Security Testing Checklist

Reconnaissance

0/25

Identify web server, technologies, and database

Writeup

Subsidiary and Acquisition Enumeration

Writeup

Reverse Lookup

Writeup

ASN & IP Space Enumeration and Service Enumeration

Writeup

Google Dorking

Writeup

GitHub Reconnaissance

Writeup

Directory Enumeration

Writeup

IP Range Enumeration

Writeup

JavaScript File Analysis

Writeup

Subdomain Enumeration and Bruteforcing

Writeup

Subdomain Takeover

Writeup

Parameter Fuzzing

Writeup

Port Scanning

Writeup

Template-Based Scanning (Nuclei)

Writeup

Wayback History Analysis

Writeup

Broken Link Hijacking

Writeup

Internet Search Engine Discovery

Writeup

Misconfigured Cloud Storage Detection

Writeup

Asset Discovery using Amass

Writeup

Subdomain enumeration with Sublist3r

Writeup

DNS Chaos dataset enumeration

Writeup

Subdomain permutation with Altdns

Writeup

Subdomain bruteforcing with ShuffleDNS

Writeup

Assetfinder for domain discovery

Writeup

Directory/File busting with Gobuster

Writeup

Registration Vulnerabilities

0/13

Check for duplicate registration/Overwrite existing user

Writeup

Check for weak password policy

Writeup

Check for reuse of existing usernames

Writeup

Check for insufficient email verification process

Writeup

Allows disposable email addresses

Writeup

Weak registration implementation - Over HTTP

Writeup

Overwrite default web application pages by specially crafted username registrations (e.g., Does your profile link appear as www.test.com/test?)

Writeup

Username enumeration

Writeup

Email verification bypass

Writeup

CAPTCHA bypass testing

Writeup

Registration rate limiting

Writeup

Registration without email verification

Writeup

Profile link manipulation

Writeup

Authentication Testing

0/34

Username enumeration

Writeup

Bypass authentication using SQL Injection on username and password fields

Writeup

Lack of password confirmation on Change email address

Writeup

Lack of password confirmation on Change password

Writeup

Lack of password confirmation on Manage 2FA

Writeup

Test user account lockout mechanism on brute force attack

Writeup

Bypass rate limiting by tampering user agent to Mobile

Writeup

Bypass rate limiting by tampering user agent to Anonymous

Writeup

Bypass rate limiting by using null byte

Writeup

Create password wordlist using CEWL command

Writeup

Test OAuth Login Functionality

Writeup

OAuth Code Flaws (Re-Using of code)

Writeup

OAuth Code Predict/Bruteforce and Rate-limit

Writeup

OAuth redirect_uri Flaws

Writeup

OAuth State Flaws

Writeup

Is client_secret validated?

Writeup

Pre ATO using Facebook phone-number signup

Writeup

No email validation

Writeup

Pre ATO

Writeup

Test 2FA Misconfiguration

Writeup

2FA Response Manipulation

Writeup

2FA Status Code Manipulation

Writeup

2FA Code Leakage in Response

Writeup

2FA Code Reusability

Writeup

Lack of 2FA Brute-Force Protection

Writeup

Missing 2FA Code Integrity Validation

Writeup

2FA Denial of Service by creating an account with victim's email

Writeup

Session authentication during 2FA activation

Writeup

Disabling 2FA by CSRF

Writeup

Authentication bypass attempts

Writeup

Password policy bypass

Writeup

Remember me functionality testing

Writeup

Password reset token reuse

Writeup

Multi-factor authentication bypass

Writeup

Session Management

0/19

Identify actual session cookie out of bulk cookies

Writeup

Decode cookies using standard algorithms (Base64, hex, URL)

Writeup

Modify session token value by 1 bit/byte and resubmit

Writeup

Test login with similar usernames (e.g., A, AA, AAA, etc.)

Writeup

Check for session cookie expiration date/time

Writeup

Identify cookie domain scope

Writeup

Check for HttpOnly flag in cookies

Writeup

Check for Secure flag if application is over SSL

Writeup

Test session fixation (before & after authentication)

Writeup

Replay session cookie from a different system/IP

Writeup

Test concurrent login from different machines/IPs

Writeup

Check if user data is stored in cookies and tamper it

Writeup

Test session invalidation on Email Change & 2FA Activation

Writeup

Session timeout testing

Writeup

Session cookie attributes

Writeup

Session fixation attacks

Writeup

Session hijacking attempts

Writeup

Cookie persistence issues

Writeup

Cross-site session sharing

Writeup

IDOR (Insecure Direct Object Reference)

0/73

Create two accounts if possible or else enumerate users first

Writeup

Check if endpoint is private or public and does it contain any kind of id param

Writeup

Try changing the id param value to some other user and see if does anything to their account

Writeup

Done!

Writeup

Try replacing parameter names

Writeup

Change request content-type from application/xml to application/json

Writeup

Send wildcard instead of an id

Writeup

Swap non-numeric with numeric id

Writeup

Try to decode ID if it is encoded using md5, base64, etc.

Writeup

Base Steps: Test if the endpoint is accessible without authentication and contains ID parameter

Writeup

Missing Function Level Access Control

Writeup

Bypass object level authorization - Add parameter onto endpoint if not present by default

Writeup

Try changing request method (GET to POST)

Writeup

Google Dorking/public form

Writeup

Try adding path traversal to ID (../, ..\)

Writeup

Change HTTP method from POST to GET

Writeup

HTTP Parameter Pollution - Give multiple values for same parameter

Writeup

Missing Function Level Authorization

Writeup

Parameter tampering - Try to tamper ID in other operations like delete, update

Writeup

Force browsing

Writeup

Insecure direct object references

Writeup

Access control bypass

Writeup

Role-based access control issues

Writeup

Cross-tenant data access

Writeup

User profile manipulation

Writeup

File access control

Writeup

Path Traversal - Test with ../../../ and encoded versions

Writeup

API version testing - Try changing API version from v1 to v2

Writeup

Missing Function Level Acess Control

Writeup

HTTP Parameter Pollution - Wrap parameter with array in JSON body

Writeup

Missing Function Level Access Control

Writeup

Test if you can access admin dashboard with your account ID

Writeup

Try SQL injection in ID parameter to extract other users' data

Writeup

Try enumeration - Sequential ID testing (user/1, user/2, user/3)

Writeup

JSON parameter pollution - Wrap ID in JSON object {"userid":123}

Writeup

Change file type - Try uploading different file types (application/xml, etc.)

Writeup

Tip: Use Burp extension called Paramalyzer to help remember all parameters you have passed to a host

Writeup

GET /GetUser/dmljdGltQG1haWwuY29t

Writeup

POST /users/delete/victim_id ->403

Writeup

POST /users/delete/victim_id ->200

Writeup

GET /api/albums?account_id=<account id>

Writeup

Try This: GET /api/albums?account_id=<account id>

Writeup

Tip: There is a Burp extension called Paramalyzer which will help with this by remembering all parameters you have passed to a host

Writeup

Path Traversal

Writeup

change HTTP method

Writeup

send wildcard instead of an id

Writeup

Bypass object level authorization - Add parameter onto endpoi

Writeup

Missing Function Level Acess Control

Writeup

Never ignore encoded/hashed ID

Writeup

change file type

Writeup

swap non-numeric with numeric id

Writeup

json parameter pollution

Writeup

wrap id with an array

Writeup

wrap id with a json object

Writeup

Test an out of band API version

Writeup

Test if website using graphql, try to find IDOR using graphql!

Writeup

Base Steps: Look for ID-like patterns in API requests

Writeup

API endpoint enumeration

Writeup

Mass Assignment vulnerability

Writeup

Improper error handling in API

Writeup

API key security

Writeup

GraphQL injection

Writeup

API parameter pollution

Writeup

JSON injection

Writeup

XML injection

Writeup

JWT manipulation

Writeup

API versioning issues

Writeup

CORS misconfiguration

Writeup

GraphQL introspection

Writeup

GraphQL batch query abuse

Writeup

GraphQL alias abuse

Writeup

GraphQL directory traversal

Writeup

GraphQL DoS

Writeup

Business Logic Vulnerabilities

0/66

image profile deletion: account infromation acount VIEW & DELETE

Writeup

Create api_key allows to read any comment change price chnage coin from dollar to uaro

Writeup

Try decode ID if it is encoded using md5, base64, etc.

Writeup

change HTTP method

Writeup

Check for ID in different operations like delete, update

Writeup

Missing Function Level Access Control

Writeup

Missing Function Level Acess Control

Writeup

send wildcard instead of an id

Writeup

Parameter tampering

Writeup

swap non-numeric with numeric id

Writeup

json parameter pollution - Give multiple values for same parameter

Writeup

Missing Function Level Authorization

Writeup

wrap parameter onto endpoi

Writeup

wrap id with an array in JSON body

Writeup

wrap id with a json object

Writeup

Missing Function Level Access Control

Writeup

Bypass object level authorization

Writeup

Test for IDOR in admin operations

Writeup

Test for IDOR in admin panel

Writeup

Bypass object level authorization

Writeup

Try different API versions

Writeup

Missing Function Level Authorization

Writeup

Test with sequential IDs

Writeup

Test for privilege escalation patterns

Writeup

Test for unauthorized admin operations with regular account

Writeup

Check if admin dashboard is accessible with regular user ID

Writeup

Test if regular users can access admin APIs

Writeup

Missing Function Level Authorization

Writeup

Missing Function Level Access Control

Writeup

Test if user A can view user B's account statement

Writeup

Test if user A can view user B's transaction history

Writeup

Test if user A can modify user B's bank account

Writeup

Test for account takeover through password reset

Writeup

Test for account takeover through email change

Writeup

Test for account takeover through session fixation

Writeup

Test for account takeover through OAuth misconfiguration

Writeup

Test for account takeover through IDOR

Writeup

Test for account takeover through CSRF

Writeup

Test for account takeover through subdomain takeover

Writeup

Test for account takeover through JWT manipulation

Writeup

Test for account takeover through 2FA bypass

Writeup

Test for account takeover through host header injection

Writeup

Test for account takeover through open redirect

Writeup

Test for account takeover through parameter pollution

Writeup

Test for account takeover through response manipulation

Writeup

Test for credential stuffing

Writeup

Price manipulation - Try tampering product ID to buy expensive items at low price

