Understanding the Repository Structure

A complete map of every directory and how they interconnect. Learn where everything lives and how to navigate the repository efficiently.

🗺️ Complete Directory Tree

bug-bounty/
├── .github/                          # GitHub configuration files
├── CODE_OF_CONDUCT.md                # Community guidelines
├── LICENSE                           # MIT License
├── README.md                         # Main repository documentation
├── SECURITY.md                       # Vulnerability disclosure policy
├── course/                           # 📚 Structured learning curriculum
├── methodologies/                    # ⚔️ In-depth exploitation guides
├── profiles/                         # 🎯 Platform-specific program intel
├── resources/                        # 📋 Quick references & payloads
├── tools/                            # 🛠️ Automation & exploitation scripts
└── write-ups/                        # ✍️ Real-world bug bounty reports

📂 Repository Root: Core Documents

These files govern the entire project and should be your first stop.

bug-bounty/
├── .github/
│   └── FUNDING.yml            # Sponsor/donation configuration
├── CODE_OF_CONDUCT.md         # Expected behavior & community standards
├── LICENSE                    # MIT License - legal terms of use
├── README.md                  # Project overview, TOC, and installation
└── SECURITY.md                # How to report security issues in this repo

File	Purpose	When to Read
`.github/FUNDING.yml`	Links to donation platforms (Buy Me a Coffee)	When you want to support the project financially
`CODE_OF_CONDUCT.md`	Rules for respectful collaboration and ethical behavior	Before contributing or participating in discussions
`LICENSE`	MIT License — free use, modification, and distribution with attribution	When you need to understand legal usage rights
`README.md`	Project homepage with stats, TOC, and feature overview	First file to read when discovering the project
`SECURITY.md`	Process for reporting vulnerabilities found in this repository	When you discover a bug in this repo's code/tools

Key Principle: Read CODE_OF_CONDUCT.md and README.md before anything else. They set the ethical and navigational foundation.

📚 `course/` — Structured Learning Curriculum

Purpose: A progressive learning path from programming fundamentals to security-specific skills.

course/
├── README.md                              # Course syllabus & learning objectives
├── module-1/                              # Foundation Module
│   ├── Why programming matters in cybersecurity.md
│   ├── Definition and purpose.md
│   ├── Compiled vs Interpreted languages.md
│   ├── How code execution works.md
│   ├── C-Assembly.md
│   ├── Python Programming.md
│   ├── Python.md
│   ├── Running Python Code.md
│   ├── JavaScript for Security Professionals.md
│   ├── Bash-Shell Scripting.md
│   └── programming/                       # Programming deep-dives
│       └── python/
│           ├── Operators.md
│           └── Variables and Data Types.md

What Lives Here

Content	Description
`README.md`	Course syllabus, prerequisites, recommended learning order
`module-1/`	Foundation topics: programming concepts, Python, JavaScript, Bash
`programming/python/`	Language-specific deep dives (operators, variables, data types)

When to Use This

You're a beginner — Start here before touching methodologies
You need programming fundamentals — Python, JavaScript, and Bash are essential for custom tooling
You're mentoring someone — Use the structured modules as a teaching curriculum

How It Connects

course/ ──────────────► methodologies/
(Learn fundamentals)    (Apply to vulnerabilities)
         │
         └──────────────► tools/
                          (Write/modify your own scripts)

Path: Complete the course → Use methodologies for practical testing → Modify tools to fit your workflow.

