# Web

- [Enumeration](/web/enumeration.md): Find all content and functionality on a website, to get an idea of the attack surface. Often through fuzzing
- [Finding Hosts & Domains](/web/enumeration/finding-hosts-and-domains.md): Find domain names and hosts relating to a company
- [Masscan](/web/enumeration/masscan.md): Use masscan to asynchronously scan for open ports at incredible speeds, then later analyze the results with other tools
- [Nmap](/web/enumeration/nmap.md): Network scanning tool with enumeration script to get detailed information about TCP/UDP ports, and the underlying system
- [OSINT](/web/enumeration/osint.md): Open Source INTelligence: Abusing public information
- [Client-Side](/web/client-side.md): Attacks on the browser, often involving the victim landing on an attacker's site
- [Cross-Site Scripting (XSS)](/web/client-side/cross-site-scripting-xss.md): Inject JavaScript code on victims to perform actions on their behalf
- [HTML Injection](/web/client-side/cross-site-scripting-xss/html-injection.md): Tricks possible with malicious HTML, in case XSS is not quite possible
- [Content-Security-Policy (CSP)](/web/client-side/cross-site-scripting-xss/content-security-policy-csp.md): The CSP response header restricts what resources are allowed to execute, but can sometimes be bypassed
- [postMessage Exploitation](/web/client-side/cross-site-scripting-xss/postmessage-exploitation.md): Send cross-origin messages with arbitrary data, which can easily lead to Cross-Site Scripting in vulnerable handler that fail to verify the origin
- [CSS Injection](/web/client-side/css-injection.md): Injecting CSS code to leak content on a page using selectors
- [Cross-Site Request Forgery (CSRF)](/web/client-side/cross-site-request-forgery-csrf.md): Submitting data-altering requests blindly from your domain on the client-side. Cookies are automatically sent, often requiring CSRF tokens as protection
- [XS-Leaks](/web/client-side/xs-leaks.md): Leaking information cross-site often through private search features
- [Client-Side Path Traversal (CSPT)](/web/client-side/client-side-path-traversal-cspt.md): Using ../ sequences and URL parts to rewrite requests made by the browser
- [CRLF / Header Injection](/web/client-side/crlf-header-injection.md): Manipulate HTTP headers in your favor or insert completely new ones with even more control
- [Window Popup Tricks](/web/client-side/window-popup-tricks.md): Abusing browser functionality to do interesting things with popups and interactions
- [WebSockets](/web/client-side/websockets.md)
- [Caching](/web/client-side/caching.md): Remember static content to resolve less requests by the backend
- [Headless Browsers](/web/client-side/headless-browsers.md): Tricks for dealing with input into headless browsers on the server, using client-side methods
- [Server-Side](/web/server-side.md): Attacks that have impact on the server, often by abusing dangerous functionality
- [SQL Injection](/web/server-side/sql-injection.md): An infamous and simple attack where code is injected where data should be, rewriting the SQL Query
- [NoSQL Injection](/web/server-side/nosql-injection.md): NoSQL databases are a type of database where objects are used instead of SQL strings. MongoDB is common but more are vulnerable
- [GraphQL](/web/server-side/graphql.md): Query structured data through an API and perform mutations with authorization
- [XML External Entities (XXE)](/web/server-side/xml-external-entities-xxe.md): Injecting Entities into XML data to read local files and exfiltrate data
- [HTTP Request Smuggling](/web/server-side/http-request-smuggling.md): Parsing of Content-Length and Transfer-Encoding headers leads to messing with boundaries of requests
- [Local File Disclosure](/web/server-side/local-file-disclosure.md): Gain information by reading files on a web server, also known as Local File Inclusion (LFI)
- [Arbitrary File Write](/web/server-side/arbitrary-file-write.md): Being able to create or overwrite files on a server, often causing Remote Code Execution (RCE)
- [Reverse Proxies](/web/server-side/reverse-proxies.md): Servers on top of web applications that route traffic, manage headers and more
- [ImageMagick](/web/server-side/imagemagick.md): A tool/library for converting and editing images of many formats, with some older versions having known vulnerabilities
- [Frameworks](/web/frameworks.md): Libraries for specific programming languages that make development easier, with their own quirks
- [Flask](/web/frameworks/flask.md): A Python library working with Werkzeug and Jinja2
- [Ruby on Rails](/web/frameworks/ruby-on-rails.md): A common web framework for the Ruby Programming Language
- [NodeJS](/web/frameworks/nodejs.md): The backend for running JavaScript as a server or application
- [Bun](/web/frameworks/bun.md): An alternative JavaScript runtime with unique libraries and quirks
- [WordPress](/web/frameworks/wordpress.md): A popular Content Management System (CMS) for static content, with a visual UI
- [Angular](/web/frameworks/angular.md): Frontend framework with template-like syntax