A comprehensive, production-ready knowledge base for security researchers, penetration testers, and bug bounty hunters. This repository contains battle-tested methodologies, cheatsheets, automation tools, wordlists, and real-world write-ups covering web penetration testing, API security, cloud exploitation, and modern vulnerability assessment techniques.
β οΈ IMPORTANT NOTE & WARNING
This repository is intended ONLY for authorized security testing, educational purposes, and ethical hacking. All techniques and tools documented here must be used exclusively on systems you own or have explicit written permission to test. Unauthorized access or attacks against any system is ILLEGAL and may result in criminal prosecution. The authors assume NO LIABILITY for any misuse of this material.β DO: Test your own applications, participate in legitimate bug bounty programs, learn security concepts.
β DON'T: Attack random websites, exploit without permission, use these techniques maliciously.
Code of Conduct & Community Guidelines - Ethical behavior standards for contributors and users of this repository.
- CODE_OF_CONDUCT - Rules for respectful collaboration, responsible disclosure, and ethical hacking practices.
MIT Open Source License - Legal terms governing the use, modification, and distribution of this repository.
- LICENSE - Permissive license allowing free use with attribution requirements.
Vulnerability Disclosure & Security Guidelines - Responsible disclosure process and security best practices.
- SECURITY - How to report security issues and coordinate responsible disclosure.
Bug Bounty Training Curriculum - Structured learning path from beginner to advanced bug bounty hunting.
- README - Course syllabus, prerequisites, and learning objectives.
A complete collection of penetration testing methodologies covering every major web vulnerability class, attack technique, and exploitation strategy. Each document provides step-by-step guidance, detection methods, and practical examples for real-world bug bounty hunting scenarios.
Core Web Vulnerability Exploitation Techniques - Comprehensive guides for identifying and exploiting common web security flaws.
- API Security Testing - Complete API pentesting methodology including REST, GraphQL, and SOAP endpoints.
- Brute Force Attacks - Password spraying, credential stuffing, and intelligent brute forcing techniques.
- Cross-Origin Resource Sharing Exploitation - Bypassing CORS policies and exploiting misconfigurations.
- CRLF Injection Attacks - HTTP response splitting, log injection, and session manipulation.
- Cross-Site Request Forgery - State-changing request forgery and anti-CSRF bypass techniques.
- Clickjacking & UI Redressing - Interface deception attacks and frame busting bypasses.
- Web Crawling & Fuzzing Strategies - Automated discovery of hidden endpoints and parameters.
- DNS Rebinding Attacks - Bypassing same-origin policy using DNS manipulation.
- Insecure Deserialization - Exploiting Java, PHP, Python, and Ruby deserialization flaws.
- Email Attack Vectors - SMTP injection, email spoofing, and phishing techniques.
- Broken Link Exploitation - Finding and exploiting dangling markup and broken references.
- Race Condition Exploitation - Time-of-check to time-of-use vulnerabilities and concurrency issues.
- File Upload Vulnerability Exploitation - Bypassing validation, web shells, and RCE via uploads.
- GraphQL Security Testing - Introspection queries, field-based attacks, and batching vulnerabilities.
- HTTP Parameter Pollution - Parameter override and validation bypass techniques.
- HTTP Request Smuggling - Desync attacks and front-end/back-end confusion exploits.
- Password Hash Cracking & Analysis - Identifying hash types and cracking strategies.
- Insecure Direct Object References - Horizontal and vertical privilege escalation via ID manipulation.
- Injection Attack Mastery - LDAP, NoSQL, OS command, and expression language injections.
- Local & Remote File Inclusion - Path traversal, file reading, and remote code execution.
- OAuth 2.0 & OpenID Exploitation - Redirect URI manipulation, code injection, and token theft.
- Open Redirect Vulnerabilities - URL validation bypass and phishing leverage techniques.
- JavaScript Prototype Pollution - Client-side prototype manipulation leading to RCE.
- Structured Query Language Injection - Union, boolean, time-based, and out-of-band SQL injection.
- Server-Side Request Forgery - Internal network scanning, cloud metadata access, and port probing.
- Server-Side Template Injection - Template engine exploitation for RCE in Jinja2, Twig, Freemarker.
- Session Fixation Attacks - Session hijacking via forced session identifiers.
- Supply Chain Security Attacks - Dependency confusion, typosquatting, and CI/CD poisoning.
