How to Contribute
A complete guide to contributing to the Bug Bounty Knowledge Base. Whether you're fixing a typo, adding a new methodology, or building a tool β this guide has you covered.
- Code of Conduct
- Ways to Contribute
- Getting Started
- Contribution Workflow
- Style Guides
- Commit Message Conventions
- Pull Request Process
- Review Process
- Recognition & Credits
Read this first. All contributors must adhere to our Code of Conduct.
In short:
- Be respectful and inclusive
- No harassment, trolling, or personal attacks
- Focus on constructive feedback
- Respect ethical boundaries β all contributions must be for authorized testing only
- Report unacceptable behavior to the maintainers
Violations may result in removal from the community.
Every contribution matters. Here's how you can help, from smallest to largest effort:
| Contribution Type | Time Required | Impact |
|---|---|---|
| Fix typos and grammar | 5-10 minutes | π Improves readability |
| Improve existing explanations | 15-30 minutes | π§ Helps beginners understand better |
| Add missing references/links | 10-20 minutes | π Better interconnectedness |
| Report outdated techniques | 5 minutes | π Keeps content current |
| Suggest new content ideas | 10 minutes | π‘ Shapes the roadmap |
| Contribution Type | Time Required | Impact |
|---|---|---|
| Write a new cheatsheet | 1-2 hours | β‘ Quick reference for others |
| Add a write-up | 1-3 hours | π Real-world learning material |
| Improve existing tools | 2-4 hours | π οΈ Better functionality |
| Create a new wordlist | 1-2 hours | π― Better recon results |
| Translate existing content | 2-5 hours | π Accessibility |
| Contribution Type | Time Required | Impact |
|---|---|---|
| Write a full methodology | 3-8 hours | βοΈ New attack knowledge |
| Build a new tool/script | 5-20 hours | π€ Automation for everyone |
| Create a course module | 5-15 hours | π Structured learning |
| Add a target profile (e.g., HackerOne, Bugcrowd) | 3-6 hours | π― Platform intelligence |
| Comprehensive security research | Ongoing | π¬ Pushing boundaries |
# Fork the repository (do this on GitHub.com first)
# Clone your fork
git clone https://github.com/YOUR-USERNAME/bug-bounty.git
cd bug-bounty
# Add the upstream remote
git remote add upstream https://github.com/aw-junaid/bug-bounty.git
# Verify remotes
git remote -v
# origin https://github.com/YOUR-USERNAME/bug-bounty.git (fetch)
# origin https://github.com/YOUR-USERNAME/bug-bounty.git (push)
# upstream https://github.com/aw-junaid/bug-bounty.git (fetch)
# upstream https://github.com/aw-junaid/bug-bounty.git (push)
# Create a branch for your contribution
git checkout -b contribution/my-awesome-addition| Source | Link |
|---|---|
GitHub Issues labeled good first issue
|
Issues |
GitHub Issues labeled help wanted
|
Issues |
| Content that needs improvement | Search repo for TODO, FIXME, WIP
|
| Your own ideas | Open an issue first to discuss |
Always work from the latest version:
# Fetch upstream changes
git fetch upstream
# Switch to main branch
git checkout main
# Merge upstream changes
git merge upstream/main
# Update your fork on GitHub
git push origin main
# Rebase your contribution branch
git checkout contribution/my-awesome-addition
git rebase mainβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CONTRIBUTION LIFECYCLE β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βββββββββββββ΄ββββββββββββ
βΌ βΌ
ββββββββββββββββ ββββββββββββββββ
β Open an β β Find an β
β Issue β β existing β
β (New idea) β β issue β
ββββββββ¬ββββββββ ββββββββ¬ββββββββ
β β
βββββββββββββ¬ββββββββββββ
βΌ
βββββββββββββββββββββββ
β Discuss & Get β
β Approval β
ββββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββββ
β Fork & Clone β
ββββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββββ
β Create Branch β
ββββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββββ
β Make Changes β
β Follow Style β
β Guides β
ββββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββββ
β Test Your β
β Changes β
ββββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββββ
β Commit with β
β Proper Message β
ββββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββββ
β Push to Your β
β Fork β
ββββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββββ
β Open Pull β
β Request β
ββββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββββ
β Address Review β
β Feedback β
ββββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββββ
β PR Merged! π β
βββββββββββββββββββββββ
Consistency makes the repository maintainable. Follow these conventions for every contribution.