Writeup

Modify product quantity in requests

Writeup

Discount abuse - Try using multiple discount codes or stacking discounts

Writeup

Coupon stacking - Use multiple valid coupon codes in single transaction

Writeup

Race conditions - Exploit timing between two requests to get double benefits

Writeup

Time-based exploits - Manipulate timestamps or IDs to bypass validation

Writeup

Workflow bypass - Skip or manipulate workflow steps

Writeup

Payment flow manipulation - Bypass payment or modify payment methods

Writeup

Refund abuse - Request refunds for transactions not yet settled

Writeup

Point/reward abuse - Collect points or rewards repeatedly

Writeup

Multi-step process bypass - Skip required validation steps

Writeup

Workflow authorization bypass - Perform actions without proper authorization

Writeup

Business logic IDOR - Access another user's data through predictable IDs

Writeup

State manipulation - Change application state to bypass validation

Writeup

Parameter order manipulation - Reorder parameters to bypass checks

Writeup

Privilege escalation - Try to access higher-privilege features

Writeup

Testing for negative values

Writeup

Testing for maximum/minimum violations

Writeup

Currency manipulation - Try different currency symbols or values

Writeup

Testing for unlimited benefits (free shipping, unlimited downloads)

Writeup

CSRF Vulnerabilities

0/40

Missing CSRF token in state-changing requests

Writeup

Test CSRF token validation

Writeup

Test if CSRF token is predictable

Writeup

Test if CSRF token can be reused

Writeup

Check for CSRF in state-changing operations

Writeup

Test for SameSite cookie attribute

Writeup

Test for Referer header validation

Writeup

Test for Origin header validation

Writeup

Test for CSRF in GET requests

Writeup

Test for CSRF in POST requests

Writeup

Test for CSRF via JSON

Writeup

Test for CSRF via file upload

Writeup

Test for double-submit CSRF

Writeup

Test for CSRF token leakage in URL

Writeup

Test for CSRF bypass via clickjacking

Writeup

Check if SameSite cookie attribute is properly set (Strict, Lax, None)

Writeup

Test if Referer header is validated (should match request origin)

Writeup

Test if Origin header is present and validated

Writeup

Test for CSRF on sensitive operations like password change, email change, 2FA enable/disable

Writeup

Test for CSRF in API endpoints (JSON bodies, API keys)

Writeup

Test for CSRF in GraphQL mutations

Writeup

Test for CSRF via URL parameter pollution

Writeup

Test for CSRF in hidden form fields

Writeup

Test for CSRF in iframe interactions

Writeup

Test for CSRF with multiple tokens (e.g., session + CSRF token)

Writeup

Base Steps: Identify all forms that change state (login, logout, password reset, profile update)

Writeup

Base Steps: Test each form with and without CSRF token

Writeup

Base Steps: Check for token in GET requests (query parameters, headers)

Writeup

Base Steps: Test token predictability (is it sequential? time-based?)

Writeup

Base Steps: Test for token reuse (can I use same token twice?)

Writeup

Base Steps: Test SameSite attribute (None, Lax, Strict)

Writeup

Base Steps: Test for Referer validation (can you forge requests from different origin?)

Writeup

Base Steps: Test Origin/Cross-Origin headers

Writeup

Base Steps: Use clickjacking techniques

Writeup

Base Steps: Test for JSON Content-Type with POST requests

Writeup

Base Steps: Test for API CSRF (use JSON body with POST)

Writeup

Base Steps: Test for file upload CSRF (upload malicious file and reference it in form)

Writeup

Base Steps: Test for double-submit prevention (unique tokens)

Writeup

Base Steps: Test for CSRF in deletion operations

Writeup

Base Steps: Test for CSRF in batch/multiple operations

Writeup

Remote Code Execution (RCE)

0/43

Test for command injection

Writeup

Test for OS command injection

Writeup

Test for code injection

Writeup

Test for deserialization RCE

Writeup

Test for template injection RCE

Writeup

Test for file upload RCE

Writeup

Test for eval() injection

Writeup

Test for system() injection

Writeup

Test for exec() injection

Writeup

Test for shell_exec() injection

Writeup

Test for passthru() injection

Writeup

Test for popen() injection

Writeup

Test for preg_replace() code execution

Writeup

Test for backticks (`) code execution

Writeup

Test for dynamic code evaluation

Writeup

Test for RCE via SSRF

Writeup

Test for RCE via XML external entity

Writeup

Recon = Found log file: web/path/wget-log

Writeup

Found Server IP in logs file

Writeup

Found .git dir: wget -m -I .git web/.git/

Writeup

Tested Server IP & Found .git dir: wget -m -I .git web/.git/

Writeup

git status & found backup zip file

Writeup

While reading files found: app/file.php disclosing SSH root Credentials

Writeup

exif metadata to RCE - Upload image with EXIF data containing malicious payload

Writeup

Recon = Identify hidden parameters that allow RCE

Writeup

Dependency Confusion - Use libraries that allow command execution

Writeup

Tools: Use Tplmap, InterPro, and similar tools to find RCE vulnerabilities

Writeup

Base Steps: Identify all input vectors (forms, file uploads, APIs)

Writeup

Base Steps: Test for command injection in all parameters (especially file names)

Writeup

Base Steps: Test with common payloads (; |, &&, $(command), `cmd`)

Writeup

Base Steps: Test for template engines (Jinja, Twig, Velocity, Smarty, Freemarker)

Writeup

Base Steps: Test for unsafe PHP functions (eval, system, exec, shell_exec, passthru)

Writeup

Base Steps: Test for deserialization (Java, Python, PHP, Node.js, .NET)

Writeup

Base Steps: Test for SSRF vulnerabilities

Writeup

Base Steps: Test for XXE in file uploads (XML files)

Writeup

Base Steps: Identify backup files, config files, or exposed git repositories

Writeup

Base Steps: Test for unauthenticated file upload

Writeup

Base Steps: Look for command injection in API responses

Writeup

Base Steps: Test for RCE via GraphQL (batch queries, mutations)

Writeup

Base Steps: Test for web shell access and upload

Writeup

Tools: sqlmap, Burp Suite, Metasploit, Nessus

Writeup

Payloads: Use reverse shells, bind shells, web shells

Writeup

Defense: Disable dangerous functions, input validation, secure configuration

Writeup

Cross-Site Scripting (XSS)

0/419

Reflected XSS testing

Writeup

Stored XSS testing

Writeup

DOM-based XSS

Writeup

Self-XSS

Writeup

XSS in HTML attributes

Writeup

XSS in JavaScript variables

Writeup

XSS in URL parameters

Writeup

XSS in headers

Writeup

XSS polyglots

Writeup

WAF bypass for XSS

Writeup

XSS in tag attribute value

Writeup

XSS in CSS

Writeup

XSS in SVG

Writeup

XSS in Flash

Writeup

XSS in HTML5

Writeup

XSS in script tags

Writeup

XSS in meta tags

Writeup

XSS in link tags

Writeup

XSS in iframe

Writeup

XSS in object tags

Writeup

XSS in embed tags

Writeup

XSS in frame tags

Writeup

XSS in form inputs

Writeup

XSS in textarea

Writeup

XSS in button onclick

Writeup

XSS in onerror/onload events

Writeup

XSS in data attributes

Writeup

XSS in style attributes

Writeup

XSS in src attributes

Writeup

XSS in href attributes

Writeup

XSS in action attributes

Writeup

XSS in srcset attributes

Writeup

XSS in poster attributes

Writeup

XSS in background attributes

Writeup

XSS in XML attributes

Writeup

XSS in JSON attributes

Writeup

XSS in WebSocket messages

Writeup

XSS in WebSocket data attributes

Writeup

XSS in document.write

Writeup

XSS in document.writeln

Writeup

XSS in document.createElement

Writeup

XSS in innerHTML

Writeup

XSS in outerHTML

Writeup

XSS in insertAdjacentHTML

Writeup

XSS in setAttribute

Writeup

XSS in textContent

Writeup

XSS in nodeValue

Writeup

XSS in CSS properties

Writeup

XSS in SVG onload

Writeup

XSS in SVG onactivate

Writeup

XSS in SVG begin

Writeup

XSS in SVG end

Writeup

XSS in SVG animate

Writeup

XSS in SVG set

Writeup

XSS in SVG animateTransform

Writeup

XSS in foreignObject

Writeup

XSS in data-* attributes

Writeup

XSS in classList

Writeup

XSS in dataset attributes

Writeup

XSS in srcdoc attributes

Writeup

XSS in srcset with multiple values

Writeup

XSS in source with tracking

Writeup

XSS in link with ping

Writeup

XSS in link with rel tracking

Writeup

XSS in event handlers (onload, onerror, onclick, etc.)

Writeup

XSS in setTimeout/setInterval

Writeup

XSS in postMessage

Writeup

XSS in MessageEvent

Writeup

XSS in Worker

Writeup

XSS in Service Worker

Writeup

XSS in CSS expression (expression())

Writeup

XSS in JavaScript URIs (javascript:, data:, vbscript:)

Writeup

XSS in @import

Writeup

XSS in SVG filters

Writeup

XSS in data URI schemes (data:, javascript:, vbscript:)

Writeup

XSS in Flash ActionScript

Writeup

XSS in PDF via embedded JavaScript

Writeup

XSS in Word documents

Writeup

XSS in Excel spreadsheets

Writeup

XSS in PowerPoint presentations

Writeup

XSS in RTF documents

Writeup

XSS in Email bodies

Writeup

XSS in SMS messages

Writeup

XSS in WebSocket handshake

Writeup

XSS in Content Security Policy (CSP) bypass

Writeup

XSS in XSS Auditor tools

Writeup

XSS in DOMPurify

Writeup

XSS in HTML sanitizers

Writeup

XSS in template engines

Writeup

XSS in markdown parsers

Writeup

XSS in URL fragment attacks

Writeup

XSS in hash-based attacks (location.hash)

Writeup

XSS in local storage

Writeup

XSS in session storage

Writeup

XSS in cookies

Writeup

XSS in IndexedDB

Writeup

XSS in Web SQL

Writeup

XSS in Web Storage APIs

Writeup

XSS in File API

Writeup

XSS in Clipboard API

Writeup

XSS in Notifications API

Writeup

XSS in Service Workers

Writeup

XSS in Broadcast Channel API

Writeup

XSS in postMessage fallback

Writeup

XSS in WebSockets

Writeup

XSS in WebSocket subprotocols

Writeup

XSS in WebSocket origins

Writeup

XSS in binary data

Writeup

XSS in uploaded files

Writeup

XSS in avatar/profile images

Writeup

XSS in cover images

Writeup

XSS in favicon

Writeup

XSS in manifest files

Writeup

XSS in service worker scripts

Writeup

XSS in importScripts attribute

Writeup

XSS in srcdoc

Writeup

XSS in stylesheet imports

Writeup

XSS in style links

Writeup

XSS in @namespace

Writeup

XSS in module scripts

Writeup

XSS in import maps

Writeup

XSS in web workers imports

Writeup

XSS in workers with blob URLs

Writeup

XSS in worker imports from other origins

Writeup

XSS in navigator.sendBeacon

Writeup

XSS in ImageBitmap.getContext().putImageData()

