Mapping attack surface with rigor, clarity, and methodology.
This repository gathers an organized collection of studies, techniques, and processes used in bug bounty and offensive security, with focus on two areas that usually receive superficial attention:
- Reconnaissance — the process of understanding the real structure of a target.
- Reporting — the art of communicating vulnerabilities in a professional and verifiable way.
The goal is not to compile tool lists or ready‑made exploits.
It is to document how to think, how to map, and how to analyze — elements that truly differentiate a competent hunter from someone who only repeats tutorials.
/01-Recon/
mentalidade.md
recon-passivo.md
recon-ativo.md
automacao.md
checklist.md
/02-Vulnerabilidades/
sqli.md
ssrf.md
xss.md
idor.md
auth-bypass.md
misconfig.md
lfi-rfi.md
/03-Relatorios/
metodologia.md
templates.md
melhores-praticas.md
exemplos.md
erros-comuns.md
/04-Scans/
metodologia-scans.md
pipelines.md
ferramentas.md
interpretacao-resultados.md
README.md
LICENSE
Each section is written to be clear, deep, and practical — without noise and without artificial complexity.
Depth over aesthetics.
Clarity over complexity.
Methodology over tools.
This material is intended for those who want to:
- understand how a target actually works;
- learn to find weak signals that go unnoticed;
- structure investigations in a consistent way;
- produce reports that are reproducible, professional, and complete.
Ideal for:
- Beginners seeking clear direction;
- Intermediate hunters who want to improve quality and speed;
- Professionals who need a solid recon foundation;
- Anyone who values reasoning over checklists.
This project is licensed under Creative Commons BY-SA 4.0.
Contributions and forks are welcome.
Derivative works must retain the same license.
Pull requests are accepted as long as they follow:
- clarity
- technical rigor
- verifiability
Opinionated or superficial content will not be merged.