# Use Title Case for Top-Level Headings
## Use Title Case for Second-Level Headings
### Use Title Case for Third-Level Headings
#### Use Title Case for Fourth-Level Headings (Rarely Needed)
**Bold** for emphasis on key terms, tools, and warnings.
*Italic* for file paths, variable names, and light emphasis.
`inline code` for commands, payloads, file names, and technical terms.
> Blockquotes for important notes, tips, and warnings.
---
Horizontal rules (`---`) to separate major sections.All new methodology files should follow this structure:
# [Vulnerability/Technology Name]
> A one-sentence description of what this guide covers.
## π Table of Contents (Optional, for long guides)
- [Overview](#overview)
- [Detection](#detection)
- [Exploitation](#exploitation)
- [Advanced Techniques](#advanced-techniques)
- [Remediation](#remediation)
- [References](#references)
---
## Overview
Brief explanation of the vulnerability/technology. What is it? Why does it matter?
- **Severity:** Critical / High / Medium / Low
- **Prerequisites:** What you need to know before reading
- **Common In:** Where this vulnerability typically appears
---
## Detection
How to identify if this vulnerability exists.
### Manual Detection
Step-by-step manual testing approach.
### Automated Detection
Tools and commands to detect at scale.
```bash
# Example command
tool-name --target https://example.com --check xssSimple, reliable exploitation techniques.
Payload:
<insert payload here>
Steps:
- Step one with explanation
- Step two with explanation
- Verify the impact
Bypasses, chaining, and advanced scenarios.
Brief guidance on fixing the vulnerability (for reports).
β οΈ Warning: Standard ethical testing disclaimer.
### Cheatsheet File Template
Cheatsheets should be concise and command-focused:
```markdown
# [Topic] Cheatsheet
> Quick reference for [vulnerability/technology].
## Common Payloads
```payload
payload1
payload2
# Tool-specific commands
tool-name --flag value| Technique | Payload/Command | Notes |
|---|---|---|
| Technique 1 | payload |
When to use |
| Technique 2 | payload |
When to use |
# One-liner for quick check
curl -s "https://target.com/?param=test"
### Write-up File Template
```markdown
# [Target/Program Name] β [Vulnerability Summary]
| Field | Details |
|:---|:---|
| **Program** | HackerOne / Bugcrowd / Private |
| **Target** | example.com |
| **Vulnerability** | Stored XSS, IDOR, SSRF, etc. |
| **Severity** | Critical / High / Medium / Low |
| **Bounty** | $X,XXX (if applicable) |
| **Date** | Month Year |
---
## Summary
One paragraph explaining what was found and its impact.
---
## Reconnaissance
How the target was discovered and analyzed.
---
## Discovery
How the vulnerability was found.
---
## Exploitation / Proof of Concept
Step-by-step reproduction with screenshots and code blocks.
```http
GET /vulnerable-endpoint HTTP/1.1
Host: example.com
What an attacker could achieve with this vulnerability.
How the vulnerability was or should be fixed.
| Date | Event |
|---|---|
| Date 1 | Reported |
| Date 2 | Triaged |
| Date 3 | Resolved |
| Date 4 | Bounty Awarded |
What you learned from finding and reporting this bug.
### Tool/Script File Standards
**Python Scripts:**
```python
#!/usr/bin/env python3
"""
Tool Name: Short description of what this tool does.