Writeup

XSS in Canvas fillText/strokeText

Writeup

XSS in Canvas drawImage

Writeup

XSS in SVG createTextNode

Writeup

XSS in SVG foreignObject

Writeup

XSS in HTML audio/video

Writeup

XSS in HTML object elements

Writeup

XSS in CSS @font-face

Writeup

XSS in CSS background-image

Writeup

XSS in CSS background

Writeup

XSS in CSS mask

Writeup

XSS in CSS clip-path

Writeup

XSS in CSS filter

Writeup

XSS in CSS backdrop-filter

Writeup

XSS in SVG paint-order

Writeup

XSS in SVG stroke-dasharray

Writeup

XSS in SVG stroke-linecap

Writeup

XSS in SVG stroke-linejoin

Writeup

XSS in CSS text-shadow

Writeup

XSS in SVG text-shadow

Writeup

XSS in CSS box-shadow

Writeup

XSS in SVG filter drop-shadow

Writeup

XSS in CSS filter url()

Writeup

XSS in CSS attr() selector

Writeup

XSS in CSS :has() selector

Writeup

XSS in CSS :not() selector

Writeup

XSS in CSS :is() selector

Writeup

XSS in CSS :nth-child() selector

Writeup

XSS in CSS ::first-letter

Writeup

XSS in CSS ::before/::after pseudo-elements

Writeup

XSS in CSS :checked/unchecked selectors

Writeup

XSS in CSS :enabled/disabled selectors

Writeup

XSS in CSS :visited selectors

Writeup

XSS in CSS :active/hover/focus selectors

Writeup

XSS in CSS :target selectors

Writeup

XSS in CSS :lang() selector

Writeup

XSS in CSS -moz-, -webkit-, -o- vendor prefixes

Writeup

XSS in CSS -ms- vendor prefix

Writeup

XSS in CSS custom properties (--* or -*)

Writeup

XSS in CSS !important

Writeup

XSS in CSS calc()

Writeup

XSS in CSS var() and custom properties

Writeup

XSS in CSS attr() with string values

Writeup

XSS in CSS content property with url()

Writeup

XSS in CSS @import with malicious CSS

Writeup

XSS in CSS @namespace with XSS

Writeup

XSS in CSS expression()

Writeup

XSS in CSS -moz-binding

Writeup

XSS in CSS -ms-behavior

Writeup

XSS in CSS -webkit-box-reflect

Writeup

XSS in CSS -webkit-mask-image

Writeup

XSS in CSS -webkit-filter

Writeup

XSS in CSS pointer-events

Writeup

XSS in CSS user-modify

Writeup

XSS in CSS -webkit-user-modify

Writeup

XSS in HTML5 sandbox attribute

Writeup

XSS in iframe sandbox attribute

Writeup

XSS in allow-same-origin

Writeup

XSS in allow-scripts

Writeup

XSS in allow-forms

Writeup

XSS in allow-popups

Writeup

XSS in allow-popups-to-escape-sandbox

Writeup

XSS in allow-pointer-lock

Writeup

XSS in allow-top-navigation

Writeup

XSS in CSP headers

Writeup

XSS in meta tags (http-equiv)

Writeup

XSS in script nonce

Writeup

XSS in script integrity

Writeup

XSS in Trusted Types policy

Writeup

XSS in Content Security Policy-Report-Only

Writeup

XSS in CSP base-uri

Writeup

XSS in CSP frame-src

Writeup

XSS in CSP frame-ancestors

Writeup

XSS in CSP default-src

Writeup

XSS in CSP script-src

Writeup

XSS in CSP style-src

Writeup

XSS in CSP img-src

Writeup

XSS in CSP connect-src

Writeup

XSS in CSP font-src

Writeup

XSS in CSP media-src

Writeup

XSS in CSP object-src

Writeup

XSS in CSP child-src

Writeup

XSS in CSP form-action

Writeup

XSS in CSP frame-src

Writeup

XSS in CSP manifest-src

Writeup

XSS in CSP worker-src

Writeup

XSS in CSP report-uri

Writeup

XSS in CSP report-to

Writeup

XSS in CSP require-trusted-types-for

Writeup

XSS in CSP upgrade-insecure-requests

Writeup

XSS in browser extensions (Content Security Policy)

Writeup

XSS in service workers

Writeup

XSS in Shared Workers

Writeup

XSS in Worklets

Writeup

XSS in WebAssembly

Writeup

XSS in SVG with foreignObject

Writeup

XSS in HTML with frameset

Writeup

XSS in HTML with source attribute

Writeup

XSS in HTML with srcdoc

Writeup

XSS in HTML with link with ping

Writeup

XSS in XML namespaces

Writeup

XSS in SVG filters and XSS

Writeup

XSS in SVG with <script> tags

Writeup

XSS in MathML and SVG with scripts

Writeup

XSS in HTTP headers

Writeup

XSS in JSONP

Writeup

XSS in JSON payloads

Writeup

XSS in event handler obfuscation

Writeup

XSS in DOM-based XSS

Writeup

XSS in mXSS (mutation XSS)

Writeup

XSS in UXSS (universal XSS)

Writeup

XSS in Self-XSS

Writeup

XSS in Client-side Template Injection

Writeup

XSS in Data Protocol XSS

Writeup

XSS in HTML script data attributes

Writeup

XSS in script type module

Writeup

XSS in script charset

Writeup

XSS in script async

Writeup

XSS in script defer

Writeup

XSS in script nomodule

Writeup

XSS in script integrity

Writeup

XSS in script referrerpolicy

Writeup

XSS in script crossorigin

Writeup

XSS in script for attribute (form post)

Writeup

XSS in script for attribute (link prefetch)

Writeup

XSS in script for attribute (link stylesheet)

Writeup

XSS in script for attribute (link icon)

