How to Contribute
A complete guide to contributing to the Bug Bounty Knowledge Base. Whether you're fixing a typo, adding a new methodology, or building a tool — this guide has you covered.
- Code of Conduct
- Ways to Contribute
- Getting Started
- Contribution Workflow
- Style Guides
- Commit Message Conventions
- Pull Request Process
- Review Process
- Recognition & Credits
Read this first. All contributors must adhere to our Code of Conduct.
In short:
- Be respectful and inclusive
- No harassment, trolling, or personal attacks
- Focus on constructive feedback
- Respect ethical boundaries — all contributions must be for authorized testing only
- Report unacceptable behavior to the maintainers
Violations may result in removal from the community.
Every contribution matters. Here's how you can help, from smallest to largest effort:
| Contribution Type | Time Required | Impact |
|---|---|---|
| Fix typos and grammar | 5-10 minutes | 📚 Improves readability |
| Improve existing explanations | 15-30 minutes | 🧠 Helps beginners understand better |
| Add missing references/links | 10-20 minutes | 🔗 Better interconnectedness |
| Report outdated techniques | 5 minutes | 📅 Keeps content current |
| Suggest new content ideas | 10 minutes | 💡 Shapes the roadmap |
| Contribution Type | Time Required | Impact |
|---|---|---|
| Write a new cheatsheet | 1-2 hours | ⚡ Quick reference for others |
| Add a write-up | 1-3 hours | 📖 Real-world learning material |
| Improve existing tools | 2-4 hours | 🛠️ Better functionality |
| Create a new wordlist | 1-2 hours | 🎯 Better recon results |
| Translate existing content | 2-5 hours | 🌍 Accessibility |
| Contribution Type | Time Required | Impact |
|---|---|---|
| Write a full methodology | 3-8 hours | ⚔️ New attack knowledge |
| Build a new tool/script | 5-20 hours | 🤖 Automation for everyone |
| Create a course module | 5-15 hours | 🎓 Structured learning |
| Add a target profile (e.g., HackerOne, Bugcrowd) | 3-6 hours | 🎯 Platform intelligence |
| Comprehensive security research | Ongoing | 🔬 Pushing boundaries |
# Fork the repository (do this on GitHub.com first)
# Clone your fork
git clone https://github.com/YOUR-USERNAME/bug-bounty.git
cd bug-bounty
# Add the upstream remote
git remote add upstream https://github.com/aw-junaid/bug-bounty.git
# Verify remotes
git remote -v
# origin https://github.com/YOUR-USERNAME/bug-bounty.git (fetch)
# origin https://github.com/YOUR-USERNAME/bug-bounty.git (push)
# upstream https://github.com/aw-junaid/bug-bounty.git (fetch)
# upstream https://github.com/aw-junaid/bug-bounty.git (push)
# Create a branch for your contribution
git checkout -b contribution/my-awesome-addition| Source | Link |
|---|---|
GitHub Issues labeled good first issue
|
Issues |
GitHub Issues labeled help wanted
|
Issues |
| Content that needs improvement | Search repo for TODO, FIXME, WIP
|
| Your own ideas | Open an issue first to discuss |
Always work from the latest version:
# Fetch upstream changes
git fetch upstream
# Switch to main branch
git checkout main
# Merge upstream changes
git merge upstream/main
# Update your fork on GitHub
git push origin main
# Rebase your contribution branch
git checkout contribution/my-awesome-addition
git rebase main┌─────────────────────────────────────────────────────────────┐
│ CONTRIBUTION LIFECYCLE │
└─────────────────────────────────────────────────────────────┘
│
┌───────────┴───────────┐
▼ ▼
┌──────────────┐ ┌──────────────┐
│ Open an │ │ Find an │
│ Issue │ │ existing │
│ (New idea) │ │ issue │
└──────┬───────┘ └──────┬───────┘
│ │
└───────────┬───────────┘
▼
┌─────────────────────┐
│ Discuss & Get │
│ Approval │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ Fork & Clone │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ Create Branch │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ Make Changes │
│ Follow Style │
│ Guides │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ Test Your │
│ Changes │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ Commit with │
│ Proper Message │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ Push to Your │
│ Fork │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ Open Pull │
│ Request │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ Address Review │
│ Feedback │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ PR Merged! 🎉 │
└─────────────────────┘
Consistency makes the repository maintainable. Follow these conventions for every contribution.
