bugs based on the scope of your target. | Harsh Bothra |
| OAuth 2.0 Threat Model Pentesting Checklist | π | π΄ | The following checklist represents a simplified visual alternative to IETF OAuth 2.0 Security Best Current Practice publication combined with various other public resources we found usefull. | Binary Brotherhood |
| Bug Bounty Platforms | π | π΄ | list of bug bounty platform available | fujie gu |
| Web App Pentest | π | π΄ | Web application Pentest Mindmap | Ding Jayway |
| Web App Pentest | π | π΄ | This mind-map has the list of bugs and the corresponding tools and techniques used to find those bugs | Ninad Mathpati |
| Mobile Security Mindmap | π | π΄ | a comprehensive Mind-map which includes various techniques to test Mobile Application for security issues | Aman Hardikar |
| Web Security Field Mindmap | π | π΄π΅ | This mindmap is an combination of Web Attacks, AppSec and Bug Bounty stuff | jois |
| Security Consulting & Implementation | π | π΅ | Security Consulting & Implementation mindmap | Lawrence Pingree |
| Information Security Technologies & Markets | π | π΄π΅ | This Mindmap is an combination of Information Security Technologies & Markets | ovens ffdf |
| Information Security Technologies & Markets | π | π΄π΅ | This mindmap contains different Information Security Technologies & Markets | John Fortner |
| Nmap Scans Mindmap | π | π΄π΅ | This mindmap show how different type of scans can be performed via Nmap Scanner | Only Hacker |
| Cross Site Request Frogery Mindmap | π | π΄π΅ | This mindmap show how different type of security tests can be performed while testing CSRF | alexlauerman |
| Access Control Vulnerabilities | π | π΄ | List of Techniques that can be use to test access control models of an Application | Pratik Gaikwad |
| CISO MindMap 2021 | π | π΅ | is the latest and updated CISO MindMap for 2021 with a number of updates and new recommendations for 2021-22 | Rafeeq Rehman |
| Common Vulnerabilites on Forgot Password Functionality | π | π΄ | List of Test cases that can be perform on an Forgot password functionalities within the web apps | Harsh Bothra |
| Common XML Attacks | π | π΄ | In this Mindmap Harsh Bothra Tired to list all the attacks that can be performed on an XML endpoints/services | Harsh Bothra |
| Copy of Vulnerability Checklist for SAML | π | π΄ | List of all the Vulnerability that can be tested on SAML Endpoints/Services | Harsh Bothra |
| Exploting Grafana | π | π΄ | Possible test cases to Exploit Publicly Avilable Grafa Instance | Muhammad Daffa |
| FILE READ vulnerabilities | π | π΄ | Practical strategies for exploiting FILE READ vulnerabilities | Lukasz MikuΕa |
| The Cyber Guy - Recon | π | π΄ | in this mindmap the CyberGuy shares his Recon Methodology | theCyberGuy0 |
| Penetration Testing Certifications | π | π΄π΅ | in this mindmap Tahar Tries to uncover the list of Certification in the field of Penetration testing | MrTaharAmine |
| Linux Privilege Escalation | π | π΄ | this mindmap shows several linux privilege escalation Techniques | Source |
Special Thanks to all the authors for publishing these mindmaps π₯³π₯³π₯³