Writeup

XSS in meta refresh

Writeup

XSS in meta viewport

Writeup

XSS in link with ping

Writeup

XSS in SVG animate

Writeup

XSS in SVG animateTransform

Writeup

XSS in SVG set

Writeup

XSS in SVG filters

Writeup

XSS in SVG foreignObject

Writeup

XSS in DOMPurify sanitization bypass

Writeup

XSS in DOMPurify CSS bypass

Writeup

XSS in HTML sanitizers bypass

Writeup

XSS in template engines

Writeup

XSS in Angular sanitization bypass

Writeup

XSS in React dangerouslySetInnerHTML bypass

Writeup

XSS in Vue.js v-html bypass

Writeup

XSS in innerHTML bypass

Writeup

XSS in outerHTML bypass

Writeup

XSS in insertAdjacentHTML bypass

Writeup

XSS in textContent bypass

Writeup

XSS in location.hash bypass

Writeup

XSS in postMessage bypass

Writeup

XSS in localStorage bypass

Writeup

XSS in sessionStorage bypass

Writeup

XSS in cookies bypass

Writeup

XSS in URL parameter bypass

Writeup

XSS in HTTP header bypass

Writeup

XSS in CSS bypass

Writeup

XSS in case-insensitive bypass

Writeup

XSS in encoding bypass

Writeup

XSS in wildcard bypass

Writeup

XSS in comment bypass

Writeup

XSS in script tag bypass

Writeup

XSS in img tag bypass

Writeup

XSS in svg tag bypass

Writeup

XSS in object tag bypass

Writeup

XSS in embed tag bypass

Writeup

XSS in iframe tag bypass

Writeup

XSS in link tag bypass

Writeup

XSS in style attribute bypass

Writeup

XSS in class attribute bypass

Writeup

XSS in id attribute bypass

Writeup

XSS in data attribute bypass

Writeup

XSS in name attribute bypass

Writeup

XSS in src attribute bypass

Writeup

XSS in href attribute bypass

Writeup

XSS in action attribute bypass

Writeup

XSS in on* event bypass

Writeup

XSS in for attribute bypass

Writeup

XSS in value attribute bypass

Writeup

XSS in meta tag bypass

Writeup

XSS in base tag bypass

Writeup

XSS in link tag bypass

Writeup

XSS in area tag bypass

Writeup

XSS in time-based bypass

Writeup

XSS in clickjacking attack

Writeup

XSS in clickjacking defense

Writeup

XSS in UI redressing attack

Writeup

XSS in drag-and-drop XSS

Writeup

XSS in Clipboard hijacking

Writeup

XSS in History API attack

Writeup

XSS in Location API attack

Writeup

XSS in postMessage attack

Writeup

XSS in MessageChannel attack

Writeup

XSS in WebSocket hijacking

Writeup

XSS in DOM clobbering

Writeup

XSS in prototype pollution

Writeup

XSS in CSS injection

Writeup

XSS in SVG injection

Writeup

XSS in HTML injection

Writeup

XSS in JavaScript injection

Writeup

XSS in SQL injection combined with XSS

Writeup

XSS in CSRF combined with XSS

Writeup

XSS in open redirect combined with XSS

Writeup

XSS in file upload combined with XSS

Writeup

XSS in HTTP response splitting

Writeup

XSS in HTTP header injection

Writeup

XSS in MIME type confusion

Writeup

XSS in CRLF injection

Writeup

XSS in response cache poisoning

Writeup

XSS in host header injection

Writeup

XSS in Reflected XSS

Writeup

XSS in Stored XSS

Writeup

XSS in Blind XSS

Writeup

XSS in Self-XSS

Writeup

XSS in DOM XSS

Writeup

XSS in HTML5 XSS

Writeup

XSS in SVG XSS

Writeup

XSS in Flash XSS

Writeup

XSS in PDF XSS

Writeup

XSS in CSS XSS

Writeup

XSS in JavaScript XSS

Writeup

XSS in VBScript XSS

Writeup

XSS in ActionScript XSS

Writeup

XSS in RSS XSS

Writeup

XSS in Atom XSS

Writeup

XSS in SVG SMIL animation XSS

Writeup

XSS in XSLT XSS

Writeup

XSS in XML XSS

Writeup

XSS in WML XSS

Writeup

XSS in Java applet XSS

Writeup

XSS in Silverlight XSS

Writeup

XSS in WebGL XSS

Writeup

XSS in WebAssembly XSS

Writeup

XSS in Web Workers XSS

Writeup

XSS in Service Workers XSS

Writeup

XSS in Shared Workers XSS

Writeup

XSS in Worklets XSS

Writeup

XSS in Browser extension XSS

Writeup

XSS in User script XSS

Writeup

XSS in Content Security Policy bypass

Writeup

XSS in Trusted Types bypass

Writeup

XSS in sandbox bypass

Writeup

XSS in same-origin policy bypass

Writeup

XSS in Content Security Policy violation

Writeup

XSS in Reflected File Upload XSS

Writeup

XSS in Stored File Upload XSS

Writeup

XSS in Image EXIF XSS

Writeup

XSS in SVG File Upload XSS

Writeup

XSS in Video File Upload XSS

Writeup

XSS in Audio File Upload XSS

Writeup

XSS in Font File Upload XSS

Writeup

XSS in ZIP File Upload XSS

Writeup

XSS in CSS File Upload XSS

Writeup

XSS in JavaScript File Upload XSS

Writeup

XSS in HTML File Upload XSS

Writeup

XSS in PDF File Upload XSS

Writeup

XSS in EXE File Upload XSS

Writeup

XSS in DLL File Upload XSS

Writeup

XSS in JAR File Upload XSS

Writeup

XSS in APK File Upload XSS

Writeup

XSS in MP3 File Upload XSS

Writeup

XSS in FLAC File Upload XSS

Writeup

XSS in OGG File Upload XSS

Writeup

XSS in WAV File Upload XSS

Writeup

XSS in AVI File Upload XSS

Writeup

XSS in MKV File Upload XSS

Writeup

XSS in MOV File Upload XSS

Writeup

XSS in WebM File Upload XSS

Writeup

XSS in PDF File Upload XSS (via embedded JS)

Writeup

XSS in Word File Upload XSS (via embedded objects)

Writeup

XSS in Excel File Upload XSS (via embedded objects)

Writeup

XSS in PowerPoint File Upload XSS (via embedded objects)

Writeup

XSS in SVG File Upload XSS

Writeup

XSS in RTF File Upload XSS

Writeup

XSS in TIFF File Upload XSS

Writeup

XSS in BMP File Upload XSS

Writeup

XSS in PNG File Upload XSS

Writeup

XSS in GIF File Upload XSS

Writeup

XSS in JPEG File Upload XSS

Writeup

XSS in ICO File Upload XSS

Writeup

XSS in WebP File Upload XSS

Writeup

XSS in SVG File Upload XSS (embedded script)

Writeup

XSS in Font File Upload XSS (WOFF)

Writeup

XSS in EOT File Upload XSS

Writeup

XSS in OTF File Upload XSS

Writeup

XSS in WOFF File Upload XSS

Writeup

XSS in WOFF2 File Upload XSS

Writeup

XSS in Image EXIF XSS

Writeup

XSS in Video File Upload XSS

Writeup

XSS in Audio File Upload XSS

Writeup

XSS in Document File Upload XSS

Writeup

XSS in Archive File Upload XSS

Writeup

XSS in Config File Upload XSS

Writeup

XSS in Data File Upload XSS

Writeup

XSS in Metadata File Upload XSS

Writeup

XSS in Resource File Upload XSS

Writeup

XSS in Binary File Upload XSS

Writeup

SQL Injection Testing

0/140

Entry Point Detection - Simple characters

Writeup

Entry Point Detection - Multiple encoding

Writeup

Entry Point Detection - Merging characters

Writeup

Entry Point Detection - Logic Testing

Writeup

Entry Point Detection - Weird characters

Writeup

Use SQLmap to Identify Vulnerable Parameters

Writeup

Fill form in browser GUI & submit

Writeup

Find relevant request in BurpSuite

Writeup

Copy request to file and run SQLmap

Writeup

Run SQL injection scanner on all requests

Writeup

Bypassing WAF - Using Null byte before SQL query

Writeup

Bypassing WAF - Using SQL inline comment sequence

Writeup

Bypassing WAF - URL encoding

Writeup

Bypassing WAF - Changing Cases (uppercase/lowercase)

Writeup

Bypassing WAF - Use SQLMAP tamper scripts

Writeup

Time Delays - Oracle: dbms_pipe.receive_message

Writeup

Time Delays - Microsoft: WAITFOR DELAY

Writeup

Time Delays - PostgreSQL: SELECT pg_sleep

Writeup

Time Delays - MySQL: SELECT sleep

Writeup

Conditional Delays - Oracle: CASE WHEN

Writeup

Conditional Delays - Microsoft: IF (condition)

Writeup

Conditional Delays - PostgreSQL: CASE WHEN

Writeup

Conditional Delays - MySQL: IF(condition,sleep,'a')

Writeup

Blind SQL injection

Writeup

Error-based SQL injection

Writeup

Union-based SQL injection

Writeup

Stacked queries

Writeup

Second-order SQL injection

Writeup

SQL injection in JSON parameters

Writeup

SQL injection in API endpoints

Writeup

SQL injection in GraphQL

Writeup

NoSQL injection

Writeup

ORM injection

Writeup

SQL injection in headers

Writeup

SQL injection in cookies

Writeup

XPATH: 1; DROP TABLE users; --

Writeup

SQL injection in file upload

Writeup

SQL injection via XML

Writeup

SQL injection in JSON

Writeup

SQL injection in REST APIs

Writeup

SQL injection in SOAP

Writeup

SQL injection in GraphQL

Writeup

Second-order SQL injection

Writeup

SQL injection via user-agent spoofing

Writeup

SQL injection via Host header

Writeup

SQL injection via Referer header

Writeup

SQL injection via Cookie header

Writeup

SQL injection via X-Forwarded-* headers

Writeup

SQL injection via Origin header

Writeup

Time-based blind injection

Writeup

Boolean-based blind injection

Writeup

Error-based blind injection

Writeup

UNION-based blind injection

Writeup

Stacked blind injection

Writeup

Out-of-band blind injection

Writeup

DNS-based blind injection

Writeup

HTTP parameter pollution in SQL injection

Writeup

SQL injection in ORDER BY clause

Writeup

SQL injection in GROUP BY clause

Writeup

SQL injection in HAVING clause

Writeup

SQL injection in LIMIT/OFFSET

Writeup

SQL injection in subqueries

Writeup

SQL injection with conditional responses

Writeup

SQL injection with comments

Writeup

SQL injection with inline comments (--, /**/)

Writeup

SQL injection with multiline comments

Writeup

SQL injection with block comments (/* */)

Writeup

SQL injection with backtick bypass

Writeup

SQL injection with case switching

Writeup

SQL injection with encoding (URL, hex, double encoding)

Writeup

SQL injection with null byte bypass

Writeup

SQL injection with special characters (%00, 0x00, etc.)

Writeup

SQL injection with boolean blind

Writeup

SQL injection with time delay (sleep, waitfor delay, benchmark)

Writeup

SQL injection with conditional time delay (CASE WHEN, IF)

Writeup

SQL injection with DBMS-specific functions (dbms_pipe.receive_message, waitfor delay, pg_sleep)

Writeup

SQL injection with stored procedures

Writeup

SQL injection in triggers

Writeup

SQL injection in views

Writeup

SQL injection with user-defined functions

Writeup

SQL injection with ODBC functions

Writeup

SQL injection with NOSQL databases

Writeup

SQL injection in MongoDB

Writeup

SQL injection in Redis

Writeup

SQL injection in Elasticsearch

Writeup

SQL injection in CouchDB

Writeup

SQL injection in Cassandra

Writeup

SQL injection in PostgreSQL specific injections

Writeup

SQL injection in MySQL specific injections

Writeup

SQL injection in SQL Server specific injections

Writeup

SQL injection in Oracle specific injections

Writeup

SQL injection in SQLite

Writeup

SQL injection with OR injection

Writeup

SQL injection with AND injection

Writeup

SQL injection with stacked queries

Writeup

SQL injection with hex encoding

Writeup

SQL injection with char encoding

Writeup

SQL injection with unicode encoding

Writeup

SQL injection with base64 encoding

Writeup

SQL injection with XML entity injection

Writeup

SQL injection via GraphQL

Writeup

SQL injection via stored XSS

Writeup

SQL injection with error messages

Writeup

SQL injection with verbose error messages

Writeup

SQL injection in login forms

Writeup

SQL injection in password reset forms

Writeup

SQL injection in registration forms

Writeup

SQL injection in search forms

Writeup

SQL injection in filter forms

Writeup

SQL injection in API endpoints

Writeup

SQL injection in mobile apps

Writeup

SQL injection with WAF bypass techniques

Writeup

SQL injection with bypassing input validation

Writeup

SQL injection with bypassing parameter names

Writeup

SQL injection with bypassing value checks

Writeup

SQL injection with bypassing type checks

Writeup

SQL injection with blind injection techniques

Writeup

SQL injection with automated tools (sqlmap)

Writeup

SQL injection detection with tools (sqlmap, wpscan, nuclei)

Writeup

SQL injection manual testing techniques

Writeup

SQL injection cheat sheet payloads

Writeup

SQL injection for different databases (MySQL, PostgreSQL, SQL Server, Oracle)

Writeup

Base Steps: Identify all input parameters (query params, headers, body, cookies)

Writeup

Base Steps: Test with simple SQL injection payloads (' OR 1=1)

Writeup

Base Steps: Test for boolean-based blind injection

Writeup

Base Steps: Test for time-based blind injection (SLEEP, WAITFOR DELAY)

Writeup

Base Steps: Test for error-based injection (syntax errors)

Writeup

Base Steps: Test for UNION-based injection

Writeup

Base Steps: Test for stacked queries

Writeup

Base Steps: Test with encodings (URL, hex, double encoding)

Writeup

Base Steps: Test for second-order injection

Writeup

Base Steps: Test for comments to bypass filters (--, /* */)

