Table of contents HowToHunt.md Account Takeover Methodology Account Takeover Methodology Application Level DoS Application Level DoS Methods Authentication Bypass 2FA Bypasses OTP Bypass Broken-Link Hijacking Broken-Link Hijacking Broken Auth And Session Management Session Based Bugs CMS Wordpress Moodle CORS CORS CORS Bypasses CSRF CSRF CSRF Bypass Finding CVEs CVES CheckList Web Application Pentesting Checklist Web Checklist by Chintan Gurjar.pdf Mindmap by Rohit Gautam Mindmap by Cristian Cornea Web Page Source Code Review Web Page Code Review Tips EXIF Geo Data Not Stripped EXIF Geo Data Not Stripped File Upload Bypass File Upload Bypass Find Origin IP Find Origin GraphQL GraphQL HTTP Desync Attack HTTP_Desync Host-Header Attack Host-Header HTML-Injection HTML-Injection IDOR IDOR JWT ATTACK JWT MFA Bypass MFA Bypasses 2FA-Bypass Misconfigurations Default Credential And Admin Panel OAuth OAuth Open Redirection Find OpenRedirect Trick Open Redirection Bypass Parameter Pollution Parameter Pollution In Social Sharing Buttons Password Reset Functionality MindMap Password Reset Token Leakage Account_Takeover_By_Password_Reset_Functionality Rate Limit Rate-Limit Bypass Recon Recon Workflow Subdomain Enumeration SQLi SQL Injection.md SSRF SSRF Blind SSRF SSTI SSTI Sign Up Functionality Sign Up Bugs Sign Up MindMap Sensitive Info Leaks Github Recon Method Github-Dorks Github Dorks All Google Dorks Shodan CVE Dorks Status Code Bypass Status_Code_Bypass Tips 403 Bypass Subdomain Takeover Subdomain Takeover - Detail Method Subdomain Takeover - Easy Method Tabnabbing Tabnabbing WAF Bypasses WAF Bypass Using Headers Weak Password Policy Weak Password Policy XSS XSS Automated XSS XXE XXE Methods