- Tabnabbing & Reverse Tabnabbing - Phishing via tab navigation manipulation.
- Virtual Host Discovery & Exploitation - Finding hidden vhosts and misconfigured virtual hosting.
- Web Cache Deception - Caching sensitive pages and user-specific content.
- WebSocket Security Testing - Cross-site WebSocket hijacking and message manipulation.
- Web Shell Deployment & Management - Uploading, hiding, and maintaining web-based backdoors.
- XML External Entity Injection - File disclosure, SSRF, and DoS via XML parsers.
- Cookie Padding & Smuggling - Cookie-based injection and padding oracle attacks.
- Content Security Policy Bypasses - CSP evaluation and common misconfiguration exploitation.
- HTTP Header Injection Techniques - Host header, X-Forwarded-For, and custom header injection.
- Cross-Site Scripting Mastery - Reflected, stored, DOM-based XSS and modern filter bypasses.
Platform-Specific Security Testing - Specialized exploitation techniques for popular web frameworks, servers, and infrastructure components.
- ASP.NET Security Assessment - ViewState deserialization, machine key attacks, and IIS misconfigurations.
- Apache Tomcat Exploitation Guide - Manager app brute force, JSP uploads, and CVE exploitation.
- CI/CD Pipeline Security Testing - Jenkins, GitHub Actions, GitLab CI misconfigurations and poisoning.
- ELK Stack Security Assessment - Elasticsearch Groovy sandbox escapes and Kibana vulnerabilities.
- General Exploitation Methodology - Structured approach to vulnerability exploitation and privilege escalation.
- Buffer Overflow Exploitation - Stack-based, heap-based, and ROP chain exploitation.
- Command & Control Framework Exploitation - Cobalt Strike, Mythic, Covenant detection and mitigation.
- File Transfer Protocol Exploitation - FTP, SMB, SCP data exfiltration and pivot techniques.
- Firebase Security Testing - Insecure Firestore rules and real-time database enumeration.
- Firebird Database Exploitation - Database misconfigurations and SQL injection in Firebird.
- Flask Application Security - Debug mode RCE, template injection, and session forgery.
- Complete Recon to Root Methodology - Full penetration testing lifecycle from enumeration to domain compromise.
- GitHub Security & Leak Detection - Secret scanning, workflow poisoning, and repository reconnaissance.
- GitLab Security Testing - CI/CD exploitation, registry attacks, and privilege escalation.
- JSON Web Token Attacks - Algorithm confusion, signature bypass, and key injection.
- Jenkins Hardening & Exploitation - Groovy script RCE, credential harvesting, and pipeline attacks.
- Joomla CMS Penetration Testing - Component vulnerabilities, template exploitation, and admin bypass.
- Linux Kernel Exploitation - Privilege escalation via kernel vulnerabilities and LPE techniques.
- Multi-Factor Authentication Bypass - MFA fatigue, bypass codes, and session hijacking methods.
- NoSQL Injection Complete Guide - MongoDB, CouchDB operator injection and payload crafting.
- OAuth 2.0 Exploitation Deep Dive - Implementation flaws, redirect URI manipulation, and token leakage.
- OpenID Connect Security - ID token manipulation and authentication bypass techniques.
- Privilege Escalation Methods - Linux, Windows, and container privilege escalation vectors.
- Remote Code Execution Techniques - RCE via deserialization, injection, and file operations.
- Reverse Shell Mastery - One-liner reverse shells and interactive shell upgrades.
- SaaS Application Security Testing - Multi-tenant testing, SSO bypass, and tenant isolation attacks.
- Web Application Firewall Evasion - Bypassing ModSecurity, Cloudflare, AWS WAF, and custom rules.
- WebDAV Exploitation Guide - PUT method attacks and WebDAV misconfiguration exploitation.
- WordPress Penetration Testing - Plugin enumeration, theme exploits, and admin takeover.
Curated collection of quick-reference cheatsheets, reusable templates, and targeted wordlists designed to accelerate bug bounty hunting and penetration testing workflows.
Quick Reference Guides for Vulnerability Detection - Concise cheatsheets with payloads, commands, and detection techniques.
- API Security Testing Cheatsheet - REST, GraphQL, and SOAP API testing commands and payloads.
- ASP.NET Security Reference - ViewState attacks, machine key tools, and IIS bypasses.
- Broken Links Discovery Guide - Tools and patterns for finding dangling markup and broken references.