Writeup

Base Steps: Test with NULL, '", ` tricks

Writeup

Base Steps: Test with backtick bypass for identifier quoting

Writeup

Base Steps: Test for case switching

Writeup

Base Steps: Use sqlmap for automated testing

Writeup

Base Steps: Analyze responses for database structure and version

Writeup

Tools: sqlmap, Burp Suite, NoSQLMap, WPScan

Writeup

Defenses: Input validation, parameterized queries, prepared statements

Writeup

Defenses: WAF, IPS, IDS

Writeup

Bug Bounty Tools

0/24

Bheem - Automation framework for reconnaissance

Writeup

3klcon - Automated reconnaissance tool

Writeup

Sudomy - Subdomain enumeration tool

Writeup

Osmedeus - Offensive security framework

Writeup

FinalRecon - All-in-one web reconnaissance tool

Writeup

reNgine - Automated reconnaissance framework

Writeup

Rock-ON - Reconnaissance and vulnerability scanning

Writeup

recon-pipeline - Automated reconnaissance pipeline

Writeup

chomp-scan - Fast web application scanner

Writeup

HydraRecon - Reconnaissance framework

Writeup

Sn1per - Automated pentest framework

Writeup

Amass - Attack surface mapping

Writeup

Sublist3r - Subdomain enumeration

Writeup

Chaos - DNS dataset client

Writeup

Altdns - Subdomain permutations

Writeup

ShuffleDNS - Subdomain bruteforcing

Writeup

Assetfinder - Domain discovery

Writeup

Gobuster - Directory/File busting

Writeup

ysoserial - Java deserialization payload generator

Writeup

Java-Deserialization-Scanner - Burp plugin to detect and exploit Java deserialization vulnerabilities

Writeup

jexboss - JBoss (and others Java Deserialization Vulnerabilities) Verification and Exploitation Tool

Writeup

Subdomain3 - High-speed subdomain scanner

Writeup

Findomain - Fast subdomain enumerator

Writeup

Dmut - Subdomain mutation tool

Writeup

Reconnaissance Tools

0/92

vsec7 - Security research and tools

Writeup

vulmon.com - Trends and vulnerability database

Writeup

orwagodfather/WordList - Wordlists for fuzzing

Writeup

six2dez/OneListForAll - Wordlists for brute force and more

Writeup

nomi-sec/PoC-in-GitHub - Private companies' GitHub code search

Writeup

Hawkwith-Awesome-Hacking - Curated hacking lists

Writeup

vavkamil/awesome-bugbounty-tools - Bug bounty tools collection

Writeup

Trickest/cve - CVE database and exploit database

Writeup

taielab/awesome-hacking-lists - Top-tier pentest tools

Writeup

ProjectDiscovery - Discover open-source projects

Writeup

opendoor.py - Protocol-specific brute forcer

Writeup

Mantra - Target reconnaissance and brute force

Writeup

theHarvester - Email enumeration

Writeup

Google Dorking tools (GHDB, ZoomEye, Google Hacking)

Writeup

Sublist3r - Subdomain enumeration

Writeup

Amass - Attack surface mapping

Writeup

Assetfinder - Find domains and subdomains

Writeup

masscan - Port scanner

Writeup

nmap - Network mapper and port scanner

Writeup

Shodan - Port and vulnerability scanner

Writeup

Censys - Asset discovery

Writeup

Bing Hacking API - Use for reconnaissance

Writeup

GitHub reconnaissance tools (GitDigger, gitdigger, etc.)

Writeup

Docker Hub images scanning

Writeup

Wayback Machine - Website archive

Writeup

Archive.today - Website snapshots

Writeup

SecurityTrails - API for security trails

Writeup

BinaryEdge - Binary analysis tools

Writeup

Ghidra - Binary decompiler

Writeup

IDA Pro - Disassembler/debugger

Writeup

x64dbg/x64dbg - Debugger

Writeup

OllyDbg - Debugger

Writeup

WinDbg - Debugger

Writeup

Ghidra - Binary analysis

Writeup

Angr - Symbolic execution framework

Writeup

SAGE - Disassembly framework

Writeup

Radare2 - Reverse engineering framework

Writeup

Frida - Reverse engineering tools

Writeup

IDA Pro - Disassembler

Writeup

Ghidra - Disassembler

Writeup

objdump - Object file disassembler

Writeup

ReadElf - ELF reader

Writeup

strings - Extract strings from binaries

Writeup

hexdump - Hex viewer

Writeup

xxd - Hex editor

Writeup

vuln - Binary vulnerability scanner

Writeup

checksec.sh - Source code scanner

Writeup

flawfinder - Source code analyzer

Writeup

SonarQube - Source code analyzer

Writeup

CodeQL - Query source code for vulnerabilities

Writeup

semgrep - Search code patterns

Writeup

grep - Search for strings in code

Writeup

git-secrets - Scan for secrets in git repos

Writeup

truffleHog - Smart contract analyzer

Writeup

Mythril - Smart contract analyzer

Writeup

Slither - Smart contract analyzer

Writeup

Oyente - Smart contract analyzer

Writeup

MythX - Smart contract analyzer

Writeup

Mantic - Binary exploitation framework

Writeup

Metasploit - Exploitation framework

Writeup

Burp Suite - Web application scanner and proxy

Writeup

OWASP ZAP - Web app scanner

Writeup

Nikto - Web scanner

Writeup

Wfuzz - Web fuzzer

Writeup

Dirsearch - Directory brute forcer

Writeup

GoBuster - Directory/File busting

Writeup

Feroxbuster - Directory busting

Writeup

Unicrawl - Website scanner

Writeup

wpscan - Vulnerability scanner

Writeup

nuclei - Vulnerability scanner

Writeup

xray - Advanced scanner

Writeup

sqlmap - SQL injection scanner

Writeup

NoSQLMap - NoSQL scanner

Writeup

Jaeles - Web application scanner

Writeup

Aquatone - Scanner

Writeup

Netsparker - Network scanner

Writeup

SQLmap - SQL injection tool

Writeup

DBPwAudit - Database password auditor

Writeup

Hashcat - Password cracker

Writeup

John the Ripper - Password cracker

Writeup

Hydra - Brute forcer

Writeup

Medusa - Brute forcer

Writeup

Patator - Brute forcer

Writeup

Crowbar - Brute forcer

Writeup

CeWL - Custom wordlist generator

Writeup

Crunch - Wordlist generator

Writeup

Hashcat - Password cracker

Writeup

Mimikatz - Password cracker

Writeup

RainbowCrack - Password cracker

Writeup

L0phtcrack - Password cracker

Writeup

Ophcrack - Password cracker

Writeup

Hashcat - Password cracker

Writeup

Cloud Security Testing

0/56

Test for AWS metadata service SSRF

Writeup

Check for IAM privilege escalation

Writeup

Test for S3 bucket misconfiguration

Writeup

Check for EC2 security group misconfig

Writeup

Test for Lambda injection

Writeup

Check for CloudFront misconfiguration

Writeup

Test for API Gateway issues

Writeup

Check for Cognito authentication bypass

Writeup

Test for AWS credential exposure

Writeup

Check for bucket name takeover

Writeup

Test for AWS resource IDOR

Writeup

Check for Lambda environment variables exposure

Writeup

Test for DynamoDB permission issues

Writeup

Check for SQS queue access

Writeup

Test for SNS topic access

Writeup

Test for CloudFormation template injection

Writeup

Test for AWS WAF bypass

Writeup

Check for AWS SSM parameter exposure

Writeup

Test for AWS KMS key issues

Writeup

Test for ECS container escape

Writeup

Test for EFS access issues

Writeup

Testing for cloud metadata endpoints

Writeup

Testing for IAM roles and permissions

Writeup

Testing for EC2 instance roles

Writeup

Testing for S3 bucket policies

Writeup

Testing for Lambda execution role

Writeup

Testing for API Gateway throttling

Writeup

Testing for CloudFront distributions

Writeup

Testing for AWS Shield WAF

Writeup

Testing for AWS GuardDuty

Writeup

Testing for AWS Security Hub

Writeup

Testing for AWS Config Rules

Writeup

Testing for AWS Organizations

Writeup

Testing for AWS Accounts

Writeup

Testing for AWS Regions

Writeup

Testing for multi-region deployment

Writeup

Testing for cross-account access

Writeup

Testing for third-party services access

Writeup

AWS SSRF payloads (ec2-169-254-0242.169.254.169.254)

Writeup

S3 bucket enumeration

Writeup

EC2 security group auditing

Writeup

Lambda function auditing

Writeup

API Gateway testing

Writeup

Cognito user pool testing

Writeup

RDS database testing

Writeup

DynamoDB table access

Writeup

SQS queue testing

Writeup

SNS topic subscription testing

Writeup

CloudFront distribution testing

Writeup

ECS task definition testing

Writeup

Step Functions state machine testing

Writeup

Secrets Manager rotation

Writeup

AWS Config rules monitoring

Writeup

CloudTrail logging and monitoring

Writeup

AWS Security Hub integration

Writeup

Tools: AWS CLI, Scout Suite, Prowler, Pacu

Writeup

Kubernetes Security

0/42

Test for Kubernetes dashboard access

Writeup

Check for Kubernetes pod escape

Writeup

Test for Kubernetes privilege escalation

Writeup

Check for Kubernetes secret access

Writeup

Test for Kubernetes API server access

Writeup

Check for Kubernetes etcd access

Writeup

Check for kubeconfig file exposure

Writeup

Check for service account token access

Writeup

Test for Kubernetes network policies bypass

Writeup

Check for container runtime escape

Writeup

Test for Kubernetes CVE-2019-1002101 (runc escape)

Writeup

Test for Kubernetes CVE-2019-5736 (runc escape)

Writeup

Test for Kubernetes CVE-2021-25741 (API server)

Writeup

Test for Kubernetes dirty pipe vulnerability (CVE-2022-0847)

Writeup

Test for Kubernetes CVE-2023-22515 (API server)

Writeup

Test for privileged container escape

Writeup

Test for container breakout via capabilities

Writeup

Test for node access

Writeup

Test for hostPath volume access

Writeup

Test for hostPID volume access

Writeup

Test for containerd socket access

Writeup

Test for privileged containers

Writeup

Test for admission controllers

Writeup

Test for resource quotas

Writeup

Test for network policies

Writeup

Test for security contexts

Writeup

Test for RBAC rules

Writeup

Test for pod security policies

Writeup

Test for namespace security policies

Writeup

Test for network policies enforcement

Writeup

Test for image vulnerability scanning

Writeup

Test for supply chain attacks

Writeup

Testing for Kubernetes secrets in secrets manager

Writeup

Testing for secrets in etcd

Writeup

Testing for secrets in environment variables

Writeup

Testing for secrets in config maps

Writeup

Testing for secrets in service accounts

Writeup

Kubernetes specific vulnerabilities

Writeup

Container escape techniques

Writeup

Privilege escalation in Kubernetes

Writeup

Network policy testing

Writeup

Tools: kubectl, kube-bench, kube-hunter, kube-audit

Writeup

Server-Side Request Forgery

0/54

Internal network scanning

Writeup

AWS metadata access

Writeup

Cloud metadata endpoints

Writeup

Local file reading via SSRF

Writeup

Port scanning via SSRF

Writeup

Blind SSRF

Writeup

SSRF in redirects

Writeup

DNS rebinding

Writeup

Gopher protocol SSRF

Writeup

Internal API access

Writeup

SSRF via URL parameter

Writeup

SSRF via HTTP header

Writeup

SSRF via JSON body

Writeup

SSRF via XML body

Writeup

SSRF via GraphQL

Writeup

SSRF via webhooks

Writeup

SSRF via callback URLs

Writeup

SSRF via HTTP Request Splitting

Writeup

SSRF via CRLF injection

Writeup

SSRF via HTTP header injection

Writeup

SSRF via file upload (sending malicious file to internal service)