# Use Title Case for Top-Level Headings
## Use Title Case for Second-Level Headings
### Use Title Case for Third-Level Headings
#### Use Title Case for Fourth-Level Headings (Rarely Needed)
**Bold** for emphasis on key terms, tools, and warnings.
*Italic* for file paths, variable names, and light emphasis.
`inline code` for commands, payloads, file names, and technical terms.
> Blockquotes for important notes, tips, and warnings.
---
Horizontal rules (`---`) to separate major sections.All new methodology files should follow this structure:
# [Vulnerability/Technology Name]
> A one-sentence description of what this guide covers.
## 📋 Table of Contents (Optional, for long guides)
- [Overview](#overview)
- [Detection](#detection)
- [Exploitation](#exploitation)
- [Advanced Techniques](#advanced-techniques)
- [Remediation](#remediation)
- [References](#references)
---
## Overview
Brief explanation of the vulnerability/technology. What is it? Why does it matter?
- **Severity:** Critical / High / Medium / Low
- **Prerequisites:** What you need to know before reading
- **Common In:** Where this vulnerability typically appears
---
## Detection
How to identify if this vulnerability exists.
### Manual Detection
Step-by-step manual testing approach.
### Automated Detection
Tools and commands to detect at scale.
```bash
# Example command
tool-name --target https://example.com --check xssSimple, reliable exploitation techniques.
Payload:
<insert payload here>
Steps:
- Step one with explanation
- Step two with explanation
- Verify the impact
Bypasses, chaining, and advanced scenarios.
Brief guidance on fixing the vulnerability (for reports).
⚠️ Warning: Standard ethical testing disclaimer.
### Cheatsheet File Template
Cheatsheets should be concise and command-focused:
```markdown
# [Topic] Cheatsheet
> Quick reference for [vulnerability/technology].
## Common Payloads
```payload
payload1
payload2
# Tool-specific commands
tool-name --flag value| Technique | Payload/Command | Notes |
|---|---|---|
| Technique 1 | payload |
When to use |
| Technique 2 | payload |
When to use |
# One-liner for quick check
curl -s "https://target.com/?param=test"
### Write-up File Template
```markdown
# [Target/Program Name] — [Vulnerability Summary]
| Field | Details |
|:---|:---|
| **Program** | HackerOne / Bugcrowd / Private |
| **Target** | example.com |
| **Vulnerability** | Stored XSS, IDOR, SSRF, etc. |
| **Severity** | Critical / High / Medium / Low |
| **Bounty** | $X,XXX (if applicable) |
| **Date** | Month Year |
---
## Summary
One paragraph explaining what was found and its impact.
---
## Reconnaissance
How the target was discovered and analyzed.
---
## Discovery
How the vulnerability was found.
---
## Exploitation / Proof of Concept
Step-by-step reproduction with screenshots and code blocks.
```http
GET /vulnerable-endpoint HTTP/1.1
Host: example.com
What an attacker could achieve with this vulnerability.
How the vulnerability was or should be fixed.
| Date | Event |
|---|---|
| Date 1 | Reported |
| Date 2 | Triaged |
| Date 3 | Resolved |
| Date 4 | Bounty Awarded |
What you learned from finding and reporting this bug.
### Tool/Script File Standards
**Python Scripts:**
```python
#!/usr/bin/env python3
"""
Tool Name: Short description of what this tool does.
