Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Branch: master
Clone or download
dsopas Merge pull request #7 from dsopas/dev
New tools and big update to the master version
Latest commit 43168d2 Oct 18, 2018

Security Assessment Mindset

Cool image from Char49


I did this to help me on my security assessments (pentest, bug bounty, red-team, kung) and to keep my work well organized.

Each time I finished a task, I marked it with a check icon using XMind. If you don't have this tool, print the image version and use your pencil to mark it as done.

Included in this mindset is WAHH Methodology, API Security Checklist and IOT PenTesting Guide from @adi1391.

On some particular tasks you have notes (only in XMind format) that provide the name of some tools or links you might use for that particular task.


If you don't have XMind software, I exported the PNG, Freemind and OPML versions. If you need other format, please let me know so I can start exporting it in future versions.

How to contribute

New tasks, tools, typos and other things you think it would help this mindmap, please Add a new issue on dev branch on this repo for discussion and validation. Remember that tis is open to ALL infosec community so let us all keep things rolling 👍. Any question, feel free to ping me at Twitter.


To do

  • Mobile applications mindmap (iOS and Android)
  • Networking mindmap (work in progress)
  • Wifi mindmap
  • IoT mindmap (work in progress)
  • Improve font style and colors