Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/imran-parray/Mind-Maps

Mind-Maps of Several Things
https://github.com/imran-parray/Mind-Maps

Last synced: 3 months ago
JSON representation

Mind-Maps of Several Things

Awesome Lists containing this project

README

        

# MindMaps πŸ—ΊοΈ

> This repository stores and houses various Mindmaps for bug bounty HuntersπŸ§‘β€πŸ¦°, pentestersπŸ§‘β€πŸ¦° and offensive(πŸ”΄)/defensive(πŸ”΅) security ProfessionalsπŸ«‚ provided by me as well as contributed by the communityπŸ§‘πŸ»β€πŸ€β€πŸ§‘πŸ½. Your contributions and suggestions are welcomed.

| Name | Link | Type | Description | Author |
| ----------------------------------------------- | ------------------------------------------------------------ | ------ | ------------------------------------------------------------ | --------------------------------------------------- |
| Bug Hunters Methodology | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Bug%20Hunters%20Methodology%20v4/MindMap.png) | **πŸ”΄** | This Mindmap explains how to test for bugs on Bug bounty programs | [Jhaddix](https://twitter.com/jhaddix) |
| Fiding Server side issues | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Finding%20Server%20Side%20Issues%20-%20imran%20parray/Finding%20Server%20Side%20Issues.jpg) | **πŸ”΄** | This mind-map explains how to look for server side issues on your bug-bounty/pentest targets | [Imran parray](https://twitter.com/imranparray101) |
| Javascript Recon | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Js%20Recon%20-%20Imran%20Parray/Javascript-file-methodology.png) | **πŸ”΄** | How to perform recon on JavaScript files | [Imran parray](https://twitter.com/imranparray101) |
| My Recon | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Recon%20-%20Imran%20parray/My-recon.png) | **πŸ”΄** | This mind-map explains how to look for various server side and client side bugs on Bug bounty programs | [Imran parray](https://twitter.com/imranparray101) |
| Testing 2FA | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Testing%202FA-hackerscrolls/Testing%202FA.jpeg) | **πŸ”΄** | How to test 2FA for Bugs | [hackerscrolls](https://twitter.com/hackerscrolls) |
| Testing 2FA [2] | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Testing%202FA%20(2)%20-%20hackerscroll/Testing%202FA.jpeg) | **πŸ”΄** | How to test 2FA for Bugs | [hackerscrolls](https://twitter.com/hackerscrolls) |
| 2FA Bypass Techniques | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/2FA%20Bypass%20Techniques%20-%20Harsh%20Bothra/2FA%20Bypass%20Techniques.png) | **πŸ”΄** | 2FA Bypass Techniques | [Harsh Bothra](https://twitter.com/harshbothra_) |
| Android Attacker Vectors | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Android%20Attacker%20Vector%20-%20hackerscroll/Android%20Attacker%20Vector.png) | **πŸ”΄** | Detailed Mindmap on How to find and exploit Android bugs. | [hackerscrolls](https://twitter.com/hackerscrolls) |
| Testing oAuth for Vulnerabilities | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Testing%20OAuth%20-%20hackerscroll/Testing%20oAuth.jpeg) | **πŸ”΄** | How to test Oauth for Bugs | [hackerscrolls](https://twitter.com/hackerscrolls) |
| Security Assesment Mindmap | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Security%20Assesment%20-%20SOPAS/assessment-mindset.png) | **πŸ”΄** | General security Assessment Mind-map | [Sopas](https://twitter.com/dsopas) |
| Red Teaming Mind Map from The Hacker Playbook 3 | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Red%20Teaming%20Mind%20Map%20from%20The%20Hacker%20Playbook%203/blog_hackerplaybook_mindmap.png) | **πŸ”΄** | Mind-map containing several techniques and approaches used by Red team members | [Marcon Lencini](https://twitter.com/lancinimarco) |
| SSRF MindMap | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/SSRF%20-%20Hackerscroll/ssrf.jpeg) | **πŸ”΄** | How to test SSRF for Bugs | [hackerscrolls](https://twitter.com/hackerscrolls) |