Usage:
python3 tool-name.py --target https://example.com
Dependencies:
pip3 install requests beautifulsoup4
Author: Your Name (@yourhandle)
License: MIT
"""
import argparse
import sys
from typing import Optional
def main():
"""Main execution function."""
parser = argparse.ArgumentParser(
description="Tool description"
)
parser.add_argument(
"--target",
required=True,
help="Target URL to test"
)
args = parser.parse_args()
# Tool logic here
print(f"[+] Testing {args.target}")
if __name__ == "__main__":
try:
main()
except KeyboardInterrupt:
print("\n[!] Interrupted by user")
sys.exit(1)
Bash Scripts:
#!/bin/bash
#
# Script Name: Short description
#
# Usage: ./script-name.sh <target>
#
# Dependencies: tool1, tool2
#
# Author: Your Name (@yourhandle)
# License: MIT
set -euo pipefail # Exit on error, undefined var, pipe failure
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
function usage() {
echo "Usage: $0 <target-domain>"
echo "Example: $0 example.com"
exit 1
}
# Check arguments
if [ $# -ne 1 ]; then
usage
fi
TARGET="$1"
echo -e "${GREEN}[+] Starting scan on $TARGET${NC}"
# Script logic here| Content Type | Naming Convention | Example |
|---|---|---|
| Methodology (Web Pen) | Descriptive Name.md |
File Upload Vulnerabilities.md |
| Methodology (Web Tech) | Platform/Technology Name.md |
WordPress Penetration Testing.md |
| Cheatsheet | Same Name as Methodology.md |
File Upload.md |
| Course Module | Descriptive-Topic-Name.md |
Python-Programming.md |
| Tool (Python) | kebab-case-name.py |
sql-injection-tester.py |
| Tool (Bash) | kebab-case-name.sh |
url-collector.sh |
| Write-up | target-name.md |
slack.md |
| Wordlist | descriptive-name.txt |
xss-payloads.txt |
Do:
- β Use clear, concise language
- β Include practical examples and commands
- β Add code blocks with syntax highlighting
- β Link to related resources within the repo
- β Include detection steps before exploitation
- β Add the standard ethical warning at the end
- β Cite sources and references
Don't:
- β Copy-paste from other sources without attribution
- β Include actual client data or real targets
- β Use overly technical jargon without explanation
- β Skip the detection phase β exploitation without detection is useless
- β Add broken or unverified commands/payloads
- β Include malicious or destructive payloads without warnings
Follow the Conventional Commits specification.
<type>(<scope>): <short description>
[optional body]
[optional footer(s)]
| Type | When to Use |
|---|---|
feat |
Adding a new methodology, tool, cheatsheet, or feature |
fix |
Fixing a bug, typo, broken command, or incorrect information |
docs |
Documentation-only changes (README, comments, wiki) |
style |
Formatting, markdown linting, whitespace (no content change) |
refactor |
Restructuring code without changing behavior |
test |
Adding or updating tests |
chore |
Maintenance tasks, dependency updates |
| Scope | For Changes To |
|---|---|
methodology |
Files in methodologies/
|
cheatsheet |
Files in resources/cheatsheets/
|
wordlist |
Files in resources/wordlists/
|
template |
Files in resources/templates/
|
tool |
Files in tools/
|
course |
Files in course/
|
write-up |
Files in write-ups/
|
profile |
Files in profiles/
|
docs |
Root documentation files |
workflow |
CI/CD and automation files |
Good Commits:
feat(methodology): add HTTP Request Smuggling methodology
Added comprehensive guide covering CL.TE, TE.CL, and TE.TE
desync attacks with detection and exploitation techniques.
Includes real-world examples and Nuclei template references.
Closes #42fix(cheatsheet): correct SQLi union payload syntax
Fixed incorrect column count enumeration syntax in the
ORDER BY technique section. Updated with verified payloads.
Reported-by: @security-researcherdocs(readme): update installation instructions for macOS
Added Homebrew commands and fixed Python path references
for Apple Silicon Macs.feat(tool): add GraphQL introspection scanner
New Python script for automated GraphQL endpoint discovery
and schema enumeration. Supports query depth analysis.