⚔️ `methodologies/` — In-Depth Exploitation Guides

Purpose: The heart of the repository. Step-by-step guides for finding and exploiting vulnerabilities.

methodologies/
├── README.md                              # Methodology index & usage guide
├── web penetration/                       # Vulnerability-specific testing guides
│   ├── API Penetration.md
│   ├── Bruteforcing.md
│   ├── CORS.md
│   ├── CRLF Injection.md
│   ├── CSRF.md
│   ├── Clickjacking.md
│   ├── Crawling and Fuzzing.md
│   ├── DNS Rebinding.md
│   ├── Deserialization.md
│   ├── Email Attacks.md
│   ├── Exploit Broken Links.md
│   ├── Exploiting Race Conditions.md
│   ├── File Upload Vulnerabilities.md
│   ├── GraphQL.md
│   ├── HTTP Parameter Pollution.md
│   ├── HTTP Request Smuggling.md
│   ├── Hashes.md
│   ├── IDOR.md
│   ├── Injection Exploitation.md
│   ├── LFI and RFI.md
│   ├── OAuth.md
│   ├── Open Redirect.md
│   ├── Prototype Pollution.md
│   ├── SQL Injection.md
│   ├── SSRF.md
│   ├── SSTI.md
│   ├── Session Fixation.md
│   ├── Supply Chain Attack.md
│   ├── Tabnabbing.md
│   ├── VHost.md
│   ├── Web Cache Deception.md
│   ├── WebSocket Exploitation.md
│   ├── Webshell.md
│   ├── XXE Vulnerabilities.md
│   ├── cookies-padding.md
│   ├── csp.md
│   ├── header-injection.md
│   └── xss.md
└── web technologies/                     # Platform & technology-specific guides
    ├── ASP.NET.md
    ├── Apache Tomcat Exploitation.md
    ├── CI-CD Security.md
    ├── ELK Stack Exploitation.md
    ├── Exploitation Methodologies.md      # General exploitation framework
    ├── Exploiting Buffer Overflows.md
    ├── Exploiting C2 Frameworks.md
    ├── File Transfer Exploitation.md
    ├── Firebase Exploitation.md
    ├── Firebird Database.md
    ├── Flask Application Security.md
    ├── From Recon to Root.md              # Full lifecycle methodology
    ├── GitHub Security.md
    ├── GitLab.md
    ├── JWT.md
    ├── Jenkins.md
    ├── Joomla.md
    ├── Linux Kernel Exploitation.md
    ├── MFA-2FA Exploitation.md
    ├── NoSQL Injection Vulnerabilities.md
    ├── OAuth Exploitation.md
    ├── Open ID Connect.md
    ├── Privilege Escalation Exploitation.md
    ├── Remote Code Execution.md
    ├── Reverse Shell Exploitation.md
    ├── SaaS Security Testing.md
    ├── WAF.md
    ├── WebDAV.md
    └── WordPress Penetration Testing.md

Two Sub-Categories Explained

Sub-Directory	Focus	Use When...
`web penetration/`	Vulnerability classes — generic across all platforms	You know the bug type (e.g., SQLi) but not the specific tech stack
`web technologies/`	Specific platforms/frameworks — vendor-specific exploitation	You've identified the technology (e.g., WordPress, Jenkins, Flask)

How They Work Together

                     ┌─────────────────────────┐
                     │   You find a WordPress   │
                     │        website           │
                     └────────────┬────────────┘
                                  │
                    ┌─────────────┴─────────────┐
                    ▼                           ▼
     ┌──────────────────────────┐ ┌──────────────────────────┐
     │ web technologies/        │ │ web penetration/         │
     │ WordPress Penetration    │ │ SQL Injection.md         │
     │ Testing.md               │ │ XSS.md                   │
     │ (Platform-specific       │ │ File Upload              │
     │  recon & exploitation)   │ │ Vulnerabilities.md       │
     │                          │ │ (Generic vulnerability   │
     │                          │ │  testing techniques)     │
     └──────────────────────────┘ └──────────────────────────┘
                    │                           │
                    └─────────────┬─────────────┘
                                  ▼
                     ┌─────────────────────────┐
                     │   Combine both to:       │
                     │   • Find WP plugin vulns │
                     │   • Test generic flaws   │
                     │   • Chain attacks        │
                     └─────────────────────────┘