Writeup

SSRF via email (sending URL to internal email system)

Writeup

SSRF via WebSocket

Writeup

SSRF via Server-Side Includes

Writeup

SSRF via PDF generation (reading local files via SSRF)

Writeup

SSRF via DNS pinning (extracting DNS records)

Writeup

SSRF via cloud metadata (AWS, GCP, Azure, DigitalOcean)

Writeup

SSRF via internal APIs (metadata, management, monitoring)

Writeup

SSRF via cloud storage (S3, GCS, Azure Blob)

Writeup

SSRF via container escape

Writeup

SSRF via SSRF in XML entities (XXE)

Writeup

SSRF via protocol-relative URLs (jar:, file:)

Writeup

SSRF in image uploads (EXIF parsing)

Writeup

SSRF in SVG files

Writeup

SSRF in PDF files

Writeup

SSRF in Office documents

Writeup

SSRF via webhooks

Writeup

SSRF via URL schemes (file://, ftp://, custom)

Writeup

SSRF via CORS misconfiguration

Writeup

SSRF in APIs (REST, GraphQL, gRPC)

Writeup

SSRF via GraphQL introspection

Writeup

SSRF via GraphQL mutations

Writeup

SSRF via batch operations

Writeup

SSRF via WebSocket

Writeup

SSRF via WebRTC

Writeup

SSRF blind techniques (out-of-band)

Writeup

SSRF time-based detection (sleep, benchmark)

Writeup

SSRF detection tools (ssrfmap, gau)

Writeup

SSRF payloads and test cases

Writeup

SSRF in microservices

Writeup

SSRF in serverless functions

Writeup

SSRF in containerized applications

Writeup

Defenses: Input validation, allowlists, network isolation

Writeup

Defenses: Rate limiting, monitoring and alerting

Writeup

Local File Inclusion (LFI)

0/59

Test for LFI via URL parameter

Writeup

Test for LFI via cookie

Writeup

Test for LFI via HTTP header

Writeup

TTest for LFI via POST parameter

Writeup

Test path traversal sequences (../, ..\)

Writeup

Test null byte injection

Writeup

Test for encoded path traversal

Writeup

Test for double encoding bypass

Writeup

Test for LFI with wrapper (php://, file://, etc.)

Writeup

Test for log file inclusion (/var/log/, /proc/self/environ)

Writeup

Test for /etc/passwd access

Writeup

Test for /etc/shadow access

Writeup

Test for web.config access

Writeup

Test for .htaccess access

Writeup

Test for /proc/self/environ access

Writeup

Test for /proc/self/cmdline access

Writeup

Test for LFI RCE via log poisoning

Writeup

Test for LFI with data:// wrapper

Writeup

Test for LFI with expect:// wrapper

Writeup

Test for LFI with zip:// wrapper

Writeup

Test for LFI with phar:// wrapper

Writeup

Test for LFI with php://input

Writeup

Test for LFI with php://filter

Writeup

Test for LFI with zip://input

Writeup

Test for LFI with zip://filter

Writeup

Test for LFI with compress.zlib://

Writeup

Test for LFI in data:// wrapper

Writeup

Test for LFI with expect://

Writeup

Test for LFI with glob://

Writeup

Test for LFI in file://

Writeup

Test for LFI with http://

Writeup

Test for LFI with ftp://

Writeup

Test for LFI in ftps://

Writeup

Test for LFI in jar:

Writeup

Test for LFI via local file inclusion

Writeup

Test for LFI via SMB/UNC paths (\\)

Writeup

Test for LFI in Windows paths

Writeup

Test for LFI in NTLM hash (Windows authentication)

Writeup

Test for LFI in macOS paths

Writeup

Test for LFI with user input in filename

Writeup

Test for LFI in File Upload (upload.php)

Writeup

Test for LFI in Image Upload

Writeup

Test for LFI in SVG File Upload

Writeup

Test for LFI in PDF File Upload

Writeup

Test for LFI in Office File Upload

Writeup

Test for LFI in Archive File Upload

Writeup

Test for LFI in Audio File Upload

Writeup

Test for LFI in Video File Upload

Writeup

Test for LFI in Font File Upload

Writeup

LFI bypass techniques

Writeup

LFI encoding bypass techniques

Writeup

LFI path traversal variations

Writeup

LFI in different programming languages (PHP, Java, Python, Node.js, etc.)

Writeup

LFI in CMS platforms

Writeup

LFI in frameworks

Writeup

LFI in containerized applications

Writeup

LFI detection tools (dotdotpwn, kadimus, liffy)

Writeup

LFI protection: Input validation, allowlisting, chroot

Writeup

LFI protection: File permissions, disable wrappers

Writeup

Admin Panel Testing

0/52

Access admin panel without authentication

Writeup

Test for default admin credentials

Writeup

Test for common admin paths (/admin, /administrator, /admin.php, etc.)

Writeup

Check for IDOR in admin operations

Writeup

Test for admin panel for SQL injection

Writeup

Test for admin panel for XSS

Writeup

Check for CSRF in admin actions

Writeup

Test for insecure direct object references in admin panel

Writeup

Check if admin can be accessed via different roles

Writeup

Test for privilege escalation to admin

Writeup

Test for mass assignment in admin forms

Writeup

Check if admin actions are properly validated

Writeup

Test for admin panel for rate limiting bypass

Writeup

Test for file upload vulnerabilities

Writeup

Test for information disclosure in error messages

Writeup

Test for IDOR in user management

Writeup

Test for IDOR in content management

Writeup

Test for IDOR in settings/configuration

Writeup

Test for IDOR in reports

Writeup

Test for IDOR in analytics

Writeup

Test for IDOR in notifications

Writeup

Test for unauthorized admin panel access

Writeup

Test for admin panel via API endpoints

Writeup

Test for admin panel via URL parameter manipulation

Writeup

Test for admin panel via path traversal

Writeup

Test for admin panel in mobile applications

Writeup

Test for weak authentication in admin panel

Writeup

Test for session management in admin panel

Writeup

Test for authorization bypass in admin panel

Writeup

Test for horizontal privilege escalation

Writeup

Test for vertical privilege escalation

Writeup

Test for forced browsing vulnerabilities

Writeup

Test for insecure direct object references in admin panel

Writeup

Test for missing security controls in admin operations

Writeup

Test for rate limiting on admin actions

Writeup

Test for CSRF in admin panel forms

Writeup

Test for XSS in admin panel

Writeup

Test for SQL injection in admin panel

Writeup

Test for sensitive information disclosure in admin panel

Writeup

Test for command injection in admin panel

Writeup

Test for file upload RCE in admin panel

Writeup

Test for default admin credentials (admin/admin, administrator/123456, etc.)

Writeup

Admin panel common vulnerabilities

Writeup

Admin panel security best practices

Writeup

Admin panel in mobile applications

Writeup

Admin panel in APIs and microservices

Writeup

Admin panel in SaaS applications

Writeup

Admin panel in CMS platforms (WordPress, Drupal, Joomla)

Writeup

Admin panel in e-commerce platforms

Writeup

Admin panel in banking applications

Writeup

Admin panel bug bounty methodology

Writeup

Admin panel penetration testing checklist

Writeup

Account Takeover

0/57

Test account takeover via password reset

Writeup

Test account takeover via email change

Writeup

Test account takeover via session fixation

Writeup

Test account takeover via OAuth misconfiguration

Writeup

Test account takeover via IDOR

Writeup

Test account takeover via CSRF

Writeup

test account takeover via subdomain takeover

Writeup

Test account takeover via JWT manipulation

Writeup

test account takeover via 2FA bypass

Writeup

test account takeover via host header injection

Writeup

test account takeover via open redirect

Writeup

test account takeover via parameter pollution

Writeup

test account takeover via response manipulation

Writeup

test for account enumeration

Writeup

test for credential stuffing

Writeup

Test for session hijacking

Writeup

Test for session token theft

Writeup

Test for authentication bypass

Writeup

Test for authorization bypass

Writeup

Test for privilege escalation

Writeup

Test for account takeover via social engineering

Writeup

Test for account takeover via password reuse

Writeup

Test for account takeover via weak password reset

Writeup

Test for account takeover via email verification bypass

Writeup

Test for account takeover via 2FA bypass

Writeup

Test for account takeover via OAuth token theft

Writeup

Test for account takeover via subdomain takeover and email poisoning

Writeup

Test for account takeover via session confusion attacks

Writeup

Test for account takeover through cross-site scripting

Writeup

Test for account takeover through clickjacking

Writeup

Test for account takeover through tabnabbing

Writeup

Test for account takeover through man-in-the-middle attacks

Writeup

Test for account takeover via race conditions in password reset

Writeup

Test for account takeover via response manipulation

Writeup

Test for account takeover via parameter pollution

Writeup

Test for account takeover via HTTP request splitting

Writeup

Test for account takeover via CRLF injection

Writeup

Test for account takeover via header injection

Writeup

Test for account takeover via SSRF

Writeup

Test for account takeover via XML External Entity (XXE)

Writeup

Test for account takeover via deserialization

Writeup

Test for account takeover via template injection

Writeup

Test for account takeover via insecure email delivery

Writeup

Test for account takeover via business logic flaws

Writeup

Test for account takeover via workflow bypass

Writeup

Test for account takeover via multi-factor authentication bypass

Writeup

Test for account takeover via missing security controls

Writeup

Test for account takeover through social account takeover

Writeup

Test for account takeover via API abuse

Writeup

Test for account takeover via mobile app vulnerabilities

Writeup

Test for account takeover via WebSocket hijacking

Writeup

Account takeover detection and prevention

Writeup

Account takeover security best practices

Writeup

Multi-factor authentication security

Writeup

Password security requirements

Writeup

Email security best practices

Writeup

Session security best practices

Writeup

XML External Entity Attacks (XXE)