Usage:
python3 tool-name.py --target https://example.com
Dependencies:
pip3 install requests beautifulsoup4
Author: Your Name (@yourhandle)
License: MIT
"""
import argparse
import sys
from typing import Optional
def main():
"""Main execution function."""
parser = argparse.ArgumentParser(
description="Tool description"
)
parser.add_argument(
"--target",
required=True,
help="Target URL to test"
)
args = parser.parse_args()
# Tool logic here
print(f"[+] Testing {args.target}")
if __name__ == "__main__":
try:
main()
except KeyboardInterrupt:
print("\n[!] Interrupted by user")
sys.exit(1)
Bash Scripts:
#!/bin/bash
#
# Script Name: Short description
#
# Usage: ./script-name.sh <target>
#
# Dependencies: tool1, tool2
#
# Author: Your Name (@yourhandle)
# License: MIT
set -euo pipefail # Exit on error, undefined var, pipe failure
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
function usage() {
echo "Usage: $0 <target-domain>"
echo "Example: $0 example.com"
exit 1
}
# Check arguments
if [ $# -ne 1 ]; then
usage
fi
TARGET="$1"
echo -e "${GREEN}[+] Starting scan on $TARGET${NC}"
# Script logic here| Content Type | Naming Convention | Example |
|---|---|---|
| Methodology (Web Pen) | Descriptive Name.md |
File Upload Vulnerabilities.md |
| Methodology (Web Tech) | Platform/Technology Name.md |
WordPress Penetration Testing.md |
| Cheatsheet | Same Name as Methodology.md |
File Upload.md |
| Course Module | Descriptive-Topic-Name.md |
Python-Programming.md |
| Tool (Python) | kebab-case-name.py |
sql-injection-tester.py |
| Tool (Bash) | kebab-case-name.sh |
url-collector.sh |
| Write-up | target-name.md |
slack.md |
| Wordlist | descriptive-name.txt |
xss-payloads.txt |
Do:
- ✅ Use clear, concise language
- ✅ Include practical examples and commands
- ✅ Add code blocks with syntax highlighting
- ✅ Link to related resources within the repo
- ✅ Include detection steps before exploitation
- ✅ Add the standard ethical warning at the end
- ✅ Cite sources and references
Don't:
- ❌ Copy-paste from other sources without attribution
- ❌ Include actual client data or real targets
- ❌ Use overly technical jargon without explanation
- ❌ Skip the detection phase — exploitation without detection is useless
- ❌ Add broken or unverified commands/payloads
- ❌ Include malicious or destructive payloads without warnings
Follow the Conventional Commits specification.
<type>(<scope>): <short description>
[optional body]
[optional footer(s)]
| Type | When to Use |
|---|---|
feat |
Adding a new methodology, tool, cheatsheet, or feature |
fix |
Fixing a bug, typo, broken command, or incorrect information |
docs |
Documentation-only changes (README, comments, wiki) |
style |
Formatting, markdown linting, whitespace (no content change) |
refactor |
Restructuring code without changing behavior |
test |
Adding or updating tests |
chore |
Maintenance tasks, dependency updates |
| Scope | For Changes To |
|---|---|
methodology |
Files in methodologies/
|
cheatsheet |
Files in resources/cheatsheets/
|
wordlist |
Files in resources/wordlists/
|
template |
Files in resources/templates/
|
tool |
Files in tools/
|
course |
Files in course/
|
write-up |
Files in write-ups/
|
profile |
Files in profiles/
|
docs |
Root documentation files |
workflow |
CI/CD and automation files |
Good Commits:
feat(methodology): add HTTP Request Smuggling methodology
Added comprehensive guide covering CL.TE, TE.CL, and TE.TE
desync attacks with detection and exploitation techniques.
Includes real-world examples and Nuclei template references.
Closes #42fix(cheatsheet): correct SQLi union payload syntax
Fixed incorrect column count enumeration syntax in the
ORDER BY technique section. Updated with verified payloads.