Key File Highlight

File	Why It's Important
`From Recon to Root.md`	Complete methodology covering the entire pentest lifecycle — start here for a holistic approach
`Exploitation Methodologies.md`	General exploitation framework applicable across all platforms
`Injection Exploitation.md`	Covers LDAP, NoSQL, OS command, and expression language injections in one guide

When to Use Each Methodology

Scenario	Go To
"I found a login form"	`Bruteforcing.md`, `SQL Injection.md`, `Session Fixation.md`
"I found a file upload"	`File Upload Vulnerabilities.md`, `XXE Vulnerabilities.md`
"The site uses OAuth"	`OAuth.md`, `OAuth Exploitation.md`, `Open ID Connect.md`
"It's a WordPress site"	`WordPress Penetration Testing.md` + relevant `web penetration/` files
"There's a GraphQL endpoint"	`GraphQL.md`
"I see JWT tokens"	`JWT.md`
"It's behind Cloudflare"	`WAF.md`, `HTTP Request Smuggling.md`, `Web Cache Deception.md`

🎯 `profiles/` — Platform & Program Intelligence

Purpose: Reconnaissance intel on specific bug bounty platforms and high-value targets.

profiles/
├── bugcrowd/
│   └── README.md                       # Bugcrowd platform overview
└── hackerone/
    ├── README.md                       # HackerOne platform overview
    └── slack/                          # Deep profile on Slack
        ├── slack-tech-stack.md         # Technology stack analysis
        └── slack_full_architecture.html # Architecture diagram

What Lives Here

Content	Description
`bugcrowd/README.md`	Intelligence on Bugcrowd's platform, common program types, and tips
`hackerone/README.md`	Intelligence on HackerOne's platform, program structures
`hackerone/slack/`	Detailed tech stack and architecture analysis of Slack's infrastructure

How This Connects

profiles/ ──────────────► methodologies/web technologies/
(Intel on what target       (Use platform-specific guides
 uses: "Slack uses AWS,       to test identified tech)
 GraphQL, and React")

Usage: Study a target profile → Identify the tech stack → Use matching methodologies to find vulnerabilities.

📋 `resources/` — Quick References & Payloads

Purpose: Everything you need during an active testing session — commands, payloads, templates, and wordlists.

resources/
├── cheatsheets/                        # 68+ quick-reference guides
│   ├── API Security.md
│   ├── ASP.NET.md
│   ├── SQL-Injection.md
│   ├── xss-cheatsheet.md
│   ├── ... (68 files total)
│   └── web-penetration.md              # Consolidated web testing commands
├── templates/                          # Report formats
│   └── bug-report-template.md
├── vulnerabilties/                     # Vulnerability-specific deep dives
│   └── sql/
│       ├── SELECT & Advanced SQL Injection.md
│       ├── SQL Injection – Explained Simply.md
│       ├── sql-injection.md
│       ├── sql.md
│       ├── relational algebra in SQL.md
│       ├── chat_app_pentest_checklist.html
│       ├── login system demo.html
│       ├── questions/                  # Knowledge check exercises
│       │   ├── What is SQL? What is it used for?.md
│       │   ├── What is a database?.md
│       │   ├── What is a relational database?.md
│       │   ├── What does SELECT mean in SQL?.md
│       │   ├── Can you describe SQL injection in your own words?.md
│       │   ├── Can you name some examples of SQL implementations?.md
│       │   ├── common SQL injection commands and manipulation techniques.md
│       │   ├── exploitable SQL commands and syntax.md
│       │   └── how exactly could a malicious user insert an instruction.md
│       └── ... (additional SQL resources)
└── wordlists/                          # Fuzzing & discovery lists
    ├── custom-subdomains.txt           # Subdomain enumeration
    ├── directories-small.txt           # Directory brute forcing
    └── xss-payloads.txt                # XSS payload collection

