diff --git a/README-jp.md b/README-jp.md
index 8009664..8d7754f 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -88,7 +88,8 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
     - [XSS](#tools-xss)
     - [SQL Injection](#tools-sql-injection)
     - [Template Injection](#tools-template-injection)
-    - [Cross Site Request Forgery](#tools-csrf)
+    - [XXE](#tools-xxe)
+    - [CSRF](#tools-csrf)
     - [SSRF](#tools-ssrf)
   - [Detecting](#tools-detecting)
   - [Preventing](#tools-preventing)
@@ -627,6 +628,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 
 - [tplmap](https://github.com/epinna/tplmap) - Code and Server-Side Template Injection Detection and Exploitation Tool by [@epinna](https://github.com/epinna).
 
+<a name="tools-xxe"></a>
+#### XXE
+
+- [dtd-finder](https://github.com/GoSecure/dtd-finder) - List DTDs and generate XXE payloads using those local DTDs by [@GoSecure](https://github.com/GoSecure).
+
 <a name="tools-csrf"></a>
 #### Cross Site Request Forgery
 
diff --git a/README-zh.md b/README-zh.md
index e9149fc..4e3b482 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -88,7 +88,8 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
     - [XSS](#tools-xss)
     - [SQL Injection](#tools-sql-injection)
     - [Template Injection](#tools-template-injection)
-    - [Cross Site Request Forgery](#tools-csrf)
+    - [XXE](#tools-xxe)
+    - [CSRF](#tools-csrf)
     - [SSRF](#tools-ssrf)
   - [Detecting](#tools-detecting)
   - [Preventing](#tools-preventing)
@@ -669,6 +670,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 
 - [tplmap](https://github.com/epinna/tplmap) - Code and Server-Side Template Injection Detection and Exploitation Tool by [@epinna](https://github.com/epinna).
 
+<a name="tools-xxe"></a>
+#### XXE
+
+- [dtd-finder](https://github.com/GoSecure/dtd-finder) - List DTDs and generate XXE payloads using those local DTDs by [@GoSecure](https://github.com/GoSecure).
+
 <a name="tools-csrf"></a>
 #### Cross Site Request Forgery
 
diff --git a/README.md b/README.md
index 59495a9..fbf7c0b 100644
--- a/README.md
+++ b/README.md
@@ -88,7 +88,8 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
     - [XSS](#tools-xss)
     - [SQL Injection](#tools-sql-injection)
     - [Template Injection](#tools-template-injection)
-    - [Cross Site Request Forgery](#tools-csrf)
+    - [XXE](#tools-xxe)
+    - [CSRF](#tools-csrf)
     - [SSRF](#tools-ssrf)
   - [Detecting](#tools-detecting)
   - [Preventing](#tools-preventing)
@@ -621,6 +622,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 
 - [tplmap](https://github.com/epinna/tplmap) - Code and Server-Side Template Injection Detection and Exploitation Tool by [@epinna](https://github.com/epinna).
 
+<a name="tools-xxe"></a>
+#### XXE
+
+- [dtd-finder](https://github.com/GoSecure/dtd-finder) - List DTDs and generate XXE payloads using those local DTDs by [@GoSecure](https://github.com/GoSecure).
+
 <a name="tools-csrf"></a>
 #### Cross Site Request Forgery