Reported-by: @security-researcherdocs(readme): update installation instructions for macOS
Added Homebrew commands and fixed Python path references
for Apple Silicon Macs.feat(tool): add GraphQL introspection scanner
New Python script for automated GraphQL endpoint discovery
and schema enumeration. Supports query depth analysis.
Co-authored-by: @contributor <email@example.com>chore(wordlist): merge and deduplicate directory wordlist
Removed 200+ duplicate entries and sorted alphabetically
for better performance with ffuf and gobuster.Bad Commits (Avoid These):
# Too vague
fix stuff
# No type specified
updated the file
# Too long, should be in body
feat: added a new methodology and also fixed a bug and updated some docs and changed some formatting
# No scope
feat: add new guideChecklist:
- Your branch is up-to-date with
upstream/main - You've followed the relevant style guide
- Commands and payloads are verified and working
- Code is tested (for tools/scripts)
- No sensitive data is included
- Links to related issues are in the PR description
- You've read the Code of Conduct
Follow the same convention as commits:
<type>(<scope>): <short description>
Copy this template into your pull request:
## Description
<!-- Brief description of what this PR does -->
## Type of Change
- [ ] New methodology
- [ ] New cheatsheet
- [ ] New tool/script
- [ ] New write-up
- [ ] New wordlist
- [ ] Bug fix
- [ ] Documentation improvement
- [ ] Other: ___________
## Related Issues
<!-- Link to issues this PR addresses -->
Closes #___
## Testing Performed
<!-- How did you test your changes? -->
- [ ] Verified all commands/payloads
- [ ] Tested tool/script on sample target
- [ ] Checked markdown formatting
- [ ] Reviewed for sensitive data
## Screenshots (if applicable)
<!-- Add screenshots of tool output, markdown rendering, etc. -->
## Checklist
- [ ] I have read the [Code of Conduct](CODE_OF_CONDUCT.md)
- [ ] I have followed the [Style Guides](link-to-wiki)
- [ ] My commits follow [conventional commits](https://www.conventionalcommits.org/)
- [ ] All content is for authorized testing only
- [ ] I have added appropriate references and citations
- [ ] No sensitive or proprietary data is included┌─────────────────────────────────────────────────────────┐
│ PULL REQUEST LIFECYCLE │
└─────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────┐
│ PR Opened │
│ (Draft or Ready) │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ Automated Checks │
│ • Linting │
│ • Links valid? │
│ • Commit format? │
└──────────┬──────────┘
│
┌────────────┴────────────┐
▼ ▼
┌──────────┐ ┌──────────────┐
│ Checks │ │ Checks Fail │
│ Pass │ │ → Fix & Push │
└────┬─────┘ └──────────────┘
▼
┌─────────────────┐
│ Maintainer │
│ Review │
└────────┬────────┘
│
┌────────┴────────┐
▼ ▼
┌──────────┐ ┌──────────────┐
│ Approved │ │ Changes │
│ │ │ Requested │
└────┬─────┘ └──────┬───────┘
│ │
│ ▼
│ ┌──────────────┐
│ │ Author Makes │
│ │ Changes │
│ └──────┬───────┘
│ │
│ ▼
│ ┌──────────────┐
│ │ Re-Review │
│ └──────┬───────┘
│ │
└───────────────┘
│
▼
┌─────────────────┐
│ PR Merged! 🎉 │
└─────────────────┘
| Aspect | What We Check |
|---|---|
| Accuracy | Are commands correct? Are payloads valid? Are techniques up-to-date? |
| Style | Does it follow the style guide? Is formatting consistent? |
| Completeness | Does it have detection AND exploitation? Are references included? |
| Ethics | Are warnings present? Is there any sensitive data? |
| Integration | Does it link to related resources? Does it fit the overall structure? |
| Originality | Is it original content? Are sources properly cited? |
| PR Type | Typical Review Time |
|---|---|
| Typo/Documentation fix | 1-3 days |
| Cheatsheet/Wordlist | 3-5 days |
| Methodology | 5-10 days |
| New Tool/Script | 7-14 days |
| Major new feature | 14-30 days (discussion required) |
Tip: Open an issue and discuss before starting major contributions. This prevents wasted effort if the idea doesn't fit the project direction.
