search

dsopas / assessment-mindset

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
MIT License
726 stars 116 forks source link

A few URL Links incorrect #11

Closed Mentsh closed 4 years ago

Mentsh commented 4 years ago

Hey,

I am manually trying to recreate this MindMap, because I am eager to start building off of it... So while doing so I ran into a few things. Hope this is helpful and not a bother.

  1. The dnsmap URL-link points to Sublist3r

  2. I'm not seeing a DirBuster page on OWASP anymore.. Maybe a better link (https://tools.kali.org/web-applications/dirbuster)

  3. ssllabs.com & sslscan both point to https://observatory.mozilla.org/

ssllabs.com

I have not finished going through everything.. still rebuilding..

dsopas commented 4 years ago

@Mentsh what about putting the links in a new sub-topic? Making them visible to every format? Does it help? I want more people to contribute to this project and I think that might help.

What's your view on that?

Mentsh commented 4 years ago

Not as clean looking... in SimpleMind you can label items which make it visible to .png/.pdf BUT keep in mind.... you can't really contribute in these....

I wonder if they would get exported if it were put in the notes field... So when exporting from SimpleMind to .opml format - it looks like the notes come with it... Not ideal for links... BUT how often do you need to click a link for a tool? You will most likely have gone through the tools and downloaded them... This leaves sites like netcraft, ssllabs and so on... Just make the labels/sub-topic the URL... or you can do sub-topics for those.

If you want more to contribute, then .opml might be the best format as that is excepted by many mindmap tools. So as long as the info gets into the .opml file then it can be collaborated on...

I have been tinkering with it while recreating --- I am more focused on Black Box Bug-bounties first than internal pentesting... So I tried to make it flow as such... and moved to the bottom the things I likely wont need (such as Email collection) unless I am doing a Paid Pentest. See attached... Still work in progress as I am rebuilding yours and adding some of my knowledge/tools/TTPs... I also added a few sections/renames some and moved things around.... I'm thinking you can just compile what you want to take from it as opposed to pull requests.... Because everyone's TTPs will be slightly different.... I have a lot more I plan to add... Pentesters Mindset v2

dsopas commented 4 years ago

As soon as I have the links all in a "sub-topic" I'll export the OPML format and ping you for you to try.

Mentsh commented 4 years ago

My Current recreation & modification.

Pentesters Mindset v2 (1)

dsopas commented 4 years ago

Can you export to OPML so I can see how it looks on Xmind?

Mentsh commented 4 years ago

They don't support OPML via attachment here. So just change it back from txt to .opml Also keep in mind I embedded the URLs same as you so they wont show up in opml Also I keep going back and fourth if Sub-domain takeover should be network or application. Pentesters Mindset v2 (1).txt

dsopas commented 4 years ago

Try with this format. Using subtopic to put commands or links. I think it would be better. Let me know if it works for you. demo_export.txt

Mentsh commented 4 years ago

Looks good Target

dsopas commented 4 years ago

@Mentsh Check out https://github.com/dsopas/assessment-mindset/tree/dev with the final modifications. Now you and the community can work on the OPML for easy compatibility. I hope you can be the first to PR :+1:

Thanks!