| Code Review Mindmap | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Code%20review%20-%20amanhardikar/CodeReview.png) | **πŸ”΄**πŸ”΅ | Mindmap containing several techniques and approaches that can be used during code reviews. | [www.amanhardikar.com](http://www.amanhardikar.com) |
| Android Application Penetration Testing Mindmap| [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Android%20Mindmap%20-%20Harsh%20Bothra/AndroidMindmap.jpeg) | **πŸ”΄** | A simple mind-map which explains various test cases around Android Application Penetration Testing | [Harsh Bothra](https://twitter.com/harshbothra_) |
| Cookie Based Authentication Vulnerabilities | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Cookie%20Based%20Authentication%20Vulnerabilities%20-%20Harsh%20Bothra/Cookie_Based_Authentication_Vulnerabilities.png) | **πŸ”΄** | a comprehensive Mind-map which includes various techniques to test Cookie based authentication mechanism. | [Harsh Bothra](https://twitter.com/harshbothra_) |
| Tesing JIRA for CVE's | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Tesing%20JIRA%20for%20CVE's%20-%20Harsh%20Bothra/JIRA_CVEs.png) | **πŸ”΄** | Detailed Mind-map on How to find and exploit JIRA CVE's. | [Harsh Bothra](https://twitter.com/harshbothra_) |
| Scope Based Testing | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Scope%20Based%20Testing%20-%20Harsh%20Bothra/Scope_Based_Recon.png) | **πŸ”΄** | This Mind-map explains how to test for bugs based on the scope of your target. | [Harsh Bothra](https://twitter.com/harshbothra_) |
| OAuth 2.0 Threat Model Pentesting Checklist| [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Oauth2%20Pentest%20Checklist%20-%20BinaryBrotherh1/oauth.png) | **πŸ”΄** | The following checklist represents a simplified visual alternative to IETF OAuth 2.0 Security Best Current Practice publication combined with various other public resources we found usefull.| [Binary Brotherhood](https://twitter.com/BinaryBrotherh1) |
|Bug Bounty Platforms |[πŸ”—](https://www.mindmeister.com/1578309575/bug-bounty-platforms)| πŸ”΄ | list of bug bounty platform available | [fujie gu](https://www.mindmeister.com/users/channel/51127258) |
|Web App Pentest|[πŸ”—](https://www.mindmeister.com/1748098748/web-app-pentest?fullscreen=1)|πŸ”΄|Web application Pentest Mindmap|[Ding Jayway](https://www.mindmeister.com/users/channel/60235712)|
|Web App Pentest|[πŸ”—](https://www.mindmeister.com/1470766611/web-app-pentest?fullscreen=1)|πŸ”΄|This mind-map has the list of bugs and the corresponding tools and techniques used to find those bugs|[Ninad Mathpati](https://www.mindmeister.com/users/channel/45787993)|
|Mobile Security Mindmap|[πŸ”—](https://raw.githubusercontent.com/imran-parray/Mind-Maps/master/Mobile%20App%20Security%20-%20Aman%20Hardikar/map.png)|πŸ”΄|a comprehensive Mind-map which includes various techniques to test Mobile Application for security issues|[Aman Hardikar](https://twitter.com/AmanHardikar)|
|Web Security Field Mindmap|[πŸ”—](https://www.mindmeister.com/1746180947/web-vulnerability-by-joas-antonio?fullscreen=1)|πŸ”΄πŸ”΅|This mindmap is an combination of Web Attacks, AppSec and Bug Bounty stuff|[jois](https://www.mindmeister.com/users/channel/36439824)|
|Security Consulting & Implementation|[πŸ”—](https://www.mindmeister.com/988579189/security-consulting-implementation?fullscreen=1)|πŸ”΅|Security Consulting & Implementation mindmap|[Lawrence Pingree](https://www.mindmeister.com/users/channel/1154930)|
|Information Security Technologies & Markets|[πŸ”—](https://www.mindmeister.com/783360255/information-security-technologies-markets-by-lawrence-pingree?fullscreen=1)|πŸ”΄πŸ”΅|This Mindmap is an combination of Information Security Technologies & Markets|[ovens ffdf](https://www.mindmeister.com/users/channel/16669742)|
|Information Security Technologies & Markets|[πŸ”—](https://www.mindmeister.com/333578609/information-security-technologies-markets)|πŸ”΄πŸ”΅|This mindmap contains different Information Security Technologies & Markets|[John Fortner](https://www.mindmeister.com/users/channel/4563052)|