- Be open to suggestions — reviewers want to help improve your contribution
- Ask questions — if feedback is unclear, ask for clarification
- Push updates — make changes on your branch; the PR updates automatically
- Be patient — maintainers are volunteers with limited time
| Contribution Type | Recognition |
|---|---|
| Merged PR | Name in contributors list, mention in release notes |
| Major methodology | Attribution in the file header |
| New tool | Attribution in script docstring |
| Write-up | Your name and handle on the write-up |
| Bug fixes | Mentioned in commit history |
| Long-term contributor | Core contributor status, maintainer consideration |
┌─────────────────────────────────────────┐
│ CONTRIBUTOR JOURNEY │
└─────────────────────────────────────────┘
│
▼
┌───────────────────┐
│ First-time │
│ Contributor │
│ (1 merged PR) │
└────────┬──────────┘
▼
┌───────────────────┐
│ Regular │
│ Contributor │
│ (5+ merged PRs) │
└────────┬──────────┘
▼
┌───────────────────┐
│ Core │
│ Contributor │
│ (15+ merged PRs, │
│ consistent │
│ quality) │
└────────┬──────────┘
▼
┌───────────────────┐
│ Maintainer │
│ (Invitation only,│
│ review & merge │
│ permissions) │
└───────────────────┘
- GraphQL subscription-based attacks
- WebRTC security testing
- gRPC API penetration testing
- Kubernetes API exploitation
- AWS Lambda security testing
- Terraform state file exploitation
- Service mesh (Istio/Linkerd) attacks
- WebAssembly security considerations
- AI/LLM prompt injection in web apps
- IoT web interface testing
- GraphQL batch query fuzzer
- JWT brute forcer with key validation
- OAuth flow analyzer and debugger
- Multi-cloud metadata SSRF checker
- WebSocket message fuzzer
- DOM-based XSS scanner with headless browser
- CI/CD pipeline security scanner
- Dependency confusion checker
- Subdomain takeover checker with cloud provider validation
- API schema diff tool (compare documented vs actual API)
- More write-ups (any bounty, any platform)
- Wordlists for specific technologies (GraphQL endpoints, API paths)
- Bug report examples (anonymized)
- Cheatsheets for missing tools
- Platform profiles (Synack, Intigriti, YesWeHack)
- Course modules on specific topics (API security, cloud testing)
| Need Help With | Where to Go |
|---|---|
| Understanding the codebase | Understanding the Repository Structure |
| Setting up your environment | Getting Started Guide for Bug Hunters |
| Discussing an idea | Open an Issue |
| Quick questions | Discord Community |
| Style guide questions | This page — leave a comment on the PR |
| Review process questions | This page — tag @awjunaid in your PR |
All contributions must be for authorized security testing and educational purposes only. Do not submit:
- Exploits targeting real companies without permission
- Stolen or proprietary data
- Malicious code designed to cause harm
- Content that encourages illegal activity
Violations will result in immediate PR rejection and potential removal from the community.
| Page | Link |
|---|---|
| Code of Conduct | CODE_OF_CONDUCT.md |
| Security Policy | SECURITY.md |
| Project Overview | Project Overview & Philosophy |
| Repository Structure | Understanding the Repository Structure |
| FAQ | FAQ |
| Knowledge Base | Tools | Project |
|---|---|---|
| Methodologies · Cheatsheets · Write-ups · Course | Automation · Exploitation · Recon | Security Policy · Code of Conduct · License |
⚠️ This repository contains real exploitation techniques. Unauthorized use is a criminal offense under the CFAA, Computer Misuse Act, and equivalent laws worldwide. Use only on systems you own or have explicit written permission to test.
