# White Hats Nepal — Full Content Index > Complete content index for LLM consumption. This file lists all pages, articles, tools, and bug bounty program pages on blog.pentestnepal.tech. ## Site Structure - Homepage: https://blog.pentestnepal.tech/ - Articles Index: https://blog.pentestnepal.tech/articles/ - Writeups Index: https://blog.pentestnepal.tech/writeups/ - Tools Index: https://blog.pentestnepal.tech/tools/ - Bug Bounty Directory: https://blog.pentestnepal.tech/bugbounty/ - About: https://blog.pentestnepal.tech/about/ - Privacy Policy: https://blog.pentestnepal.tech/privacy/ - Terms of Use: https://blog.pentestnepal.tech/terms/ - CWE Database: https://blog.pentestnepal.tech/cwe/ - ATT&CK Techniques: https://blog.pentestnepal.tech/attack/ - CVE Database: https://blog.pentestnepal.tech/cve/ ## Articles - [SQL Injection Explained](https://blog.pentestnepal.tech/article/sql-injection-explained-a-deep-dive-for-pentesters-bug-bounty-hunters/) — Complete guide to SQL injection attacks, detection, and prevention - [SSRF Vulnerability Example](https://blog.pentestnepal.tech/article/ssrf-vulnerability-example-a-pentesters-guide-to-exploitation/) — Server-Side Request Forgery exploitation techniques - [IDOR Vulnerability Writeup](https://blog.pentestnepal.tech/article/idor-vulnerability-writeup-exploiting-insecure-direct-object-references/) — Insecure Direct Object Reference attacks - [CSRF Attacks Guide](https://blog.pentestnepal.tech/article/unmasking-csrf-attacks-a-pentesters-practical-guide/) — Cross-Site Request Forgery deep dive - [HTTP Request Smuggling](https://blog.pentestnepal.tech/article/http-request-smuggling-explained-a-pentesters-guide/) — Request smuggling techniques and detection - [OAuth Misconfiguration](https://blog.pentestnepal.tech/article/oauth-misconfiguration-bug-bounty-expert-exploitation-guide/) — OAuth security flaws for bug bounty - [Prototype Pollution](https://blog.pentestnepal.tech/article/prototype-pollution-exploitation-a-pentesters-practical-guide/) — JavaScript prototype pollution exploitation - [XSS on eBay](https://blog.pentestnepal.tech/article/xssonebay/) — Real-world XSS vulnerability writeup - [Nmap Tutorial](https://blog.pentestnepal.tech/article/nmap-tutorial-for-pentesters-deep-dive-into-network-scanning/) — Network scanning with Nmap - [Burp Suite Tutorial](https://blog.pentestnepal.tech/article/burp-suite-tutorial-for-pentesters-your-ultimate-guide/) — Web application testing with Burp Suite - [Metasploit Tutorial](https://blog.pentestnepal.tech/article/metasploit-tutorial-for-pentesters-your-ultimate-exploitation-guide/) — Exploitation framework guide - [Hashcat Tutorial](https://blog.pentestnepal.tech/article/hashcat-tutorial-master-password-cracking-with-hashcat/) — Password cracking with Hashcat - [Mimikatz Tutorial](https://blog.pentestnepal.tech/article/mimikatz-tutorial-a-deep-dive-for-pentesters-red-teamers/) — Windows credential extraction - [BloodHound AD](https://blog.pentestnepal.tech/article/bloodhound-active-directory-finding-hidden-attack-paths/) — Active Directory attack path analysis - [Wireshark Tutorial](https://blog.pentestnepal.tech/article/wireshark-tutorial-for-pentesters-deep-dive-into-packet-analysis/) — Network packet analysis - [Kali Linux Commands](https://blog.pentestnepal.tech/article/kali-linux-commands-for-pentesters-bug-bounty-hunters/) — Essential Kali Linux commands - [Linux Privilege Escalation](https://blog.pentestnepal.tech/article/linux-privilege-escalation-a-pentesters-practical-guide/) — Linux privesc techniques - [Windows Privilege Escalation](https://blog.pentestnepal.tech/article/windows-privilege-escalation-cheatsheet-your-ultimate-guide-for-pentesters/) — Windows privesc cheatsheet - [Active Directory Attacks](https://blog.pentestnepal.tech/article/active-directory-attack-techniques-a-pentesters-practical-guide/) — AD attack techniques - [Network Pentesting Methodology](https://blog.pentestnepal.tech/article/network-penetration-testing-methodology-a-pro-pentesters-guide/) — Network testing methodology - [Web App Security Testing](https://blog.pentestnepal.tech/article/web-application-security-testing-guide-a-deep-dive-for-pentesters/) — Web application security testing guide - [API Pentesting Methodology](https://blog.pentestnepal.tech/article/api-pentesting-methodology-a-pro-security-testing-guide/) — API security testing - [OWASP Top 10](https://blog.pentestnepal.tech/article/owasp-top-10-explained-a-pentesters-practical-guide/) — OWASP Top 10 explained - [Pentest Checklist](https://blog.pentestnepal.tech/article/pentest-checklist-a-pros-guide-to-systematic-security-testing/) — Systematic penetration testing checklist - [Bug Bounty for Beginners](https://blog.pentestnepal.tech/article/bug-bounty-for-beginners-your-first-steps-to-finding-vulnerabilities/) — Getting started in bug bounty - [Reverse Shell Cheatsheet](https://blog.pentestnepal.tech/article/reverse-shell-cheatsheet-your-ultimate-pentesting-guide/) — Reverse shell one-liners - [Subdomain Enumeration](https://blog.pentestnepal.tech/article/subdomain-enumeration-tools-a-pentesters-deep-dive/) — Subdomain discovery tools - [Directory