Resource Types Explained

Sub-Directory	Content Type	Use Case
`cheatsheets/`	Condensed commands and payloads	During active testing — quick copy-paste reference
`templates/`	Bug report format	After finding a bug — document it professionally
`vulnerabilties/`	In-depth vulnerability explanations, demos, and quizzes	Learning a specific vuln deeply — includes HTML demos and knowledge checks
`wordlists/`	Discovery and fuzzing lists	During recon and scanning — feed into ffuf, gobuster, subfinder

The Cheatsheet ↔ Methodology Connection

resources/cheatsheets/SQL-Injection.md  ◄────── Quick payloads
        │
        │  (complements)
        │
        ▼
methodologies/web penetration/SQL Injection.md  ◄── Step-by-step guide

Workflow: Read the Methodology to understand the attack → Use the Cheatsheet for ready-to-use commands during testing.

Special: `vulnerabilties/` Directory

This section contains supplementary learning materials that go beyond the methodologies:

Resource	Format	Purpose
`SQL Injection – Explained Simply.md`	Beginner-friendly explanation	For those new to the concept
`SELECT & Advanced SQL Injection.md`	Advanced techniques	Deep technical exploitation
`sql-injection.md`	Comprehensive guide	Complete reference document
`chat_app_pentest_checklist.html`	Interactive checklist	Practical testing workflow
`login system demo.html`	Live HTML demo	Visual learning of vulnerable code
`questions/`	Quiz format	Self-assessment and knowledge checks
`relational algebra in SQL.md`	Theoretical foundation	Understanding the underlying theory

🛠️ `tools/` — Automation & Exploitation Scripts

Purpose: Custom-built tools that automate reconnaissance, exploitation, and utility tasks.

tools/
├── automation/                         # Workflow orchestration
│   ├── bug-bounty-workflow.sh          # Full recon-to-report pipeline
│   └── recon-automation.yml            # GitHub Actions CI/CD workflow
├── exploitation/                       # Vulnerability-specific testers
│   ├── sqli-tester.py                  # Automated SQL injection detection
│   └── xss-scanner.py                  # Automated XSS vulnerability scanning
├── reconnaissance/                     # Asset discovery
│   ├── README.md                       # Recon tool documentation
│   ├── subdomain-enum.py               # Multi-source subdomain discovery
│   └── url-collector.sh                # URL gathering from various sources
└── utilities/                          # Helper scripts
    ├── payload-generator.py            # Context-specific payload creation
    └── wordlist-merger.sh              # Wordlist combination & deduplication

Tool Categories

Category	Tools	Typical Usage
automation/	`bug-bounty-workflow.sh`, `recon-automation.yml`	Chain multiple recon and scanning steps; schedule via CI/CD
exploitation/	`sqli-tester.py`, `xss-scanner.py`	Test specific URLs/endpoints for vulnerabilities
reconnaissance/	`subdomain-enum.py`, `url-collector.sh`	Discover attack surface before manual testing
utilities/	`payload-generator.py`, `wordlist-merger.sh`	Prepare custom payloads and wordlists

How Tools Connect to Methodologies

tools/exploitation/sqli-tester.py
        │
        │  (automates what you learn in)
        │
        ▼
methodologies/web penetration/SQL Injection.md
        │
        │  (provides payloads for)
        │
        ▼
resources/cheatsheets/SQL-Injection.md

