انقدر درگیر کارها شدم
و نفهمیدم عشق چیه و چه حسی میده !
خیلیا تا داستان سایبری رو فهمیدن ترسیدن و رفتن ، شاید نباید وارد دنیای هک و امنیت می شدم و زندگی ساده ای رو داشتم بهتر بود
عاشق بودن شاید حس عجیبی بده ،،
نمیدونم . . .

IDes > (Insecure Deserialization) : ysoserial (Java) / phpggc (PHP) / ysoserial.net (.NET) + Burp Suite (Repeater)

HRS [CL.TE],[TE.CL],[TE.TE],> (HTTP Request Smuggling / Desync Attacks incl. HTTP/2) : Burp Suite (Turbo Intruder + Repeater) + h2csmuggler / smuggler.py

BCSM > (Broken Cryptographic State Machines) : Full manual analysis (auth / payment / reset / crypto flows)

BLF > (Business Logic Flaws / Abuse) : Burp Suite (Repeater + Intruder) + full manual flow analysis

RC > (Race Conditions / TOCTOU) : Burp Suite (Turbo Intruder) + custom concurrency / stress scripts

OA > (OAuth Misconfiguration / OAuth Logic Flaws) : Burp Suite (Repeater) + manual OAuth flow manipulation

JWT > (JWT Confusion / Algorithm Substitution / Claim Abuse) : jwt_tool + Burp Suite (Repeater)

API(BOLA) > (API Broken Object Level Authorization / Mass Assignment) : Burp Suite + 42Crunch / APIsec

PP > (Prototype Pollution — Client & Server Side) : Burp Suite (Repeater) + manual JS object analysis

SSTI > (Server-Side Template Injection) : tplmap + Burp Suite (Repeater)

SSRF > (Server-Side Request Forgery) : ssrfmap + Burp Suite (Collaborator / OAST)

CORS > (CORS Misconfiguration & Credentialed Abuse) : Burp Suite (Repeater) + browser devtools

WCP > (Web Cache Poisoning) : Burp Suite (Repeater + Param Miner) + manual cache behavior analysis

WCD > (Web Cache Deception) : Burp Suite (Repeater) + browser cache inspection

HHI > (Host Header Injection) : Burp Suite (Repeater) + Param Miner

GQL > (GraphQL Abuse / Auth Bypass / DoS Logic) : InQL / GraphQL Voyager + Burp Suite

RS > (Request / Response Splitting / CRLF Injection) : Burp Suite (Repeater)

MA > (Mass Assignment / Hidden Field Injection) : Burp Suite (Repeater + Intruder)

ISM > (Insecure State Management / Client-Trusted State) : Burp Suite (Repeater) + manual tampering

2FA > (Two-Factor Authentication Logic Bypass) : Burp Suite (Repeater) + race & reuse testing

RLB > (Rate Limit Logic Bypass) : Burp Suite (Intruder + Turbo Intruder)

FP > (File Parsing Logic Bugs — CSV / PDF / DOCX / Image Metadata) : Burp Suite (Repeater) + format-specific fuzzing

EW > (Email Workflow Abuse — Invite / Reset / Verify Chains) : Burp Suite (Repeater) + manual chain testing

FF > (Feature Flag / A-B Testing Authorization Bugs) : Burp Suite (Repeater) + forced browsing

DC > (Dependency Confusion) : Manual package namespace analysis + internal repo enumeration

STO > (Subdomain Takeover — Lesser-Known Providers) : Subjack / nuclei + manual DNS & provider checks

XXE > (XML External Entity / XInclude) : Burp Suite (Repeater + OAST) + XXEInjector

RCE > (Remote Code Execution / Command Injection) : Commix + Metasploit (post-exploit in labs)

RFU > (Remote File Upload) : Burp Suite (Intruder + Repeater + multipart/mime manipulation extensions)

PT > (Path Traversal / LFI / RFI) : ffuf / wfuzz + Burp Suite (Repeater)

DT > (Directory Traversal / Enumeration) : DirBuster / ffuf (wordlist enumeration)

NoSQLi > (NoSQL Injection) : NoSQLMap + manual payload testing

SQLi > (SQL Injection) : Sqlmap + Burp Suite (Repeater)

XSS > (Cross-Site Scripting — Stored / DOM / CSP Bypass) : Burp Suite (DOM Invader) + manual testing

IDOR > (Insecure Direct Object Reference / Broken Access Control) : Burp Suite (Repeater + Intruder)

CSRF > (Cross-Site Request Forgery) : Burp Suite (CSRF PoC Generator + Repeater)

Auth/Session > (Authentication & Session Management Flaws) : Burp Suite (Sequencer + Repeater) + Hydra

OR > (Open Redirect) : Burp Suite (Repeater + parameter fuzzing)

CJ > (Clickjacking) : Browser testing + Burp Suite

SDE > (Sensitive Data Exposure — crypto / TLS / misconfig) : Nessus / Qualys + manual checks

SCA > (Software Composition / Supply-Chain Vulnerabilities) : Snyk / Dependabot

لیست بیشتر باگ ها و ابزار هاشون ،