© 2026 aw-junaid · MIT License
For Security Researchers
Methodologies • Cheatsheets • Tools • Write-ups
Core vulnerability exploitation guides
- API Security Testing
- Brute Force Attacks
- CORS Exploitation
- CRLF Injection
- CSRF
- Clickjacking
- Crawling & Fuzzing
- DNS Rebinding
- Deserialization
- Email Attacks
- Exploit Broken Links
- Race Conditions
- File Upload Vulnerabilities
- GraphQL Security Testing
- HTTP Parameter Pollution
- HTTP Request Smuggling
- Hashes
- IDOR
- Injection Exploitation
- LFI & RFI
- OAuth
- Open Redirect
- Prototype Pollution
- SQL Injection
- SSRF
- SSTI
- Session Fixation
- Supply Chain Attack
- Tabnabbing
- VHost
- Web Cache Deception
- WebSocket Exploitation
- Webshell
- XXE Vulnerabilities
- Cookies Padding
- CSP
- Header Injection
- Cross-Site Scripting (XSS)
Platform-specific exploitation guides
- ASP.NET
- Apache Tomcat
- CI/CD Security
- ELK Stack
- Exploitation Methodologies
- Buffer Overflows
- C2 Frameworks
- File Transfer Exploitation
- Firebase
- Firebird Database
- Flask Application
- From Recon to Root
- GitHub Security
- GitLab
- JWT
- Jenkins
- Joomla
- Linux Kernel Exploitation
- MFA/2FA Exploitation
- NoSQL Injection
- OAuth Exploitation
- OpenID Connect
- Privilege Escalation
- Remote Code Execution
- Reverse Shells
- SaaS Security Testing
- WAF
- WebDAV
- WordPress Penetration Testing
Quick-reference payloads & commands
- API Security
- ASP.NET
- Broken Links
- Bruteforcing
- Buffer Overflow
- CRLF Injection
- CSRF
- Clickjacking
- Command Injection
- Cookie Padding
- Crawling
- CORS
- CSP
- DNS Rebinding
- DavTest
- Deserialization
- Elasticsearch
- Email Attacks
- File Transfer
- File Upload
- Firebase
- Firebird
- Flask
- GitHub Security
- GitLab
- GraphQL
- HTTP Parameter Pollution
- HTTP Request Smuggling
- Hashes
- Header Injection
- IDOR
- JWT
- Jenkins
- Joomla
- Linux Kernel Exploits
- LFI & RFI
- MFA/2FA
- Modern C2 Frameworks
- NoSQL Injection
- OAuth
- OAuth 1.0
- OpenID Connect
- Open Redirects
- Payloads
- Ports
- Privilege Escalation
- Prototype Pollution
- Race Conditions
- Recon & Exploitation Reference
- Reverse Shells
- SQL Injection
- SaaS Security Testing
- SSRF
- SSTI
- Session Fixation
- Supply Chain Attacks
- Tabnabbing
- Tomcat Security Testing
- VHosts
- WAFs
- Web Cache Deception
- Web Exploits & C2
- Web Sockets
- Webshells
- WordPress
- XXE
- XSS Cheatsheet
- Web Penetration Commands
📋 View All 68 Cheatsheets
All cheatsheets are interlinked with their corresponding methodologies. Use the search function (press
t on GitHub) to find a specific one quickly.
- 📄 Bug Report Template
- 📃 Custom Subdomains Wordlist
- 📃 Directory Brute Force Wordlist
- 📃 XSS Payloads Wordlist
⚙️ Automation
💥 Exploitation
🔍 Reconnaissance
🔧 Utilities
| Link | Destination |
|---|---|
| 🏠 Wiki Home | Home |
| 📁 Repository | GitHub |
| ❓ FAQ | FAQ |
| 🐛 Report a Bug | Security Policy |
| 📄 License | MIT License |
| 💬 Discord | Join Server |
⚡ Stay curious. Hack ethically. Report responsibly.
© 2026 @aw-junaid • Built with 🔬 for the security community