Co-authored-by: @contributor <email@example.com>chore(wordlist): merge and deduplicate directory wordlist
Removed 200+ duplicate entries and sorted alphabetically
for better performance with ffuf and gobuster.Bad Commits (Avoid These):
# Too vague
fix stuff
# No type specified
updated the file
# Too long, should be in body
feat: added a new methodology and also fixed a bug and updated some docs and changed some formatting
# No scope
feat: add new guideChecklist:
- Your branch is up-to-date with
upstream/main - You've followed the relevant style guide
- Commands and payloads are verified and working
- Code is tested (for tools/scripts)
- No sensitive data is included
- Links to related issues are in the PR description
- You've read the Code of Conduct
Follow the same convention as commits:
<type>(<scope>): <short description>
Copy this template into your pull request:
## Description
<!-- Brief description of what this PR does -->
## Type of Change
- [ ] New methodology
- [ ] New cheatsheet
- [ ] New tool/script
- [ ] New write-up
- [ ] New wordlist
- [ ] Bug fix
- [ ] Documentation improvement
- [ ] Other: ___________
## Related Issues
<!-- Link to issues this PR addresses -->
Closes #___
## Testing Performed
<!-- How did you test your changes? -->
- [ ] Verified all commands/payloads
- [ ] Tested tool/script on sample target
- [ ] Checked markdown formatting
- [ ] Reviewed for sensitive data
## Screenshots (if applicable)
<!-- Add screenshots of tool output, markdown rendering, etc. -->
## Checklist
- [ ] I have read the [Code of Conduct](CODE_OF_CONDUCT.md)
- [ ] I have followed the [Style Guides](link-to-wiki)
- [ ] My commits follow [conventional commits](https://www.conventionalcommits.org/)
- [ ] All content is for authorized testing only
- [ ] I have added appropriate references and citations
- [ ] No sensitive or proprietary data is includedβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β PULL REQUEST LIFECYCLE β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββ
β PR Opened β
β (Draft or Ready) β
ββββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββββ
β Automated Checks β
β β’ Linting β
β β’ Links valid? β
β β’ Commit format? β
ββββββββββββ¬βββββββββββ
β
ββββββββββββββ΄βββββββββββββ
βΌ βΌ
ββββββββββββ ββββββββββββββββ
β Checks β β Checks Fail β
β Pass β β β Fix & Push β
ββββββ¬ββββββ ββββββββββββββββ
βΌ
βββββββββββββββββββ
β Maintainer β
β Review β
ββββββββββ¬βββββββββ
β
ββββββββββ΄βββββββββ
βΌ βΌ
ββββββββββββ ββββββββββββββββ
β Approved β β Changes β
β β β Requested β
ββββββ¬ββββββ ββββββββ¬ββββββββ
β β
β βΌ
β ββββββββββββββββ
β β Author Makes β
β β Changes β
β ββββββββ¬ββββββββ
β β
β βΌ
β ββββββββββββββββ
β β Re-Review β
β ββββββββ¬ββββββββ
β β
βββββββββββββββββ
β
βΌ
βββββββββββββββββββ
β PR Merged! π β
βββββββββββββββββββ
| Aspect | What We Check |
|---|---|
| Accuracy | Are commands correct? Are payloads valid? Are techniques up-to-date? |
| Style | Does it follow the style guide? Is formatting consistent? |
| Completeness | Does it have detection AND exploitation? Are references included? |
| Ethics | Are warnings present? Is there any sensitive data? |
| Integration | Does it link to related resources? Does it fit the overall structure? |
| Originality | Is it original content? Are sources properly cited? |
| PR Type | Typical Review Time |
|---|---|
| Typo/Documentation fix | 1-3 days |
| Cheatsheet/Wordlist | 3-5 days |
| Methodology | 5-10 days |
| New Tool/Script | 7-14 days |
| Major new feature | 14-30 days (discussion required) |
Tip: Open an issue and discuss before starting major contributions. This prevents wasted effort if the idea doesn't fit the project direction.
