/authorized-use

Authorized-Use Disclaimer

Penetration testing without authorization is a crime.

In the US it falls under the Computer Fraud and Abuse Act (CFAA) and analogous state laws. In the UK it falls under the Computer Misuse Act 1990. Most jurisdictions have equivalent statutes.

NullStrike's skills are designed for use against:

  • Systems you own personally (home lab, your own SaaS, your own infrastructure).
  • Systems your employer owns and has authorized you to test (internal red team, blue team verification, IT security work).
  • Engagements with a signed SOW between your employer and a client.
  • Bug bounty targets explicitly in-scope on a program you are a registered participant in. Out-of-scope assets are out-of-scope, even on platforms like HackerOne or Bugcrowd.

You agree NOT to use the skills against:

  • Networks, websites, or services you do not own without written authorization.
  • Targets out-of-scope of any bug bounty program.
  • Government, healthcare, financial, or critical infrastructure systems unless you have explicit, documented authorization.

Authorization gates

Both skills include built-in authorization gates that pause execution and require operator confirmation before active probing. Do not disable these. They protect you from your own muscle memory.

Reporting

If you discover a vulnerability against an authorized target, follow standard responsible disclosure — coordinate with the affected party, give them time to fix, and don't drop a zero-day publicly without giving the vendor a fair window.

We do not provide legal advice. If you're unsure whether a particular engagement is authorized, talk to your employer's legal team, your bug bounty program's safe harbor language, or an attorney.

By purchasing, you agree to these terms and you accept all responsibility for how you use the skills.