πΊοΈ
Interactive MindMaps
Visual mind-maps covering 9 vulnerability categories with attack chains and exploitation workflows.
Explore MindMaps
π―
OWASP Resources
Comprehensive guides for OWASP Top 10, testing methodology, and Web Security Testing Guide (WSTG).
OWASP WSTG
Top 10
βοΈ
Attack Chain Library
Multi-stage attack scenarios: IDOR β Privilege Escalation, XSS β Session Hijacking, SQLi β RCE chains.
View Techniques
π‘
Exploit Database
Searchable archive of exploits, shellcodes, and proof-of-concepts for known vulnerabilities.
Exploit-DB
Packet Storm
π§
Misconfiguration Guides
Common security misconfigurations in cloud platforms, containers, APIs, and web servers.
View Guides
π
CVE Feeds & NVD
Latest Common Vulnerabilities and Exposures from National Vulnerability Database.
NVD
CVE Search
π’
Vendor Advisories
Official security bulletins from Microsoft, Google, Apache, Cisco, and major vendors.
Microsoft
Cisco
π
Security Blogs & Research
Cutting-edge security research, 0-days, and vulnerability disclosure from researchers.
PortSwigger
Orange Tsai
ZDI
π―
Bug Bounty Writeups
Real-world bug bounty reports from HackerOne, Bugcrowd, and independent researchers.
HackerOne
Pentester Land
π¬
Exploit PoCs & Tools
GitHub repositories with proof-of-concept exploits and exploitation frameworks.
Payloads
Nuclei
Critical emerging threats and real-time vulnerability monitoring (refreshed every hour)
Bounty Hunter
Security researcher who finds and reports vulnerabilities to organizations in exchange for monetary rewards.
Bug Bounty
CVSS Score
Common Vulnerability Scoring System - standardized metric (0-10) for measuring vulnerability severity.
Severity
Responsible Disclosure
Practice of reporting security vulnerabilities privately to the affected organization before public disclosure.
Ethics
Scope (Bug Bounty)
Defined boundaries of systems, domains, and vulnerabilities that are authorized for testing in a bug bounty program.
Bug Bounty
XSS (Cross-Site Scripting)
Injection vulnerability allowing attackers to inject malicious scripts into web pages viewed by other users.
Injection
CSRF (Cross-Site Request Forgery)
Attack forcing authenticated users to execute unwanted actions on a web application they're logged into.
Authentication
SQL Injection (SQLi)
Code injection technique exploiting SQL query vulnerabilities to manipulate database operations.
Injection
IDOR (Insecure Direct Object Reference)
Access control vulnerability allowing attackers to access unauthorized objects by modifying object identifiers.
Access Control
SSRF (Server-Side Request Forgery)
Vulnerability allowing attackers to make server send crafted requests to internal systems or external domains.
SSRF
XXE (XML External Entity)
Injection attack exploiting XML parsers to access local files, internal systems, or trigger denial of service.
Injection
LFI (Local File Inclusion)
Vulnerability allowing attackers to include local files on the server, potentially leading to code execution.
File Operations
RCE (Remote Code Execution)
Critical vulnerability allowing attackers to execute arbitrary code on a remote system.
Exploitation
Clickjacking
UI-based attack tricking users into clicking on malicious content disguised as legitimate interface elements.
Client-Side
Open Redirect
Vulnerability allowing attackers to redirect users to malicious external sites via manipulated URL parameters.
Redirection
Subdomain Takeover
Claiming ownership of unclaimed subdomains pointing to external services (GitHub Pages, AWS S3, etc.).
DNS
Bug Bounty Wiki