S ShipAudit

Responsible Use

Only check systems you are allowed to assess.

ShipAudit measures observable HTTP security hygiene within the stated scope. It is not a vulnerability scan, penetration test, compliance assessment, or security certification.

You Must

  • Own the target domain or have written authorization from the owner
  • Limit requests to the agreed public scope
  • Keep findings confidential unless the owner agrees to disclosure

You Must Not

  • Request scans or reviews of systems without permission
  • Use ShipAudit (or our name) to run intimidation sales
  • Ask us to exploit vulnerabilities, brute-force, or handle stolen credentials
  • Represent a founding review as a penetration test or certification

Our Outreach Rules

If we contact developers about public configuration issues, we state scope and public sources, share at most one high-level issue free of charge, avoid sensitive detail in public threads, and never claim compromise without evidence.

Questions: security@laws3.net