|Nmap Scans Mindmap|[πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Nmap%20scans%20-%20OnlyHacker/mindmap.jpg)|πŸ”΄πŸ”΅|This mindmap show how different type of scans can be performed via Nmap Scanner|[Only Hacker](https://onlyhacker.com)|
|Cross Site Request Frogery Mindmap|[πŸ”—](https://raw.githubusercontent.com/imran-parray/Mind-Maps/master/XSRF%20-%20Trust%20Foundry/CSRF-CheatSheet-v2.3.1.png)|πŸ”΄πŸ”΅|This mindmap show how different type of security tests can be performed while testing CSRF|[alexlauerman](https://twitter.com/alexlauerman)|
|Access Control Vulnerabilities| [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Access%20Control%20Vulnerabilities%20-%20Pratik%20Gaikwad/Access-Control-vaulnerabilites.png) | **πŸ”΄** | List of Techniques that can be use to test access control models of an Application| [Pratik Gaikwad](https://twitter.com/X0rby7e) |
|CISO MindMap 2021| [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/CISO%20MindMap%202021%20-%20Rafeeq%20Rahman/CISO_Job_MindMap_Rafeeq_Rehman_v_2021.png) | **πŸ”΅** | is the latest and updated CISO MindMap for 2021 with a number of updates and new recommendations for 2021-22| [Rafeeq Rehman](https://rafeeqrehman.com/author/boota135/) |
| Common Vulnerabilites on Forgot Password Functionality | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Common%20Vulnerabilites%20on%20Forgot%20Password%20Functionality%20-%20%20Harsh%20Bothra/Common%20Vulnerabilities%20on%20Forget%20Password%20Functionality.pdf) | **πŸ”΄** | List of Test cases that can be perform on an Forgot password functionalities within the web apps| [Harsh Bothra](https://twitter.com/harshbothra_) |
| Common XML Attacks | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Common%20XML%20Attacks%20-%20Harsh%20Bothra/XML%20Attacks%20New.pdf) | **πŸ”΄** | In this Mindmap Harsh Bothra Tired to list all the attacks that can be performed on an XML endpoints/services | [Harsh Bothra](https://twitter.com/harshbothra_) |
| Copy of Vulnerability Checklist for SAML | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/2FA%20Bypass%20Techniques%20-%20Harsh%20Bothra/2FA%20Bypass%20Techniques.png) | **πŸ”΄** | List of all the Vulnerability that can be tested on SAML Endpoints/Services | [Harsh Bothra](https://twitter.com/harshbothra_) |
| Exploting Grafana | [πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Exploting%20Grafana%20-%20daffainfo/grafana.png) | **πŸ”΄** | Possible test cases to Exploit Publicly Avilable Grafa Instance | [Muhammad Daffa](https://twitter.com/daffainfo) |
| FILE READ vulnerabilities | [πŸ”—](https://raw.githubusercontent.com/imran-parray/Mind-Maps/master/File%20Read%20Vulnerabilites%20-%20Lukasz%20Miku%C5%82a/FRV.jpeg) | **πŸ”΄** | Practical strategies for exploiting FILE READ vulnerabilities | [Lukasz MikuΕ‚a](https://twitter.com/0xluk3) |
|The Cyber Guy - Recon|[πŸ”—](https://raw.githubusercontent.com/imran-parray/Mind-Maps/master/The%20Cyber%20Guy%20-%20Recon%20Mindmap/theCyberGuy_Recon_V1.0.png)|πŸ”΄|in this mindmap the CyberGuy shares his Recon Methodology|[theCyberGuy0](https://twitter.com/theCyberGuy0)|
|Penetration Testing Certifications|[πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Penetration%20Testing%20Certification%20-%20Tahar/mindmap.jpeg)|πŸ”΄πŸ”΅|in this mindmap Tahar Tries to uncover the list of Certification in the field of Penetration testing|[MrTaharAmine](https://twitter.com/MrTaharAmine)|
|Linux Privilege Escalation |[πŸ”—](https://github.com/imran-parray/Mind-Maps/blob/master/Linux%20Privilege%20Escalation%20-%20Mindmap/Linux_Previlege_Escalation.png)|πŸ”΄|this mindmap shows several linux privilege escalation Techniques|[Source](https://twitter.com/hackinarticles/status/1464075216993206274?s=28)|

---

Special Thanks to all the authors for publishing these mindmaps πŸ₯³πŸ₯³πŸ₯³