# Hunting- 🎯

A comprehensive collection of security testing resources and payloads for bug bounty hunters, penetration testers, and security researchers.

## 📁 Repository Structure

### OWASP Top 10 Payloads
This repository contains a complete collection of testing payloads organized by the OWASP Top 10 (2021) security risk categories.

- **[A01 - Broken Access Control](./OWASP-Top-10/A01-Broken-Access-Control/)** - Path traversal, IDOR, privilege escalation
- **[A02 - Cryptographic Failures](./OWASP-Top-10/A02-Cryptographic-Failures/)** - Weak crypto, hardcoded credentials
- **[A03 - Injection](./OWASP-Top-10/A03-Injection/)** - SQL, XSS, Command, LDAP injection
- **[A04 - Insecure Design](./OWASP-Top-10/A04-Insecure-Design/)** - Business logic flaws
- **[A05 - Security Misconfiguration](./OWASP-Top-10/A05-Security-Misconfiguration/)** - Default credentials, misconfigurations
- **[A06 - Vulnerable Components](./OWASP-Top-10/A06-Vulnerable-Outdated-Components/)** - Known vulnerable libraries
- **[A07 - Authentication Failures](./OWASP-Top-10/A07-Identification-Authentication-Failures/)** - Auth bypass, weak passwords
- **[A08 - Integrity Failures](./OWASP-Top-10/A08-Software-Data-Integrity-Failures/)** - Deserialization attacks
- **[A09 - Logging Failures](./OWASP-Top-10/A09-Security-Logging-Monitoring-Failures/)** - Log injection
- **[A10 - SSRF](./OWASP-Top-10/A10-Server-Side-Request-Forgery/)** - Server-side request forgery

## 🎯 Purpose

This repository serves as a comprehensive reference for security professionals to:
- Test web applications for common vulnerabilities
- Learn about different attack vectors
- Prepare for bug bounty hunting
- Conduct authorized penetration testing
- Understand security risks in web applications

## ⚠️ Legal Disclaimer

**IMPORTANT**: All payloads and techniques in this repository are for **authorized testing only**. 

- ✅ Use on systems you own
- ✅ Use with explicit written permission
- ✅ Use in authorized bug bounty programs
- ✅ Use for educational purposes in controlled environments
- ❌ **NEVER** use on systems without authorization

Unauthorized testing is illegal and unethical. Always follow responsible disclosure practices.

## 🚀 Getting Started

1. Navigate to the [OWASP-Top-10](./OWASP-Top-10/) directory
2. Choose the vulnerability category you want to test
3. Review the README.md for context and methodology
4. Use the payload files in your authorized testing

## 📚 Resources

- [OWASP Top 10 Official](https://owasp.org/www-project-top-ten/)
- [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)
- [Bug Bounty Platforms](https://www.bugcrowd.com/) | [HackerOne](https://www.hackerone.com/)

## 🤝 Contributing

Contributions are welcome! Please ensure:
- All content is legal and ethical
- Payloads are well-documented
- Structure follows existing patterns
- Focus on educational value

## 📜 License

This repository is for educational and authorized testing purposes only.

---

**Happy Hunting! 🎯 Stay Ethical. Stay Legal.**