0/56

Test for XXE in XML document

Writeup

Test for XML external entity injection

Writeup

Test for XML external entity in SOAP requests

Writeup

Test for XXE in SVG files

Writeup

Test for XXE in Excel files

Writeup

Test for XXE in Word documents

Writeup

Test for XXE in PowerPoint presentations

Writeup

Test for XXE in RTF documents

Writeup

Test for XXE via file upload

Writeup

XXE payloads and test cases

Writeup

Classic XXE attack vector (xml parameter)

Writeup

XML external entity injection via URL parameter

Writeup

XML external entity injection via POST body

Writeup

XXE in Content-Type header

Writeup

XXE in XML namespace declarations

Writeup

XXE in Document Type Definition (DTD)

Writeup

XXE in SYSTEM entities (<!ENTITY>)

Writeup

XXE via parameter entities

Writeup

External DTD retrieval (SYSTEM, file://, http://)

Writeup

XXE in External general entities

Writeup

XXE in parameter entities

Writeup

XXE in file protocol (file://, jar:, gopher:)

Writeup

XXE via network protocols (http://, ftp://, jar:)

Writeup

XXE via XML attributes (xml:base64, xml:external)

Writeup

XXE in SVG files (xml:base64)

Writeup

XXE in HTML img src (data:, javascript:)

Writeup

XXE in video embed tags (data:, javascript:)

Writeup

XXE in audio embed tags (data:, javascript:)

Writeup

XXE in source attributes (data:, javascript:)

Writeup

XXE in href attributes (javascript:)

Writeup

XXE in SVG filters

Writeup

XXE in CSS (expression(), url())

Writeup

XXE in CSS expressions

Writeup

XXE in JavaScript (location, href, src, data:)

Writeup

XXE in iframe srcdoc

Writeup

XXE in HTML imports

Writeup

XXE in XSLT stylesheets

Writeup

XXE in MathML and SVG

Writeup

XXE in WML and VML

Writeup

XXE in ActionScript in Flash

Writeup

XXE in PDF documents

Writeup

XXE in Word documents

Writeup

XXE in Excel spreadsheets

Writeup

XXE in PowerPoint presentations

Writeup

XXE in Visio drawings

Writeup

XXE in JSON files

Writeup

XXE in API requests (SOAP, REST, GraphQL)

Writeup

XXE in microservices

Writeup

XXE in WebSocket

Writeup

XXE in Server-Side Request Forgery (SSRF)

Writeup

XXE in Open Redirect (Open Redirect)

Writeup

XXE detection and exploitation

Writeup

XXE bypass techniques

Writeup

XXE defense strategies

Writeup

XXE vulnerability scanners

Writeup

XXE in popular tools

Writeup

Deserialization

0/29

Test for Java deserialization

Writeup

Test for Python pickle deserialization

Writeup

Test for PHP object injection

Writeup

Test for .NET deserialization

Writeup

Test for Ruby YAML deserialization

Writeup

Test for Node.js deserialization

Writeup

Use ysoserial for Java payload generation

Writeup

Use Java-Deserialization-Scanner Burp plugin

Writeup

Use jexboss for Java deserialization exploitation

Writeup

Test for deserialization via HTTP headers

Writeup

Test for deserialization via cookies

Writeup

Test for deserialization via POST parameters

Writeup

Test for deserialization via GET parameters

Writeup

Test for deserialization via JSON body

Writeup

Test for deserialization via XML body

Writeup

Test for deserialization via API endpoints

Writeup

Test for deserialization in file uploads

Writeup

Test for RCE via deserialization

Writeup

Test for gadget chain exploitation

Writeup

Test for CommonsCollections gadget chains

Writeup

Test for ysoserial.net payload generator

Writeup

Test for jexboss exploitation

Writeup

Test for ysoserial.py payload generation

Writeup

Deserialization in different libraries

Writeup

Deserialization in web applications

Writeup

Deserialization in APIs

Writeup

Deserialization in microservices

Writeup

Deserialization detection tools

Writeup

Deserialization prevention strategies

Writeup

API Security

0/46

API endpoint enumeration

Writeup

Authentication bypass in API

Writeup

API rate limiting

Writeup

Mass assignment

Writeup

Improper error handling

Writeup

API key security

Writeup

GraphQL injection

Writeup

API parameter pollution

Writeup

JSON injection

Writeup

XML injection

Writeup

JWT manipulation

Writeup

API versioning issues

Writeup

CORS misconfiguration

Writeup

GraphQL introspection

Writeup

GraphQL batch query abuse

Writeup

GraphQL alias abuse

Writeup

GraphQL directory traversal

Writeup

GraphQL DoS

Writeup

GraphQL NoSQL injection

Writeup

GraphQL mutation IDOR

Writeup

GraphQL nested query abuse

Writeup

GraphQL introspection enabled check

Writeup

GraphQL field limitation bypass

Writeup

GraphQL query depth limiting

Writeup

GraphQL subscription abuse

Writeup

GraphQL relay IDOR

Writeup

GraphQL nested mutation abuse

Writeup

GraphQL in REST APIs

Writeup

API authentication testing

Writeup

API authorization testing

Writeup

API input validation

Writeup

API output encoding

Writeup

API error handling

Writeup

API rate limiting bypass

Writeup

GraphQL introspection

Writeup

GraphQL payload testing

Writeup

GraphQL query complexity analysis

Writeup

GraphQL field duplication

Writeup

GraphQL alias enumeration

Writeup

GraphQL mutation testing

Writeup

GraphQL query introspection

Writeup

API testing tools

Writeup

API documentation

Writeup

API monitoring

Writeup

API security scanning

Writeup

API penetration testing

Writeup

File Upload Vulnerabilities

0/59

File type validation bypass

Writeup

File extension bypass

Writeup

Double extension upload

Writeup

Null byte injection

Writeup

MIME type spoofing

Writeup

File size limits

Writeup

Malicious file upload

Writeup

Image upload with embedded code

Writeup

Path traversal in file upload

Writeup

File overwriting

Writeup

Executable file upload

Writeup

Web shell upload

Writeup

File content validation bypass

Writeup

SVG file upload with XSS

Writeup

PHP file upload with web shell

Writeup

JSP file upload with web shell

Writeup

ASP file upload with web shell

Writeup

Node.js file upload with web shell

Writeup

Python file upload with web shell

Writeup

Ruby file upload with web web shell

Writeup

Perl file upload with web shell

Writeup

Bash file upload with web shell

Writeup

File upload via HTTP PUT method

Writeup

File upload via HTTP POST method

Writeup

File upload via multiple files

Writeup

File upload with large file size

Writeup

File upload with archive files (.zip, .tar, .rar)

Writeup

File upload with image polyglot

Writeup

File upload with HTML/JS payloads

Writeup

File upload with EXIF data

Writeup

File upload with PDF payloads

Writeup

File upload with Office document macros

Writeup

File upload in CMS platforms

Writeup

File upload in cloud storage

Writeup

File upload in APIs

Writeup

File upload in microservices

Writeup

File upload via GraphQL

Writeup

File upload via WebSocket

Writeup

Image steganography

Writeup

File upload with metadata manipulation

Writeup

File upload with filename manipulation

Writeup

File upload with content-type manipulation

Writeup

File upload with directory traversal

Writeup

File upload RCE

Writeup

File upload leading to server takeover

Writeup

File upload leading to XSS

Writeup

File upload leading to SSRF

Writeup

File upload leading to XXE

Writeup

File upload leading to LFI

Writeup

File upload polyglot examples

Writeup

File upload bypass WAF techniques

Writeup

File upload bypass encoding techniques

Writeup

Malicious file types (.php, .jsp, .asp, .jspx, .sh, .bash, .exe, .dll, .so, .bat, .cmd)

Writeup

Double extension bypass (.php.jpg, .png.php, .js.php)

Writeup

Null byte in filename

Writeup

Case sensitivity bypass (PhP vs .php)

Writeup

Web shell upload examples

Writeup

File upload detection tools

Writeup

File upload protection mechanisms

Writeup

Information Disclosure

0/86

Server version disclosure

Writeup

Error message leakage

Writeup

Debug mode enabled

Writeup

Backup files exposed

Writeup

Configuration files exposed

Writeup

Sensitive data in comments

Writeup

Directory listing enabled

Writeup

Source code disclosure

Writeup

Stack trace exposure

Writeup

Session tokens in URL

Writeup

PII exposure

Writeup

API keys in source code

Writeup

Git metadata exposed

Writeup

Internal IP disclosure

Writeup

Database credentials in response

Writeup

Email addresses in error messages

Writeup

Usernames in error messages

Writeup

Phone numbers in error messages

Writeup

Social security numbers in error messages

Writeup

AWS access keys exposed

Writeup

Cloud storage credentials exposed

Writeup

Database connection strings exposed

Writeup

Secret keys in environment variables

Writeup

File paths in error messages

Writeup

Internal API endpoints documented

Writeup

Debug endpoints exposed

Writeup

Admin panel documentation exposed

Writeup

Developer information in error messages

Writeup

Architecture information in error messages

Writeup

Infrastructure details in error messages

Writeup

Software version information exposed

Writeup

Configuration file content exposed

Writeup

HTTP headers exposing sensitive info

Writeup

Cookies exposing session information

Writeup

JavaScript revealing sensitive logic

Writeup

Frontend code exposing API endpoints

Writeup

Comments containing credentials or secrets

Writeup

Logs containing sensitive data

Writeup

Backup file naming conventions (predictable filenames)

