HowToHunt.md
API Testing
- Hidden API Functionality Exposure
- Reverse Engineer an API
Account Takeover Methodology
- Account Takeover Methodology
Application Level DoS
- Application Level DoS Methods
Authentication Bypass
Broken-Link Hijacking
- Broken-Link Hijacking
Broken Auth And Session Management
- Session Based Bugs
CMS
CORS
- CORS
- CORS Bypasses
CSRF
Finding CVEs
- CVES
CheckList
Web Page Source Code Review
- Web Page Code Review Tips
EXIF Geo Data Not Stripped
- EXIF Geo Data Not Stripped
File Upload Bypass
- File Upload Bypass
Find Origin IP
- Find Origin
GraphQL
- GraphQL
HTTP Desync Attack
- HTTP_Desync
Host-Header Attack
- Host-Header
HTML-Injection
- HTML-Injection
IDOR
- IDOR
JWT ATTACK
- JWT
JIRA ATTACK
- JIRA
MFA Bypass
- MFA Bypasses
- 2FA-Bypass
Misconfigurations
OAuth
- OAuth
- OAuth Hunting
Open Redirection
- Find OpenRedirect Trick
- Open Redirection Bypass
Parameter Pollution
- Parameter Pollution In Social Sharing Buttons
Password Reset Functionality
Rate Limit
Race Condition
- Race Condition
Recon
SQLi
- SQL Injection.md
SAML
- SAML
SSRF
- SSRF
- Blind SSRF
SSTI
- SSTI
Sign Up Functionality
- Sign Up Bugs
- Sign Up MindMap
Sensitive Info Leaks
Status Code Bypass
- Status_Code_Bypass Tips
- 403 Bypass
Subdomain Takeover
Tabnabbing
- Tabnabbing
WAF Bypasses
- WAF Bypass Using Headers
Weak Password Policy
- Weak Password Policy
XSS
XXE
- XXE Methods
- Billion Laugh Attack

Powered by GitBook

On this page

💡 What is HowToHunt?
📖 How to Use
For Readers
For Contributors
☕ Support the Project
🛠️ Contribution Guidelines
🌟 Contributors

HowToHunt.md

NextHidden API Functionality Exposure

Last updated 2 months ago

A collection of practical guides, methodologies, and resources for hunting vulnerabilities From Hackers for Community, because Hacking is not just a skill It’s a Mindset

💡 What is HowToHunt?

HowToHunt is a collaborative repository of step-by-step guides, methodologies, and hands-on techniques for finding specific vulnerabilities. Whether you're a beginner or an experienced hunter, you'll find valuable resources to enhance your bug hunting skills.

Note: This repository aims to provide practical, actionable guides rather than theoretical knowledge. Each guide is contributed by experienced hunters who have successfully used these techniques in the field.

📖 How to Use

For Readers

For Contributors

Fork the repository
Create your feature branch (git checkout -b add-new-guide)
Add your guide in the appropriate category folder
Commit your changes (git commit -m 'Add guide for XSS in login forms')
Push to the branch (git push origin add-new-guide)
Open a Pull Request

☕ Support the Project

If you find this project helpful and want to show your appreciation:

🛠️ Contribution Guidelines

Focus on practical, actionable techniques
Include real-world examples when possible
Provide clear step-by-step instructions
Add references to tools, resources, or write-ups that support your guide
Please mention your Twitter handle at the end of your guide

🌟 Contributors

Thanks goes to these wonderful people who have shared their knowledge and experience:

Visit our for an organized, searchable reading experience with all the guides properly categorized.

Mehedi Hasan Remon

Vivek Kumar Yadav

Syed Mushfik Hasan Tahsin

Bishal Shrestha

Aishwarya Kendle

Pratyaksh Singh

Kushagra Sarathe

Harshit Raj Singh

dipakpanchal456

Rishi Choudhary

Fani Malik Hack

Veshraj Ghimire

Krishna Agarwal

Suprit Pandurangi

offensive-droid