Tool Dependency Map

┌──────────────────────────────────────────────────────────┐
│                 RECON → EXPLOIT WORKFLOW                  │
└──────────────────────────────────────────────────────────┘
                            │
        ┌───────────────────┼───────────────────┐
        ▼                   ▼                   ▼
┌───────────────┐ ┌─────────────────┐ ┌───────────────────┐
│ subdomain-    │ │ url-collector   │ │ wordlist-merger   │
│ enum.py       │ │ .sh             │ │ .sh               │
│ (Find assets) │ │ (Gather URLs)   │ │ (Prepare lists)   │
└───────┬───────┘ └────────┬────────┘ └────────┬──────────┘
        │                  │                   │
        └──────────────────┼───────────────────┘
                           ▼
                ┌─────────────────────┐
                │ bug-bounty-workflow │
                │ .sh                 │
                │ (Orchestrate all)   │
                └──────────┬──────────┘
                           │
                           ▼
        ┌──────────────────┼───────────────────┐
        ▼                                     ▼
┌───────────────┐                     ┌───────────────────┐
│ sqli-tester   │                     │ xss-scanner       │
│ .py           │                     │ .py               │
│ (Test for     │                     │ (Test for XSS)    │
│  SQLi)        │                     │                   │
└───────────────┘                     └───────────────────┘

✍️ `write-ups/` — Real-World Bug Bounty Reports

Purpose: Learn from actual vulnerability discoveries, reported bugs, and lessons learned.

write-ups/
├── README.md                          # Write-ups index & catalog
└── 2026/                              # Yearly organization
    └── slack.md                       # Slack vulnerability analysis

What Lives Here

Content	Description
`README.md`	Complete catalog with severity ratings and bounty amounts
`2026/slack.md`	Detailed analysis of a vulnerability discovered in Slack's infrastructure

How Write-ups Connect

write-ups/
        │
        │  (shows real-world application of)
        │
        ▼
methodologies/ + resources/cheatsheets/
        │
        │  (validates that these techniques work in practice)
        │
        ▼
Your own bug bounty practice

Learning Loop: Study a write-up → Identify which methodologies were used → Practice those techniques → Find your own bugs → Write your own report.

🧭 The "If You Want to Do X, Go to Y" Matrix

I Want To...	Go Here	Specific File(s)
Learn programming for security	`course/module-1/`	`Python.md`, `Bash-Shell Scripting.md`
Understand SQL injection deeply	`resources/vulnerabilties/sql/`	`SQL Injection – Explained Simply.md` + `questions/`
Test my knowledge of SQL	`resources/vulnerabilties/sql/questions/`	All `.md` files in this directory
Find and exploit SQL injection	`methodologies/web penetration/`	`SQL Injection.md`
Get quick SQLi payloads	`resources/cheatsheets/`	`SQL-Injection.md`
Automate SQLi testing	`tools/exploitation/`	`sqli-tester.py`
See a real SQLi report	`write-ups/`	Browse relevant write-ups
Learn XSS	`methodologies/web penetration/`	`xss.md`
Get XSS payloads quickly	`resources/wordlists/` + `resources/cheatsheets/`	`xss-payloads.txt` + `xss-cheatsheet.md`
Automate XSS scanning	`tools/exploitation/`	`xss-scanner.py`
Test a WordPress site	`methodologies/web technologies/`	`WordPress Penetration Testing.md`
Learn about JWT attacks	`methodologies/web technologies/`	`JWT.md`
Get JWT payloads	`resources/cheatsheets/`	`JWT.md`
Understand OAuth exploitation	`methodologies/` (both dirs)	`OAuth.md` + `OAuth Exploitation.md`
Learn about CI/CD security	`methodologies/web technologies/`	`CI-CD Security.md`
Exploit GitHub repos	`methodologies/web technologies/`	`GitHub Security.md`
Write a bug report	`resources/templates/`	`bug-report-template.md`
Do subdomain discovery	`tools/reconnaissance/`	`subdomain-enum.py`
Collect all URLs for a target	`tools/reconnaissance/`	`url-collector.sh`
Run full automated recon	`tools/automation/`	`bug-bounty-workflow.sh`
Schedule automated scans	`tools/automation/`	`recon-automation.yml`
Generate custom payloads	`tools/utilities/`	`payload-generator.py`
Merge wordlists	`tools/utilities/`	`wordlist-merger.sh`
Fuzz directories	`resources/wordlists/`	`directories-small.txt` + external tools
Learn WAF bypass	`methodologies/web technologies/`	`WAF.md`
Understand HTTP Request Smuggling	`methodologies/web penetration/`	`HTTP Request Smuggling.md`
Find hidden vhosts	`methodologies/web penetration/`	`VHost.md`
Study Slack's architecture	`profiles/hackerone/slack/`	`slack-tech-stack.md` + `slack_full_architecture.html`
Learn about HackerOne	`profiles/hackerone/`	`README.md`
Learn about Bugcrowd	`profiles/bugcrowd/`	`README.md`
Read real-world write-ups	`write-ups/`	`README.md` for index
Find all resources on one topic	Use GitHub search	Search repo for keyword (e.g., "SQL", "OAuth")
Contribute	Root files	`CODE_OF_CONDUCT.md` + `CONTRIBUTING.md`
Report a security issue	Root file	`SECURITY.md`
Understand legal terms	Root file	`LICENSE`
Get a complete overview	Root file	`README.md`