Writeup

Default credentials in documentation

Writeup

API keys in client-side JavaScript

Writeup

Secret keys in build configurations

Writeup

Private keys in source code

Writeup

Database schemas exposed

Writeup

User agent strings revealing info

Writeup

Server header information disclosure

Writeup

Technology stack information disclosure

Writeup

Error pages revealing implementation details

Writeup

Debug parameters in URLs

Writeup

Sensitive information in HTTP responses

Writeup

JSON responses with sensitive data

Writeup

XML responses with sensitive data

Writeup

Sitemap files with sensitive info

Writeup

Robots.txt rules

Writeup

.htaccess and .htpasswd files

Writeup

Configuration management panel exposed

Writeup

Server configuration files exposed

Writeup

Environment variable names

Writeup

Hidden admin or debug endpoints

Writeup

API documentation revealing sensitive operations

Writeup

User enumeration via error messages

Writeup

Email enumeration via error responses

Writeup

Account lockout messages revealing info

Writeup

Password reset tokens in URLs

Writeup

Session IDs in URLs

Writeup

Captcha implementation details in errors

Writeup

Two-factor authentication mechanisms exposed

Writeup

OAuth details in error responses

Writeup

Third-party API keys in errors

Writeup

Cloud service credentials in responses

Writeup

Database connection strings exposed

Writeup

API rate limits in responses

Writeup

Feature flags in responses

Writeup

CORS headers revealing origins

Writeup

Cookie attributes in responses

Writeup

Redirect URLs revealing internal structure

Writeup

File paths in responses

Writeup

Directory structures in responses

Writeup

Server timing information disclosed

Writeup

Software version information

Writeup

Hostname and IP information

Writeup

Load balancer configuration disclosed

Writeup

CDN information disclosed

Writeup

Framework and library versions disclosed

Writeup

Build information exposed

Writeup

Deployment environment details

Writeup

403 and waf Bypass Techniques

0/57

403 bypass using /./ path

Writeup

403 bypass using %2e%20 at end of URL

Writeup

403 bypass using double URL encoding

Writeup

403 bypass using case sensitivity (.php vs .PHP)

Writeup

403 bypass using null byte injection

Writeup

403 bypass using special characters

Writeup

403 bypass using HTTP method manipulation

Writeup

403 bypass using header manipulation

Writeup

403 bypass using content-type manipulation

Writeup

403 bypass using host header spoofing

Writeup

403 bypass using referer header spoofing

Writeup

403 bypass using origin header change

Writeup

403 bypass using X-Forwarded-* headers

Writeup

403 bypass using HTTP protocol downgrade

Writeup

403 bypass using IP address change

Writeup

403 bypass using user agent spoofing

Writeup

403 bypass using HTTP/1.1 requests

Writeup

403 bypass via parameter pollution

Writeup

403 bypass via JSON payloads

Writeup

403 bypass via XML payloads

Writeup

File upload bypass (uploading .htaccess)

Writeup

403 bypass via path traversal

Writeup

403 bypass using size limit bypass

Writeup

403 bypass via time-based bypass

Writeup

403 bypass via IP whitelisting

Writeup

WAF bypass techniques for 403

Writeup

Cloudflare WAF bypass

Writeup

ModSecurity WAF bypass

Writeup

AWS WAF bypass

Writeup

Akamai WAF bypass

Writeup

Imperva WAF bypass

Writeup

Incapsula WAF

Writeup

Wordfence WAF bypass

Writeup

Barracuda WAF bypass

Writeup

Citrix NetScaler WAF bypass

Writeup

Cloudflare Enterprise WAF bypass

Writeup

Succuri WAF bypass

Writeup

Fastly WAF bypass

Writeup

Generic WAF evasion techniques

Writeup

SQL injection bypass for WAF

Writeup

XSS bypass for WAF

Writeup

CSRF bypass for WAF

Writeup

Command injection bypass for WAF

Writeup

File upload bypass for WAF

Writeup

Path traversal bypass for WAF

Writeup

Server-Side Request Forgery bypass for WAF

Writeup

XXE bypass for WAF

Writeup

Deserialization bypass for WAF

Writeup

API abuse bypass for WAF

Writeup

Rate limiting bypass for WAF

Writeup

Authentication bypass for WAF

Writeup

WAF bypass using encoding

Writeup

WAF bypass using case manipulation

Writeup

WAF bypass using special characters

Writeup

WAF bypass using fragmentation

Writeup

WAF bypass using HTTP method confusion

Writeup

WAF bypass using protocol confusion

Writeup

Platform-Specific Vulnerabilities

0/71

AEM misconfiguration vulnerabilities

Writeup

Jira vulnerabilities

Writeup

IIS bugs

Writeup

WordPress vulnerabilities

Writeup

Drupal vulnerabilities

Writeup

Joomla vulnerabilities

Writeup

Magento vulnerabilities

Writeup

Apache vulnerabilities

Writeup

Nginx vulnerabilities

Writeup

JBoss vulnerabilities

Writeup

WebSphere vulnerabilities

Writeup

WebLogic vulnerabilities

Writeup

Oracle WebLogic vulnerabilities

Writeup

ColdFusion vulnerabilities

Writeup

SharePoint vulnerabilities

Writeup

Liferay vulnerabilities

Writeup

Atlassian vulnerabilities

Writeup

Confluence vulnerabilities

Writeup

GitLab vulnerabilities

Writeup

SonarQube vulnerabilities

Writeup

Jenkins vulnerabilities

Writeup

Elasticsearch vulnerabilities

Writeup

MongoDB vulnerabilities

Writeup

Redis vulnerabilities

Writeup

Kubernetes vulnerabilities

Writeup

Docker vulnerabilities

Writeup

AWS vulnerabilities

Writeup

Azure vulnerabilities

Writeup

GCP vulnerabilities

Writeup

DigitalOcean vulnerabilities

Writeup

Heroku vulnerabilities

Writeup

Salesforce vulnerabilities

Writeup

SAP vulnerabilities

Writeup

Oracle Database vulnerabilities

Writeup

SQL Server vulnerabilities

Writeup

MySQL vulnerabilities

Writeup

PostgreSQL vulnerabilities

Writeup

MSSQL vulnerabilities

Writeup

MariaDB vulnerabilities

Writeup

SQLite vulnerabilities

Writeup

Cassandra vulnerabilities

Writeup

Neo4j vulnerabilities

Writeup

Couchbase vulnerabilities

Writeup

Firebase vulnerabilities

Writeup

Firebase vulnerabilities

Writeup

GraphQL platform vulnerabilities

Writeup

REST API vulnerabilities

Writeup

WebSocket vulnerabilities

Writeup

WebRTC vulnerabilities

Writeup

Serverless functions vulnerabilities

Writeup

Lambda vulnerabilities

Writeup

Cloud Functions vulnerabilities

Writeup

Static site generators vulnerabilities

Writeup

CMS-specific vulnerabilities

Writeup

E-commerce platform vulnerabilities

Writeup

Banking application vulnerabilities

Writeup

Payment gateway vulnerabilities

Writeup

Email service vulnerabilities

Writeup

SaaS application vulnerabilities

Writeup

API gateway vulnerabilities

Writeup

CDN vulnerabilities

Writeup

Load balancer vulnerabilities

Writeup

WAF bypass specific to each platform

Writeup

Default credentials for each platform

Writeup

Common misconfigurations for each platform

Writeup

Version-specific vulnerabilities

Writeup

Plugin and extension vulnerabilities

Writeup

Template injection vulnerabilities

Writeup

File upload vulnerabilities by platform

Writeup

Deserialization vulnerabilities by platform

Writeup

Authentication bypass by platform

Writeup

Rate Limiting & DoS

0/42

Test for rate limiting bypass

Writeup

Bypass rate limiting by changing HTTP methods

Writeup

Bypass rate limiting by IP rotation

Writeup

Bypass rate limiting by cookie changes

Writeup

Bypass rate limiting by session tokens

Writeup

Bypass rate limiting by header manipulation

Writeup

Bypass rate limiting via user agent spoofing

Writeup

Bypass rate limiting via parallel requests

Writeup

Bypass rate limiting via distributed attacks

Writeup

Bypass rate limiting via request splitting

Writeup

Bypass rate limiting via HTTP pipelining

Writeup

Bypass rate limiting via connection reuse

Writeup

Bypass rate limiting via proxy rotation

Writeup

Bypass rate limiting via API abuse

Writeup

Rate limiting detection

Writeup

Rate limiting fingerprinting

Writeup

Rate limiting analysis

Writeup

Rate limiting circumvention

Writeup

Testing for API rate limits

Writeup

Testing for API quota enforcement

Writeup

Testing for IP-based rate limiting

Writeup

Testing for token-based rate limiting

Writeup

Testing for user-based rate limiting

Writeup

Rate limiting in authentication

Writeup

Rate limiting in password reset

Writeup

Rate limiting in 2FA

Writeup

Rate limiting in registration

Writeup

Rate limiting in API key usage

Writeup

Rate limiting in file uploads

Writeup

Rate limiting in search functionality

Writeup

Rate limiting in forms

Writeup

Rate limiting in CAPTCHA challenges

Writeup

DoS techniques and defense

Writeup

HTTP flooding

Writeup

Application layer DDoS

Writeup

Network layer DDoS

Writeup

Volumetric DDoS attacks

Writeup

Reflected DDoS

Writeup

Amplification attacks

Writeup

DNS amplification attacks

Writeup

TCP SYN flood attacks

Writeup

UDP flood attacks

Writeup

Log4j Vulnerability

0/38

Test for Log4j CVE-2021-44228

Writeup

Inject JNDI payload in User-Agent header

Writeup

Inject JNDI payload in X-Forwarded-For header

Writeup

Inject JNDI payload in Referer header

Writeup

Inject JNDI payload in various HTTP headers

Writeup

Inject JNDI payload in cookies

Writeup

Inject JNDI payload in POST body parameters

Writeup

Inject JNDI payload in GET query parameters

Writeup

Inject JNDI payload in JSON body

Writeup

Inject JNDI payload in XML body

Writeup

Inject JNDI payload in YAML body

Writeup

Test for Log4j2 CVE-2021-45046

Writeup

Test for blind Log4j with canary domains

Writeup

Test for Log4j with canary token in cookies

Writeup

Test for Log4j with canary token in headers

Writeup

Test for Log4j in API responses

Writeup

Test for Log4j in JSON payloads

Writeup

Test for Log4j in XML payloads

Writeup

Test for Log4j in YAML payloads

Writeup

Test for Log4j in form inputs

Writeup

Test for Log4j in file uploads

Writeup

Log4j bypass techniques

Writeup

Log4j WAF bypass

Writeup

Log4j detection in logs

Writeup

Log4j prevention

Writeup

Disable JNDI lookups (jndi:*, ${jndi:ldap:})

Writeup

Disable Log4j decoding (${env:-LOG4J_FORMAT_MSG_LOOKUPS:disable})

Writeup

Disable Log4J default encoding (${env:-LOG4J_DEFAULT_ENCODING_TYPE:base64})

Writeup

Remove vulnerable dependencies from classpath

Writeup

Patch Log4j to version 2.17.1

Writeup

Mask Log4J in HTTP responses

Writeup

Restrict JNDI access to local network

Writeup

Monitor for Log4j exploitation attempts

Writeup

Enable WAF rules for Log4j

Writeup

Security best practices for logging

Writeup

Input validation for JNDI

Writeup

Output encoding for Log4j

Writeup

Secure configuration management

Writeup