Practical payloads, real-world bypasses, and field-tested notes — built from experience, not theory.
This repository is a personal collection of my bug bounty notes — not a tutorial, not a course, but a focused archive of useful payloads, bypass techniques, injection points, and strategic tips I've gathered while learning and growing as a hacker.
If you're already familiar with what XSS, SSRF, or IDOR is — but often get stuck during testing or don’t know where to begin — this repository is made for you.
Each section is carefully maintained with things I’ve tested, learned, or observed from real-world bug bounty reports and top hackers. You won’t find definitions here — only what works when you're actually hunting.
I update it regularly as I learn more, discover new patterns, and experiment with different attack surfaces.
I’ve seen many resources explain what vulnerabilities are — but few show how to think while testing.
This checklist is my way of building discipline, sharpening my skills, and eventually creating something useful for other hunters too.
Right now, it's my personal toolbox.
One day, it might help someone else earn their first bounty.
- 🌐 Website: https://pavansec.pro
- 📧 Email:
ehpavan9@gmail.com
“This is not about copying payloads. It’s about building your mindset to find real bugs.”
— Pavan