A curated, ever-growing collection of bug bounty techniques, payloads, checklists, scripts, and references — organized so a researcher can find what they need in one grep.
Maintained by kdairatchi
Start: START-HERE.md (beginner→pro onboarding) · Map: INDEX.md · Fresh attack surface: Latest-2026/ · LLM/AI bounties: Cheatsheets/llm-security.md
| Dir | Contents |
|---|---|
Latest-2026/ |
Rolling tracker: HTTP desync, Next.js/framework CVEs, supply chain, K8s, appliances |
Awesome/ |
Curated awesome-lists — tools, resources, readings |
Cheatsheets/ |
Per-class cheatsheets (incl. Burp, LLM-security, AI tools, Keyhacks, tools index) |
Checklists/ |
Hunt checklists — web, mobile, API, cloud + vuln-classes + OWASP WSTG |
Methodology/ |
Hunt methodology, triage + validation, rules |
Notes/ |
Writeups log + daily research drops |
Payloads/ |
Categorized payloads (XSS, 403, JWT, WP, leaks) |
PoCs/ |
Proof-of-concept exploits |
Recon/ |
Recon playbook, subdomain enum, content discovery, JS analysis, GitHub dorking, Google/Shodan dorks |
RedTeam/ |
Red team TTPs, tooling, OPSEC |
Scripts/ |
Automation scripts — recon, fuzz, helpers |
Templates/ |
Report-writing + target-notes templates |
Web3/ |
Smart contract audit methodology, bug classes, grep arsenal, Foundry PoCs |
Links.md |
Master link index (1,300+ references) |
Targets.md |
Target intel notes |
bug.md |
Quick bug notes |
git clone https://github.com/kdairatchi/MyMac
cd MyMac
# Find something fast
grep -rln "SSRF" Checklists/ Cheatsheets/ Notes/
# Run a script
ls Scripts/kdairatchi/nuclei-templates-custom— personal nuclei templateskdairatchi/gf-patterns— gf pattern library (67 patterns, ERE-safe)kdairatchi/WordList— custom wordlists
Cross-Site Scripting (XSS) · SQL Injection · SSRF · RCE · IDOR · XXE · CSRF · Business Logic · Auth Bypass · OAuth / Access Token Theft · Race Conditions · File Upload · WAF Bypass · Subdomain Takeover · Cache Poisoning · Host Header Injection · Deserialization · Prototype Pollution · Mobile (iOS/Android) · API (REST/GraphQL) · Cloud (AWS/GCP/Azure) · Recon · Red Team Ops
See Links.md for the full indexed reading list.
This is a personal knowledge base, but PRs that add real, tested techniques (with a writeup link) are welcome. No AI-generated filler.
MIT — do whatever helps you hunt. Attribution appreciated, not required.
- GitHub: @kdairatchi
- Email: prowlr@proton.me
- Site: prowlrbot.com