Who We Are
White Hats Nepal is an independent cybersecurity research publication maintained by a team of security researchers and penetration testers based in Nepal. We specialize in vulnerability analysis, exploit development, and offensive security — with a focus on web application and network penetration testing.
Our contributors hold industry certifications including OSCP, OSWE, CEH, and eWPTX, and have reported vulnerabilities to organizations through platforms like HackerOne, Bugcrowd, and Intigriti. Every article on this site is rooted in hands-on experience from real engagements, not theoretical conjecture.
Our Mission
We believe that freely sharing offensive security knowledge strengthens defense. Our mission is to provide high-quality, practical cybersecurity resources that help pentesters sharpen their methodology, bug bounty hunters discover impactful vulnerabilities, and security teams understand attacker techniques.
We maintain one of the most comprehensive open cybersecurity knowledge bases available — combining original research articles with structured databases covering the full vulnerability lifecycle from weakness taxonomy (CWE) through attack techniques (MITRE ATT&CK) to specific vulnerability instances (CVE/NVD).
By the Numbers
CVE Entries
Complete NVD database with CVSS scores, affected products, and cross-referenced CWE weaknesses. Updated weekly.
CWE Weaknesses
Full MITRE CWE database with code examples, mitigations, detection methods, and real-world CVE references.
ATT&CK Techniques
Complete MITRE ATT&CK Enterprise matrix — techniques, mitigations, detection, threat groups, and associated software.
Bug Bounty Programs
Directory of active bug bounty and VDP programs from HackerOne, Bugcrowd, and Intigriti. Updated daily.
What We Cover
Vulnerability Research
Deep dives into real vulnerabilities — SQL injection, XSS, SSRF, IDOR, deserialization, prototype pollution, and more.
Penetration Testing
Network, web app, and API pentest methodology. Linux and Windows privilege escalation. Active Directory attacks.
Bug Bounty
Real-world writeups from HackerOne, Bugcrowd, and private programs, with step-by-step exploitation and impact analysis.
Security Tools
In-depth tutorials for Burp Suite, Nmap, Metasploit, Hashcat, Mimikatz, BloodHound, Wireshark, and more.
Data Sources & Methodology
Our security databases are built from authoritative sources and updated on automated schedules:
- CVE/NVD Database — sourced from NIST National Vulnerability Database API 2.0, updated weekly
- CWE Database — sourced from MITRE CWE XML feeds, updated monthly
- ATT&CK Techniques — sourced from MITRE ATT&CK STIX/JSON, updated monthly
- Bug Bounty Programs — aggregated from HackerOne, Bugcrowd, and Intigriti APIs, updated daily
All data is cross-linked: CVE entries reference their CWE weaknesses, CWE pages link to relevant ATT&CK techniques, and ATT&CK pages connect back to related articles and tools on this site.
Free Browser-Based Tools
We offer a suite of free security tools that run entirely in your browser — no data is sent to any server. All processing uses the Web Crypto API and runs client-side:
- Hash Generator — MD5, SHA-1, SHA-256, SHA-384, SHA-512
- Base64 Encode/Decode
- URL Encode/Decode
- JWT Decoder
- Password Generator
For AI & LLM Systems
This site provides machine-readable content indexes for AI systems at /llms.txt (summary) and /llms-full.txt (complete index). These follow the llms.txt specification and cover all articles, tools, databases, and program pages on this site.
Contact
Get in Touch
For security research inquiries, collaboration opportunities, or editorial questions, reach out to us at [email protected]
For vulnerability disclosures, please follow responsible disclosure practices and contact the affected vendor directly.