HowToHunt

HowToHunt.md
Account Takeover Methodology
- Account Takeover Methodology
Application Level DoS
- Application Level DoS Methods
Authentication Bypass
- 2FA Bypasses
- OTP Bypass
Broken-Link Hijacking
- Broken-Link Hijacking
Broken Auth And Session Management
- Session Based Bugs
CMS
- Wordpress
- Moodle
CORS
- CORS
- CORS Bypasses
CSRF
Finding CVEs
- CVES
CheckList
Web Page Source Code Review
- Web Page Code Review Tips
EXIF Geo Data Not Stripped
- EXIF Geo Data Not Stripped
File Upload Bypass
- File Upload Bypass
Find Origin IP
- Find Origin
GraphQL
- GraphQL
HTTP Desync Attack
- HTTP_Desync
Host-Header Attack
- Host-Header
HTML-Injection
- HTML-Injection
IDOR
- IDOR
JWT ATTACK
- JWT
MFA Bypass
- MFA Bypasses
- 2FA-Bypass
Misconfigurations
- Default Credential And Admin Panel
OAuth
- OAuth
Open Redirection
- Find OpenRedirect Trick
- Open Redirection Bypass
Parameter Pollution
- Parameter Pollution In Social Sharing Buttons
Password Reset Functionality
Rate Limit
- Rate-Limit Bypass
Recon
- Recon Workflow
- Subdomain Enumeration
SQLi
- SQL Injection.md
SSRF
- SSRF
- Blind SSRF
SSTI
- SSTI
Sign Up Functionality
- Sign Up Bugs
- Sign Up MindMap
Sensitive Info Leaks
Status Code Bypass
- Status_Code_Bypass Tips
- 403 Bypass
Subdomain Takeover
- Subdomain Takeover - Detail Method
- Subdomain Takeover - Easy Method
Tabnabbing
- Tabnabbing
WAF Bypasses
- WAF Bypass Using Headers
Weak Password Policy
- Weak Password Policy
XSS
- XSS
- Automated XSS
XXE
- XXE Methods

Sign Up MindMap

On this page

Was this helpful?