This repository contains pentest commands and defensive security education material. Although the content is reference material (not malicious code), please follow these rules.
- Authorized penetration testing
- CTF practice
- Security certification preparation (OSCP+, OSWE, OSEP, OSDA, OSWA, PNPT, CPTS, etc.)
- Educational purposes
- Security research in your own lab
- Unauthorized access to systems you don't own or have permission to test
- Malicious activities
- Illegal use against any party
You are solely responsible for your usage. Authors and contributors disclaim liability for misuse.
If you find a security issue in the application (server.js, Docker config, dependencies):
- Open a GitHub Security Advisory (preferred — private)
- Or email maintainer (see GitHub profile)
Do not open a public issue for unpatched vulnerabilities — secret disclosure window opens to attackers.
If you spot:
- Real IP/credential/hostname accidentally committed
- A command that could cause unintended damage (e.g., destructive without warning)
- Outdated content that promotes insecure practice
→ Open a regular issue with the [Fix] template.
- 24-72 hours: initial response
- 7 days: triage + plan
- 14 days: fix or accepted mitigation
Reporters (if they want to be identified) are credited in the acknowledgments section of the README.