🔄 How the Directories Interconnect (Visual Map)

                        ┌─────────────────┐
                        │   README.md      │
                        │   (Hub)          │
                        └────────┬────────┘
                                 │
        ┌────────────────────────┼────────────────────────┐
        ▼                        ▼                        ▼
┌───────────────┐     ┌─────────────────┐     ┌───────────────────┐
│   course/     │     │ methodologies/  │     │    profiles/      │
│   (Learn)     │────►│ (Apply)         │◄────│  (Intel)          │
└───────────────┘     └────────┬────────┘     └───────────────────┘
                               │
              ┌────────────────┼────────────────┐
              ▼                ▼                ▼
   ┌──────────────┐ ┌──────────────┐ ┌──────────────────┐
   │ resources/   │ │   tools/     │ │   write-ups/     │
   │ cheatsheets/ │ │ (Automate)   │ │  (Learn from     │
   │ (Reference)  │ │              │ │   real reports)  │
   │              │ │              │ │                  │
   │ wordlists/   │ │              │ │                  │
   │ templates/   │ │              │ │                  │
   │ vulnerabilties/│              │ │                  │
   └──────────────┘ └──────────────┘ └──────────────────┘
              │                │                │
              └────────────────┼────────────────┘
                               ▼
                    ┌─────────────────────┐
                    │  Your Bug Bounty    │
                    │     Workflow        │
                    └─────────────────────┘

📊 Repository Statistics Deep Dive

Category	Sub-Category	Item Count
Core Documents	README, LICENSE, CODE_OF_CONDUCT, SECURITY	4
Course	Module files + programming deep dives	13
Methodologies	Web Penetration	38
	Web Technologies	29
Profiles	Platform intel files	4
Resources	Cheatsheets	68
	Templates	1
	Vulnerability Deep Dives (SQL)	10+
	SQL Questions/Quizzes	9
	SQL HTML Demos	4
	Wordlists	3
Tools	Automation	2
	Exploitation	2
	Reconnaissance	3
	Utilities	2
Write-ups	2026 Reports	1+
Total	All files	190+

💡 Pro Tips for Navigation

Use GitHub's Built-in Search: Press t on the repository page to search all files by name instantly.
Follow the Naming Convention:
- Methodologies: Vulnerability Name.md (e.g., SQL Injection.md)
- Cheatsheets: Same name in resources/cheatsheets/ (e.g., SQL-Injection.md)
- Tools: Descriptive names with extensions (e.g., sqli-tester.py)
Start Broad, Then Narrow:
- New to SQLi? Start with resources/vulnerabilties/sql/SQL Injection – Explained Simply.md
- Then move to methodologies/web penetration/SQL Injection.md
- Keep resources/cheatsheets/SQL-Injection.md open during testing
The questions/ Directory is Underrated:
- Use resources/vulnerabilties/sql/questions/ to test your knowledge before a real engagement
- If you can answer all 9 questions, you're ready
HTML Demos Are Interactive:
- Files like login system demo.html and sql_injection_insertion_anatomy.html can be opened in your browser
- They provide visual, interactive learning

