# Bug Bounty

- [Bug Bounty Methodology](/bug-bounty/bug-bounty-methodology.md)
- [XSS](/bug-bounty/xss.md): Below are the commands and some automation stuff which normally use, some of these i have got from different places like twitter or linkedin
- [SQL Injection](/bug-bounty/sql-injection.md)
- [Command Injection](/bug-bounty/command-injection.md)
- [File Upload Pentesting](/bug-bounty/file-upload-pentesting.md)
- [Local and Remote File Inclusion](/bug-bounty/local-and-remote-file-inclusion.md)
- [Broken Authentication](/bug-bounty/broken-authentication.md)
- [Server Side Request Forgery (SSRF)](/bug-bounty/server-side-request-forgery-ssrf.md)
- [XML External Entity (XXE)](/bug-bounty/xml-external-entity-xxe.md): XXE happens where we can inject our XML inputs and those inputs are not being sanitized by XML Parser
- [Server Side Template Injection (SSTI)](/bug-bounty/server-side-template-injection-ssti.md)
- [ReconFTW (six2dez)](/bug-bounty/reconftw-six2dez.md): ReconFTW is the complete automation process for the bug bounty.It can find you subdomains,fuzzing,nuclei scanning and using more than 20 tools to find vulnerabilites.
- [JS Files](/bug-bounty/js-files.md)
- [SignUp Page](/bug-bounty/signup-page.md)