This repository stores and houses various Mindmaps for bug bounty Hunters🧑🦰, pentesters🧑🦰 and offensive(🔴)/defensive(🔵) security Professionals🫂 provided by me as well as contributed by the community🧑🏻🤝🧑🏽. Your contributions and suggestions are welcomed.
| Name | Link | Type | Description | Author |
|---|---|---|---|---|
| Bug Hunters Methodology | 🔗 | 🔴 | This Mindmap explains how to test for bugs on Bug bounty programs | Jhaddix |
| Fiding Server side issues | 🔗 | 🔴 | This mind-map explains how to look for server side issues on your bug-bounty/pentest targets | Imran parray |
| Javascript Recon | 🔗 | 🔴 | How to perform recon on JavaScript files | Imran parray |
| My Recon | 🔗 | 🔴 | This mind-map explains how to look for various server side and client side bugs on Bug bounty programs | Imran parray |
| Testing 2FA | 🔗 | 🔴 | How to test 2FA for Bugs | hackerscrolls |
| Testing 2FA [2] | 🔗 | 🔴 | How to test 2FA for Bugs | hackerscrolls |
| 2FA Bypass Techniques | 🔗 | 🔴 | 2FA Bypass Techniques | Harsh Bothra |
| Android Attacker Vectors | 🔗 | 🔴 | Detailed Mindmap on How to find and exploit Android bugs. | hackerscrolls |
| Testing oAuth for Vulnerabilities | 🔗 | 🔴 | How to test Oauth for Bugs | hackerscrolls |
| Security Assesment Mindmap | 🔗 | 🔴 | General security Assessment Mind-map | Sopas |
| Red Teaming Mind Map from The Hacker Playbook 3 | 🔗 | 🔴 | Mind-map containing several techniques and approaches used by Red team members | Marcon Lencini |
| SSRF MindMap | 🔗 | 🔴 | How to test SSRF for Bugs | hackerscrolls |
| Code Review Mindmap | 🔗 | 🔴🔵 | Mindmap containing several techniques and approaches that can be used during code reviews. | www.amanhardikar.com |
| Android Application Penetration Testing Mindmap | 🔗 | 🔴 | A simple mind-map which explains various test cases around Android Application Penetration Testing | Harsh Bothra |
| Cookie Based Authentication Vulnerabilities | 🔗 | 🔴 | a comprehensive Mind-map which includes various techniques to test Cookie based authentication mechanism. | Harsh Bothra |
| Tesing JIRA for CVE's | 🔗 | 🔴 | Detailed Mind-map on How to find and exploit JIRA CVE's. | Harsh Bothra |
| Scope Based Testing | 🔗 | 🔴 | This Mind-map explains how to test for bugs based on the scope of your target. | Harsh Bothra |
| OAuth 2.0 Threat Model Pentesting Checklist | 🔗 | 🔴 | The following checklist represents a simplified visual alternative to IETF OAuth 2.0 Security Best Current Practice publication combined with various other public resources we found usefull. | Binary Brotherhood |
| Bug Bounty Platforms | 🔗 | 🔴 | list of bug bounty platform available | fujie gu |
| Web App Pentest | 🔗 | 🔴 | Web application Pentest Mindmap | Ding Jayway |
| Web App Pentest | 🔗 | 🔴 | This mind-map has the list of bugs and the corresponding tools and techniques used to find those bugs | Ninad Mathpati |
| Mobile Security Mindmap | 🔗 | 🔴 | a comprehensive Mind-map which includes various techniques to test Mobile Application for security issues | Aman Hardikar |
| Web Security Field Mindmap | 🔗 | 🔴🔵 | This mindmap is an combination of Web Attacks, AppSec and Bug Bounty stuff | jois |
| Security Consulting & Implementation | 🔗 | 🔵 | Security Consulting & Implementation mindmap | Lawrence Pingree |
| Information Security Technologies & Markets | 🔗 | 🔴🔵 | This Mindmap is an combination of Information Security Technologies & Markets | ovens ffdf |
| Information Security Technologies & Markets | 🔗 | 🔴🔵 | This mindmap contains different Information Security Technologies & Markets | John Fortner |
| Nmap Scans Mindmap | 🔗 | 🔴🔵 | This mindmap show how different type of scans can be performed via Nmap Scanner | Only Hacker |
| Cross Site Request Frogery Mindmap | 🔗 | 🔴🔵 | This mindmap show how different type of security tests can be performed while testing CSRF | alexlauerman |
| Access Control Vulnerabilities | 🔗 | 🔴 | List of Techniques that can be use to test access control models of an Application | Pratik Gaikwad |
| CISO MindMap 2021 | 🔗 | 🔵 | is the latest and updated CISO MindMap for 2021 with a number of updates and new recommendations for 2021-22 | Rafeeq Rehman |
| Common Vulnerabilites on Forgot Password Functionality | 🔗 | 🔴 | List of Test cases that can be perform on an Forgot password functionalities within the web apps | Harsh Bothra |
| Common XML Attacks | 🔗 | 🔴 | In this Mindmap Harsh Bothra Tired to list all the attacks that can be performed on an XML endpoints/services | Harsh Bothra |
| Copy of Vulnerability Checklist for SAML | 🔗 | 🔴 | List of all the Vulnerability that can be tested on SAML Endpoints/Services | Harsh Bothra |
| Exploting Grafana | 🔗 | 🔴 | Possible test cases to Exploit Publicly Avilable Grafa Instance | Muhammad Daffa |
| FILE READ vulnerabilities | 🔗 | 🔴 | Practical strategies for exploiting FILE READ vulnerabilities | Lukasz Mikuła |
| The Cyber Guy - Recon | 🔗 | 🔴 | in this mindmap the CyberGuy shares his Recon Methodology | theCyberGuy0 |
| Penetration Testing Certifications | 🔗 | 🔴🔵 | in this mindmap Tahar Tries to uncover the list of Certification in the field of Penetration testing | MrTaharAmine |
| Linux Privilege Escalation | 🔗 | 🔴 | this mindmap shows several linux privilege escalation Techniques | Source |
Special Thanks to all the authors for publishing these mindmaps 🥳🥳🥳