🔗 Related Pages

Page	Link
Project Overview & Philosophy	Project Overview & Philosophy
Getting Started Guide	Getting Started Guide for Bug Hunters
FAQ	FAQ
Complete Vulnerability Index	Complete Vulnerability Index
How to Contribute	How to Contribute

Knowledge Base	Tools	Project
Methodologies · Cheatsheets · Write-ups · Course	Automation · Exploitation · Recon	Security Policy · Code of Conduct · License

⚠️ This repository contains real exploitation techniques. Unauthorized use is a criminal offense under the CFAA, Computer Misuse Act, and equivalent laws worldwide. Use only on systems you own or have explicit written permission to test.

_{For Security Researchers}
_{Methodologies • Cheatsheets • Tools • Write-ups}

67 Methodologies 68 Cheatsheets 7 Tools 3 Wordlists

🧭 Start Here

🎓 Learning Path

⚔️ Web Penetration Testing

Core vulnerability exploitation guides

💻 Web Technologies

Platform-specific exploitation guides

📋 Cheatsheets

Quick-reference payloads & commands

📋 View All 68 Cheatsheets

_{All cheatsheets are interlinked with their corresponding methodologies. Use the search function (press t on GitHub) to find a specific one quickly.}

📝 Templates & Wordlists

🛠️ Tools

⚙️ Automation

💥 Exploitation

🔍 Reconnaissance

🔧 Utilities

✍️ Write-ups

📜 Core Documents

🌐 Connect

💰 Support the Project

🔗 Quick Links

Link	Destination
🏠 Wiki Home	Home
📁 Repository	GitHub
❓ FAQ	FAQ
🐛 Report a Bug	Security Policy
📄 License	MIT License
💬 Discord	Join Server

Maintained PRs Welcome MIT License

_{⚡ Stay curious. Hack ethically. Report responsibly.}

Uh oh!

Understanding the Repository Structure

Understanding the Repository Structure

🗺️ Complete Directory Tree

📂 Repository Root: Core Documents

📚 course/ — Structured Learning Curriculum

What Lives Here

When to Use This

How It Connects

⚔️ methodologies/ — In-Depth Exploitation Guides

Two Sub-Categories Explained

How They Work Together

Key File Highlight

When to Use Each Methodology

🎯 profiles/ — Platform & Program Intelligence

What Lives Here

How This Connects

📋 resources/ — Quick References & Payloads

Resource Types Explained

The Cheatsheet ↔ Methodology Connection

Special: vulnerabilties/ Directory

🛠️ tools/ — Automation & Exploitation Scripts

Tool Categories

How Tools Connect to Methodologies

Tool Dependency Map

✍️ write-ups/ — Real-World Bug Bounty Reports

What Lives Here

How Write-ups Connect

🧭 The "If You Want to Do X, Go to Y" Matrix

🔄 How the Directories Interconnect (Visual Map)

📊 Repository Statistics Deep Dive

💡 Pro Tips for Navigation

🔗 Related Pages

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

🧭 Start Here

🎓 Learning Path

⚔️ Web Penetration Testing

💻 Web Technologies

📋 Cheatsheets

📝 Templates & Wordlists

🛠️ Tools

✍️ Write-ups

📜 Core Documents

🌐 Connect

💰 Support the Project

🔗 Quick Links

Clone this wiki locally

📚 `course/` — Structured Learning Curriculum

⚔️ `methodologies/` — In-Depth Exploitation Guides

🎯 `profiles/` — Platform & Program Intelligence

📋 `resources/` — Quick References & Payloads

Special: `vulnerabilties/` Directory

🛠️ `tools/` — Automation & Exploitation Scripts

✍️ `write-ups/` — Real-World Bug Bounty Reports