Bruteforce Tools](https://blog.pentestnepal.tech/article/directory-bruteforce-tools-best-pointers-for-pentesters/) — Directory bruteforcing tools - [HackTheBox Walkthroughs](https://blog.pentestnepal.tech/article/hackthebox-ctf-walkthroughs-a-pentesters-practical-guide/) — CTF walkthrough guide ## Free Security Tools All tools run entirely in the browser — no data is sent to any server. - [Hash Generator](https://blog.pentestnepal.tech/tools/hash-generator/) — Generate MD5, SHA-1, SHA-256, SHA-384, SHA-512 hashes from text - [Base64 Encode/Decode](https://blog.pentestnepal.tech/tools/base64/) — Convert between plaintext and Base64 encoding - [URL Encode/Decode](https://blog.pentestnepal.tech/tools/url-encode/) — Encode/decode URLs with encodeURI and encodeURIComponent - [JWT Decoder](https://blog.pentestnepal.tech/tools/jwt-decoder/) — Decode JSON Web Tokens, view claims and expiration - [Password Generator](https://blog.pentestnepal.tech/tools/password-generator/) — Cryptographically secure passwords with Web Crypto API ## Bug Bounty Programs Directory Directory of 795+ programs from HackerOne, Bugcrowd, and Intigriti. Updated daily. Full listing: https://blog.pentestnepal.tech/bugbounty/ Notable programs include: Stripe, Netflix, Uber, Airbnb, Shopify, GitHub, GitLab, Slack, Reddit, Tesla, Coinbase, PayPal, Adobe, HackerOne, Bugcrowd, Google (via HackerOne), Meta, TikTok, Spotify, and hundreds more. Each program page includes: - Program type (Bug Bounty vs VDP) - Platform and managed status - In-scope and out-of-scope assets - Maximum payout information - Hunting tips with links to relevant articles - FAQ section - Related programs ## CWE Weakness Database Complete database of 944 CWE entries from MITRE. Index: https://blog.pentestnepal.tech/cwe/ Each CWE page includes: - Detailed weakness description and extended analysis - Potential impact by scope (Confidentiality, Integrity, Availability, Access Control) - Demonstrative code examples (vulnerable and fixed code) - Mitigation strategies organized by development phase (Architecture, Design, Implementation, Operation) - Detection methods (SAST, DAST, manual review) - Real-world CVE examples with links to NVD - Related weaknesses (parent, child, peer) - OWASP, CERT, and other taxonomy mappings - FAQ section - Links to related articles on the site Notable CWE entries: - [CWE-89: SQL Injection](https://blog.pentestnepal.tech/cwe/89-improper-neutralization-of-special-elements-used-in-an-sql-command-sql-injection/) - [CWE-79: Cross-Site Scripting (XSS)](https://blog.pentestnepal.tech/cwe/79-improper-neutralization-of-input-during-web-page-generation-cross-site-scripting/) - [CWE-22: Path Traversal](https://blog.pentestnepal.tech/cwe/22-improper-limitation-of-a-pathname-to-a-restricted-directory-path-traversal/) - [CWE-352: CSRF](https://blog.pentestnepal.tech/cwe/352-cross-site-request-forgery-csrf/) - [CWE-918: SSRF](https://blog.pentestnepal.tech/cwe/918-server-side-request-forgery-ssrf/) - [CWE-78: OS Command Injection](https://blog.pentestnepal.tech/cwe/78-improper-neutralization-of-special-elements-used-in-an-os-command-os-command-i/) - [CWE-502: Insecure Deserialization](https://blog.pentestnepal.tech/cwe/502-deserialization-of-untrusted-data/) - [CWE-434: Unrestricted File Upload](https://blog.pentestnepal.tech/cwe/434-unrestricted-upload-of-file-with-dangerous-type/) ## MITRE ATT&CK Techniques Database Complete database of 697 MITRE ATT&CK Enterprise techniques across 15 tactics. Index: https://blog.pentestnepal.tech/attack/ Each technique page includes: - Detailed technique description with Markdown rendering - Platforms (Windows, Linux, macOS, etc.) - Sub-techniques listing (for parent techniques) - Mitigations with MITRE mitigation IDs - Detection guidance - Associated threat groups with context - Associated software (malware and tools) - Related CWE weaknesses (cross-linked) - External references - FAQ section Notable techniques: - [T1059: Command and Scripting Interpreter](https://blog.pentestnepal.tech/attack/t1059-command-and-scripting-interpreter/) - [T1190: Exploit Public-Facing Application](https://blog.pentestnepal.tech/attack/t1190-exploit-public-facing-application/) - [T1003: OS Credential Dumping](https://blog.pentestnepal.tech/attack/t1003-os-credential-dumping/) - [T1078: Valid Accounts](https://blog.pentestnepal.tech/attack/t1078-valid-accounts/) - [T1110: Brute Force](https://blog.pentestnepal.tech/attack/t1110-brute-force/) - [T1046: Network Service Discovery](https://blog.pentestnepal.tech/attack/t1046-network-service-discovery/) ## CVE Vulnerability Database Complete NVD database with 250,000+ CVE entries. Index: https://blog.pentestnepal.tech/cve/ Each CVE page includes: - Vulnerability description - CVSS v2/v3.1 score with detailed metrics (attack vector, complexity, privileges, impact) - Affected products with vendor, product name, and version ranges - Related CWE weaknesses (cross-linked to CWE database) - External references with tags (Patch, Exploit, Vendor Advisory, etc.) - FAQ section - Links to NVD Search by CVE ID (e.g., CVE-2024-1234) on the index page. Updated weekly from NVD API 2.0.