- Brute Forcing Commands Reference - Hydra, Medusa, and custom wordlist generation commands.
- Buffer Overflow Payload Guide - Pattern creation, offset finding, and ROP gadget lists.
- CRLF Injection Payloads - Common CRLF sequences and log injection patterns.
- CSRF Testing Commands - Token extraction and forged request generation techniques.
- Clickjacking Bypass Guide - Frame buster bypasses and UI redressing templates.
- Command Injection Payloads - OS command injection patterns and filter bypasses.
- Cookie Padding Techniques - Cookie-based injection and padding oracle exploitation.
- Web Crawling Command Reference - FFUF, GoBuster, and custom crawler command examples.
- CORS Misconfiguration Exploitation - Origin reflection and preflight bypass techniques.
- DNS Rebinding Attack Patterns - DNS manipulation techniques and payload examples.
- WebDAV Testing with DavTest - WebDAV configuration scanning and exploitation commands.
- Deserialization Exploit Guide - Java, PHP, Python gadget chains and YSOSERIAL usage.
- Elasticsearch Exploitation - Groovy script execution and database dumping commands.
- Email Attack Cheatsheet - SMTP injection, email spoofing, and phishing templates.
- File Transfer Exploitation - Data exfiltration via HTTP, DNS, and ICMP tunnels.
- File Upload Bypass Guide - MIME type, extension, and content validation bypasses.
- Firebase Security Commands - Firestore enumeration and insecure rule detection.
- Firebird Database Attacks - SQL injection and database misconfiguration exploitation.
- Flask Security Testing Commands - Debug mode RCE and session forgery techniques.
- GitHub Security Commands - Secret scanning tools and repository enumeration commands.
- GitLab Security Reference - CI/CD exploitation and registry attack commands.
- GraphQL Pentesting Commands - Introspection queries and batching attack payloads.
- HTTP Parameter Pollution Guide - Parameter override and validation bypass patterns.
- HTTP Request Smuggling Payloads - CL.TE, TE.CL, and TE.TE desync payloads.
- IDOR Discovery Commands - Parameter enumeration and ID manipulation techniques.
- JWT Attack Reference - Algorithm confusion, none algorithm, and key injection payloads.
- Jenkins Exploitation Commands - Groovy script RCE and credential harvesting techniques.
- Joomla Security Testing - Component enumeration and admin bypass commands.
- Linux Kernel Exploit Reference - LPE exploit compilation and execution commands.
- LFI & RFI Payload Guide - Path traversal and remote file inclusion patterns.
- MFA/2FA Bypass Techniques - MFA fatigue, bypass codes, and session hijacking.
- Modern C2 Framework Commands - Cobalt Strike, Mythic usage and detection.
- NoSQL Injection Payloads - MongoDB operator injection and authentication bypass.
- OAuth 2.0 Testing Guide - Redirect URI manipulation and authorization code injection.
- OAuth 1.0 Security Reference - Signature validation and parameter injection attacks.
- OpenID Connect Commands - ID token manipulation and authentication bypass.
- Open Redirect Payloads - URL validation bypass and redirect chain exploitation.
- Payload Generation Reference - Common reverse shell, RCE, and injection payloads.
- Privilege Escalation Commands - Linux, Windows, and container LPE checklists.
- Prototype Pollution Payloads - Client-side and server-side prototype pollution patterns.
- Race Condition Testing Guide - Turbo Intruder scripts and concurrent request patterns.
- Complete Recon to Exploit Reference - Full methodology commands from enumeration to compromise.
- Reverse Shell One-Liners - Bash, Python, PHP, PowerShell reverse shell commands.
- SQL Injection Payloads - Union, boolean, time-based, and out-of-band injection patterns.
- SaaS Security Testing Commands - Multi-tenant isolation testing and SSO bypass.
- SSRF Payload Reference - Cloud metadata endpoints and internal network probing.
- SSTI Payload Guide - Jinja2, Twig, Freemarker RCE payloads.
- Session Fixation Techniques - Session ID injection and hijacking methods.
- Supply Chain Attack Commands - Dependency confusion and typosquatting techniques.
- Tabnabbing Exploitation - Reverse tabnabbing payloads and phishing templates.
- Tomcat Security Commands - Manager app brute force and WAR upload methods.
- Virtual Host Discovery Guide - VHost enumeration tools and misconfiguration detection.
