Update README.md

README.md

@@ -17,21 +17,30 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
 ## Menu
 
 - [Resource](#resource)
+    - [XSS](#resource-xss)
     - [SQL Injection](#resource-sql-injection)
     - [XML](#resource-xml)
 - [Evasion](#evasion)
 	- [CSP](#evasion-csp)
 - [Trick](#trick)
     - [SQL Injection](#trick-sql-injection)
+- [PoC](#poc)
+    - [JavaScript](#poc-javascript)
 - [Tool](#tool)
     - [Code Generating](#tool-code-generating)
     - [Fuzzing](#tool-fuzzing)
+    - [Leaking](#tool-leaking)
     - [Detecting](#tool-detecting)
 - [Blog](#blog)
 - [Miscellaneous](#miscellaneous)
 
 ## Resource
 
+<a name="resource-xss"></a>
+### XSS
+
+* [H5SC](https://github.com/cure53/H5SC)
+
 <a name="resource-sql-injection"></a>
 ### SQL Injection
 
@@ -57,6 +66,13 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
 * [屌智硬之mysql不用逗号注入](http://www.jinglingshu.org/?p=2220), written by [jinglingshu](http://www.jinglingshu.org/?p=2220).
 * [见招拆招：绕过WAF继续SQL注入常用方法](http://www.freebuf.com/articles/web/36683.html), written by [mikey](http://www.freebuf.com/author/mikey).
 
+## PoC
+
+<a name="poc-javascript"></a>
+### JavaScript
+
+* [js-vuln-db](https://github.com/tunz/js-vuln-db) - A collection of JavaScript engine CVEs with PoCs by [@tunz][https://github.com/tunz].
+
 ## Tool
 
 <a name="tool-code-generating"></a>
@@ -68,11 +84,19 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
 ### Fuzzing
 
 * [wfuzz](https://github.com/xmendez/wfuzz) - Web application bruteforcer by [@xmendez](https://github.com/xmendez).
+* [charsetinspect](https://github.com/hack-all-the-things/charsetinspect) - A script that inspects multi-byte character sets looking for characters with specific user-defined properties by [@hack-all-the-things](https://github.com/hack-all-the-things).
+
+<a name="tool-leaking"></a>
+### leaking
+
+* [HTTPLeaks](https://github.com/cure53/HTTPLeaks) - All possible ways, a website can leak HTTP requests by [@cure53](https://github.com/cure53).
+* [dvcs-ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG... by [@kost](https://github.com/kost).
 
 <a name="tool-detecting"></a>
 ### Detecting
 
 * [sqlchop](https://github.com/chaitin/sqlchop/) - [DEPRECATED] A novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis by [chaitin](http://chaitin.com).
+* [retire.js](https://github.com/RetireJS/retire.js) - Scanner detecting the use of JavaScript libraries with known vulnerabilities by [@RetireJS](https://github.com/RetireJS).
 
 ## Blog
 
@@ -80,7 +104,7 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
 
 ## Miscellaneous
 
-* [如何正確的取得使用者 IP ？](http://devco.re/blog/2014/06/19/client-ip-detection/)
+* [如何正確的取得使用者 IP ？](http://devco.re/blog/2014/06/19/client-ip-detection/), written by [Allen Own](http://devco.re/blog/author/allenown).
 
 ## License