Responsible Use
Only check systems you are allowed to assess.
ShipAudit measures observable HTTP security hygiene within the stated scope. It is not a vulnerability scan, penetration test, compliance assessment, or security certification.
You Must
- ✓ Own the target domain or have written authorization from the owner
- ✓ Limit requests to the agreed public scope
- ✓ Keep findings confidential unless the owner agrees to disclosure
You Must Not
- ✗ Request scans or reviews of systems without permission
- ✗ Use ShipAudit (or our name) to run intimidation sales
- ✗ Ask us to exploit vulnerabilities, brute-force, or handle stolen credentials
- ✗ Represent a founding review as a penetration test or certification
Our Outreach Rules
If we contact developers about public configuration issues, we state scope and public sources, share at most one high-level issue free of charge, avoid sensitive detail in public threads, and never claim compromise without evidence.
Questions: security@laws3.net