Skip to content

DISCLAIMER.md

Latest commit

 

History

History
144 lines (96 loc) · 5.94 KB

DISCLAIMER.md

File metadata and controls

144 lines (96 loc) · 5.94 KB

Legal Disclaimer and Terms of Use

IMPORTANT: READ BEFORE USING THIS SOFTWARE

Purpose and Intended Use

RedAmon is an educational and research tool designed exclusively for:

  • Authorized penetration testing engagements
  • Security research and academic study
  • Capture The Flag (CTF) competitions
  • Testing on systems you own or have explicit written permission to test
  • Learning about offensive security techniques in controlled environments

Disclaimer of Liability

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED.

The authors and contributors of this project:

  1. DO NOT CONDONE the use of this tool for any illegal or unauthorized activities
  2. ARE NOT RESPONSIBLE for any misuse, damage, or illegal activities performed using this software
  3. PROVIDE NO WARRANTY that this software is fit for any particular purpose
  4. ASSUME NO LIABILITY for any direct, indirect, incidental, special, or consequential damages arising from the use or misuse of this software

Legal Compliance

By using this software, you acknowledge and agree that:

  1. You will only use this tool on systems you own or have explicit, written authorization to test
  2. You are solely responsible for ensuring your use complies with all applicable local, state, national, and international laws
  3. Unauthorized access to computer systems is illegal under laws including but not limited to:
    • Computer Fraud and Abuse Act (CFAA) - United States
    • Computer Misuse Act 1990 - United Kingdom
    • Directive 2013/40/EU - European Union
    • And similar laws in other jurisdictions
  4. Violations can result in severe civil and criminal penalties, including fines and imprisonment

User Responsibilities

Before using this software, you MUST:

  • Obtain written permission from the system owner
  • Ensure you have a signed authorization document or penetration testing agreement
  • Operate within the defined scope of any authorized engagement
  • Comply with all rules of engagement and applicable laws
  • Maintain confidentiality of any findings
  • Document everything: Keep logs of all testing activities for reporting and compliance
  • Adhere to any Non-Disclosure Agreements (NDAs) when handling sensitive information

Cloud and Third-Party Services

If the target system is hosted in a cloud environment (AWS, Azure, GCP, etc.):

  • Verify that your testing is within the cloud provider's acceptable use policy
  • Some providers require advance notification or have specific pentesting policies
  • If you are unsure whether usage is lawful, do not test until you have confirmed

Privacy and Data Protection

You must:

  • Respect data confidentiality and privacy laws (GDPR, CCPA, etc.)
  • Never exfiltrate, store, or share personal data discovered during testing
  • Report any accidentally discovered personal data to the system owner immediately
  • Delete any captured data after the engagement concludes

Responsible Disclosure

If you discover vulnerabilities:

  • Disclose responsibly to vendors, system owners, or appropriate authorities
  • Follow coordinated disclosure timelines (typically 90 days)
  • Never publicly disclose vulnerabilities before the owner has had time to remediate
  • Never use discovered vulnerabilities for personal gain or malicious purposes

Recommended Testing Environments

For learning and practice, use authorized sandbox environments such as:

  • Your own isolated lab network or virtual machines
  • Hack The Box
  • TryHackMe
  • VulnHub
  • DVWA (Damn Vulnerable Web Application)
  • The included guinea_pigs/ test environments in this repository

Never practice on production systems or networks you do not own.

Indemnification

You agree to indemnify, defend, and hold harmless the authors, contributors, and any affiliated parties from and against any claims, damages, losses, liabilities, costs, and expenses (including legal fees) arising from:

  • Your use or misuse of this software
  • Your violation of any laws or regulations
  • Your violation of any third-party rights
  • Any unauthorized or illegal activities conducted using this software

Prohibited Uses

This software shall NOT be used for:

  • Unauthorized access to any computer system or network
  • Any activity that violates applicable laws or regulations
  • Attacking systems without explicit written authorization
  • Any malicious, harmful, or illegal purpose
  • Circumventing security measures on systems you do not own
  • Any activity that could cause harm to individuals or organizations

Educational Context

This project is released in the spirit of:

  • Security research advancement
  • Educational knowledge sharing
  • Improving defensive security capabilities
  • Understanding attacker methodologies to build better defenses

The techniques demonstrated are already publicly known and documented. This tool simply automates existing security testing methodologies that are freely available in tools like Metasploit, Nmap, and Nuclei.

Dual-Use Technology Notice

This software is a "dual-use" technology similar to:

  • Kitchen knives (can cook or harm)
  • Lockpicking tools (used by locksmiths and security researchers)
  • Network scanners (used by IT administrators daily)

The authors release this tool for defensive and educational purposes. Like Metasploit, Nmap, Burp Suite, and other industry-standard tools, this software is intended for legitimate security professionals.

Acceptance of Terms

By downloading, installing, or using this software, you acknowledge that you have read, understood, and agree to be bound by this disclaimer and all applicable terms.

If you do not agree with these terms, DO NOT USE THIS SOFTWARE.

Contact

For questions about authorized use or licensing, please open an issue on the repository.

Last updated: January 2026