Hackus Codex¶
Your offensive security knowledge base.
Curated payloads, attack chains, and methodologies β built for hunters who ship.
What's Inside¶
-
Quick Reference
Copy-paste payloads for XSS, SQLi, SSRF, SSTI, LFI, NoSQL, IDOR, Deserialization, LLM attacks, and more.
-
Vulnerability Guides
From detection to escalation. Server-side, client-side, auth, logic, infrastructure, and AI security.
-
Attack Chains
Turn low-severity bugs into critical impact. XSSβATO, SSRFβRCE, Self-XSS escalation, and more.
-
Frameworks
Platform-specific security guides for FastAPI, Next.js, and BaaS (Supabase, Firebase).
By The Numbers¶
| 12 Quick Ref sheets | 100+ Total pages |
| 10 Attack Chains | 9 Template engines (SSTI) |
| 6 Vuln categories | Real H1 report references |
Philosophy¶
- Payload-dense β Less prose, more payloads
- Copy-paste ready β Tested, working techniques
- Chain-focused β Escalate everything
- No gatekeeping β The knowledge wants to be free
Sources & Credits¶
This codex aggregates knowledge from across the security community:
- PortSwigger Web Security Academy β Research and methodology
- HackTricks β Comprehensive technique reference
- PayloadsAllTheThings β Payload collections
- HackerOne Disclosed Reports β Real-world examples
- Original research β From bug bounty hunting experience
If you find value here, support the original creators.
-
Open Source
Built with MkDocs Material.
-
For Hunters
By hunters. Ship bugs, get paid.