# Security Policy

## Intended Use

This project is intended strictly for **security research, education, and authorized penetration testing**. Only use it against systems you own or have explicit written permission to test.

Unauthorized use against systems you do not own or have permission to test is illegal and unethical. The author(s) accept no responsibility for any misuse or damage caused.

## Responsible Disclosure

If you discover a security issue within this project itself (e.g. a vulnerability in the tool's own code), please **do not open a public issue**. Instead, report it privately:

- Open a [GitHub Security Advisory](../../security/advisories/new) in this repository, or
- Contact the maintainer directly via the contact details on their GitHub profile.

Please include:
- A clear description of the issue
- Steps to reproduce
- Potential impact

We aim to acknowledge reports within **72 hours** and resolve confirmed issues as quickly as possible.

## Scope

This policy covers the source code and tooling in this repository. It does not cover third-party dependencies — please report those upstream.