- Be open to suggestions β reviewers want to help improve your contribution
- Ask questions β if feedback is unclear, ask for clarification
- Push updates β make changes on your branch; the PR updates automatically
- Be patient β maintainers are volunteers with limited time
| Contribution Type | Recognition |
|---|---|
| Merged PR | Name in contributors list, mention in release notes |
| Major methodology | Attribution in the file header |
| New tool | Attribution in script docstring |
| Write-up | Your name and handle on the write-up |
| Bug fixes | Mentioned in commit history |
| Long-term contributor | Core contributor status, maintainer consideration |
βββββββββββββββββββββββββββββββββββββββββββ
β CONTRIBUTOR JOURNEY β
βββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββ
β First-time β
β Contributor β
β (1 merged PR) β
ββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββ
β Regular β
β Contributor β
β (5+ merged PRs) β
ββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββ
β Core β
β Contributor β
β (15+ merged PRs, β
β consistent β
β quality) β
ββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββ
β Maintainer β
β (Invitation only,β
β review & merge β
β permissions) β
βββββββββββββββββββββ
- GraphQL subscription-based attacks
- WebRTC security testing
- gRPC API penetration testing
- Kubernetes API exploitation
- AWS Lambda security testing
- Terraform state file exploitation
- Service mesh (Istio/Linkerd) attacks
- WebAssembly security considerations
- AI/LLM prompt injection in web apps
- IoT web interface testing
- GraphQL batch query fuzzer
- JWT brute forcer with key validation
- OAuth flow analyzer and debugger
- Multi-cloud metadata SSRF checker
- WebSocket message fuzzer
- DOM-based XSS scanner with headless browser
- CI/CD pipeline security scanner
- Dependency confusion checker
- Subdomain takeover checker with cloud provider validation
- API schema diff tool (compare documented vs actual API)
- More write-ups (any bounty, any platform)
- Wordlists for specific technologies (GraphQL endpoints, API paths)
- Bug report examples (anonymized)
- Cheatsheets for missing tools
- Platform profiles (Synack, Intigriti, YesWeHack)
- Course modules on specific topics (API security, cloud testing)
| Need Help With | Where to Go |
|---|---|
| Understanding the codebase | Understanding the Repository Structure |
| Setting up your environment | Getting Started Guide for Bug Hunters |
| Discussing an idea | Open an Issue |
| Quick questions | Discord Community |
| Style guide questions | This page β leave a comment on the PR |
| Review process questions | This page β tag @awjunaid in your PR |
All contributions must be for authorized security testing and educational purposes only. Do not submit:
- Exploits targeting real companies without permission
- Stolen or proprietary data
- Malicious code designed to cause harm
- Content that encourages illegal activity
Violations will result in immediate PR rejection and potential removal from the community.
| Page | Link |
|---|---|
| Code of Conduct | CODE_OF_CONDUCT.md |
| Security Policy | SECURITY.md |
| Project Overview | Project Overview & Philosophy |
| Repository Structure | Understanding the Repository Structure |
| FAQ | FAQ |
| Knowledge Base | Tools | Project |
|---|---|---|
| Methodologies Β· Cheatsheets Β· Write-ups Β· Course | Automation Β· Exploitation Β· Recon | Security Policy Β· Code of Conduct Β· License |
β οΈ This repository contains real exploitation techniques. Unauthorized use is a criminal offense under the CFAA, Computer Misuse Act, and equivalent laws worldwide. Use only on systems you own or have explicit written permission to test.