- WAF Bypass Techniques - Cloudflare, ModSecurity, and AWS WAF evasion patterns.
- Web Cache Deception Payloads - Cache poisoning and sensitive page caching patterns.
- Web Exploitation & C2 Commands - Web shell deployment and C2 framework usage.
- WebSocket Security Reference - Cross-site WebSocket hijacking and message injection.
- Web Shell Commands Guide - Popular web shells and backdoor management techniques.
- WordPress Testing Commands - WPScan usage and plugin exploitation methods.
- XXE Injection Payloads - File disclosure, SSRF, and DoS via XML external entities.
- Content Security Policy Guide - CSP evaluation and misconfiguration detection.
- Hash Identification & Cracking - Hash type identification and cracking commands.
- HTTP Header Injection Guide - Host header and custom header injection patterns.
- Common Ports Reference - Service identification and default port numbers.
- Web Penetration Commands - Consolidated web testing command reference.
- XSS Payload Cheatsheet - Reflected, stored, and DOM-based XSS payloads.
Professional Bug Report Templates - Standardized templates for submitting security vulnerabilities to bug bounty programs.
- Bug Report Submission Template - Structured format with severity assessment, PoC, and remediation guidance.
Targeted Wordlists for Discovery & Fuzzing - Curated wordlists for subdomain enumeration, directory brute forcing, and payload delivery.
- Custom Subdomain Enumeration Wordlist - Curated list of common subdomains for asset discovery.
- Small Directory Brute Force Wordlist - Compact directory fuzzing list for quick scans.
- XSS Payload Collection - Comprehensive list of XSS payloads for filter bypass testing.
Automation scripts, exploitation utilities, and reconnaissance tools built specifically for bug bounty workflows. Each tool is documented with usage examples and configuration options.
Bug Bounty Automation Workflows - Scripts to automate repetitive tasks and streamline bounty hunting.
- Complete Bug Bounty Automation Workflow - Bash script for automated recon, scanning, and reporting pipeline.
- Reconnaissance Automation Pipeline - GitHub Actions workflow for scheduled asset discovery and monitoring.
Vulnerability Exploitation Utilities - Specialized tools for exploiting specific vulnerability classes.
- SQL Injection Automated Tester - Python script for detecting and exploiting SQL injection vulnerabilities.
- Cross-Site Scripting Scanner - Automated XSS detection with DOM-based vulnerability support.
Asset Discovery & Enumeration Utilities - Tools for mapping attack surfaces and discovering hidden assets.
- Reconnaissance Tool Documentation - Setup, configuration, and usage guides for all recon tools.
- Subdomain Enumeration Script - Python-based subdomain discovery using multiple data sources.
- URL Collection & Analysis Tool - Bash script for gathering and analyzing URLs from various sources.
Helper Utilities for Testing Workflows - Supporting tools for payload generation and wordlist management.
- Custom Payload Generator - Python script for creating targeted injection payloads.
- Wordlist Merger & Deduplicator - Bash utility for combining and cleaning wordlists.
Real-world bug bounty reports, vulnerability disclosures, and lessons learned from actual security research engagements.
- Slack Vulnerability Write-up - Detailed analysis of a discovered vulnerability in Slack's infrastructure.
- Write-ups Repository Index - Complete catalog of all write-ups with severity ratings and bounty amounts.
| Category | Total Items |
|---|---|
| Methodologies - Web Penetration | 38 |
| Methodologies - Web Technologies | 29 |
| Cheatsheets | 68 |
| Report Templates | 1 |
| Wordlists | 3 |
| Automation Tools | 2 |
| Exploitation Tools | 2 |
| Reconnaissance Tools | 3 |
| Utility Tools | 2 |
| Write-ups | 1+ |
We welcome contributions! Please review our guidelines before submitting:
- Read the Code of Conduct
- Review Security Policy for vulnerability disclosure
- Submit pull requests with clear documentation
- Ensure all techniques are for authorized testing only
This repository contains real exploitation techniques. Unauthorized use against systems without permission is a CRIMINAL OFFENSE under laws including:
- Computer Fraud and Abuse Act (CFAA) - USA
- Computer Misuse Act - UK
- Similar cybercrime laws worldwide
By using this repository, you agree to:
- Use content ONLY on authorized systems
- Obtain written permission before testing
- Report vulnerabilities responsibly
- Never use these techniques maliciously
