diff --git a/Methodology and Resources/Methodology_and_enumeration.md b/Methodology and Resources/Methodology_and_enumeration.md
index f25fa95..b7e09e3 100644
--- a/Methodology and Resources/Methodology_and_enumeration.md
+++ b/Methodology and Resources/Methodology_and_enumeration.md
@@ -1,4 +1,5 @@
# Bug Hunting Methodology and Enumeration
+
## Enumerate all subdomains (only if the scope is *.domain.ext)
diff --git a/README.md b/README.md
index 1b3cdce..4007411 100644
--- a/README.md
+++ b/README.md
@@ -9,8 +9,8 @@ All sections contain:
- Some exploits
You might also like :
- - [Methodology and Resources](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/)
- - [CVE Exploits](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CVE Exploits)
+ - [Methodology and Resources](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/)
+ - [CVE Exploits](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CVE%20Exploits)
- Shellshock
- HeartBleed
- Apache Struts 2
diff --git a/XSS injection/README.md b/XSS injection/README.md
index ada0e29..39897b3 100644
--- a/XSS injection/README.md
+++ b/XSS injection/README.md
@@ -31,6 +31,15 @@ Keylogger for XSS
```
+More exploits at [http://www.xss-payloads.com/payloads-list.html?a#category=all](http://www.xss-payloads.com/payloads-list.html?a#category=all):
+ - [Taking screenshots using XSS and the HTML5 Canvas](https://www.idontplaydarts.com/2012/04/taking-screenshots-using-xss-and-the-html5-canvas/)
+ - [JavaScript Port Scanner](http://www.gnucitizen.org/blog/javascript-port-scanner/)
+ - [Network Scanner](http://www.xss-payloads.com/payloads/scripts/websocketsnetworkscan.js.html)
+ - [.NET Shell execution](http://www.xss-payloads.com/payloads/scripts/dotnetexec.js.html)
+ - [Redirect Form](http://www.xss-payloads.com/payloads/scripts/redirectform.js.html)
+ - [Play Music](http://www.xss-payloads.com/payloads/scripts/playmusic.js.html)
+
+
## Identify an XSS endpoint
```