Β© 2026 aw-junaid Β· MIT License
For Security Researchers
Methodologies β’ Cheatsheets β’ Tools β’ Write-ups
- π Wiki Home
- β FAQ
- π Project Overview & Philosophy
- π Getting Started Guide
- π€ How to Contribute
- π Course Materials
- πΊοΈ Repository Structure
- π Glossary of Terms
- βοΈ The Master Attack Flow
Core vulnerability exploitation guides
- API Security Testing
- Brute Force Attacks
- CORS Exploitation
- CRLF Injection
- CSRF
- Clickjacking
- Crawling & Fuzzing
- DNS Rebinding
- Deserialization
- Email Attacks
- Exploit Broken Links
- Race Conditions
- File Upload Vulnerabilities
- GraphQL Security Testing
- HTTP Parameter Pollution
- HTTP Request Smuggling
- Hashes
- IDOR
- Injection Exploitation
- LFI & RFI
- OAuth
- Open Redirect
- Prototype Pollution
- SQL Injection
- SSRF
- SSTI
- Session Fixation
- Supply Chain Attack
- Tabnabbing
- VHost
- Web Cache Deception
- WebSocket Exploitation
- Webshell
- XXE Vulnerabilities
- Cookies Padding
- CSP
- Header Injection
- Cross-Site Scripting (XSS)
Platform-specific exploitation guides
- ASP.NET
- Apache Tomcat
- CI/CD Security
- ELK Stack
- Exploitation Methodologies
- Buffer Overflows
- C2 Frameworks
- File Transfer Exploitation
- Firebase
- Firebird Database
- Flask Application
- From Recon to Root
- GitHub Security
- GitLab
- JWT
- Jenkins
- Joomla
- Linux Kernel Exploitation
- MFA/2FA Exploitation
- NoSQL Injection
- OAuth Exploitation
- OpenID Connect
- Privilege Escalation
- Remote Code Execution
- Reverse Shells
- SaaS Security Testing
- WAF
- WebDAV
- WordPress Penetration Testing
Quick-reference payloads & commands
- API Security
- ASP.NET
- Broken Links
- Bruteforcing
- Buffer Overflow
- CRLF Injection
- CSRF
- Clickjacking
- Command Injection
- Cookie Padding
- Crawling
- CORS
- CSP
- DNS Rebinding
- DavTest
- Deserialization
- Elasticsearch
- Email Attacks
- File Transfer
- File Upload
- Firebase
- Firebird
- Flask
- GitHub Security
- GitLab
- GraphQL
- HTTP Parameter Pollution
- HTTP Request Smuggling
- Hashes
- Header Injection
- IDOR
- JWT
- Jenkins
- Joomla
- Linux Kernel Exploits
- LFI & RFI
- MFA/2FA
- Modern C2 Frameworks
- NoSQL Injection
- OAuth
- OAuth 1.0
- OpenID Connect
- Open Redirects
- Payloads
- Ports
- Privilege Escalation
- Prototype Pollution
- Race Conditions
- Recon & Exploitation Reference
- Reverse Shells
- SQL Injection
- SaaS Security Testing
- SSRF
- SSTI
- Session Fixation
- Supply Chain Attacks
- Tabnabbing
- Tomcat Security Testing
- VHosts
- WAFs
- Web Cache Deception
- Web Exploits & C2
- Web Sockets
- Webshells
- WordPress
- XXE
- XSS Cheatsheet
- Web Penetration Commands
π View All 68 Cheatsheets
All cheatsheets are interlinked with their corresponding methodologies. Use the search function (press
t on GitHub) to find a specific one quickly.
- π Bug Report Template
- π Custom Subdomains Wordlist
- π Directory Brute Force Wordlist
- π XSS Payloads Wordlist
βοΈ Automation
π₯ Exploitation
π Reconnaissance
π§ Utilities
| Link | Destination |
|---|---|
| π Wiki Home | Home |
| π Repository | GitHub |
| β FAQ | FAQ |
| π Report a Bug | Security Policy |
| π License | MIT License |
| π¬ Discord | Join Server |
β‘ Stay curious. Hack ethically. Report responsibly.
Β© 2026 @aw-junaid β’ Built with π¬ for the security community