LEGAL
Code of Ethics
Last updated: April 17, 2026
Core principle: Only test systems you own or have explicit written authorization to test. Everything else follows from this.
Our Commitment
Pentesty is a professional security tool built by practitioners, for practitioners. Security testing has the power to protect systems and people, but only when used responsibly. This Code of Ethics defines the standards we hold ourselves and our users to. Using Pentesty means you accept these principles.
1. Authorized Testing Only
You must obtain explicit, written authorization before scanning any system, application, or network. This is not a recommendation; it is a non-negotiable requirement. Unauthorized access or scanning is illegal under computer fraud laws in virtually every jurisdiction worldwide. If you are unsure whether you have authorization, you do not have authorization.
2. Do No Harm
Security testing should identify vulnerabilities; it should never exploit them in ways that cause damage. Do not intentionally crash services or cause downtime; do not exfiltrate, copy, or retain data from systems you are testing; do not modify or delete data or configurations; do not use scan results to gain unauthorized access beyond what is needed to demonstrate the vulnerability.
3. Responsible Disclosure
If you discover a vulnerability through Pentesty, you have a professional obligation to disclose it responsibly. Notify the system owner promptly and privately. Give them reasonable time (typically 30 to 90 days) to remediate before public disclosure. Do not sell, leak, or share vulnerability details with unauthorized parties.
4. Protect Confidential Information
Scan results, vulnerability reports, and target system details are confidential. Do not share this information with unauthorized parties. Store reports securely and dispose of them appropriately when no longer needed.
5. Professional Integrity
Represent your findings accurately. Do not exaggerate, fabricate, or downplay vulnerability severity. Security reports influence critical business decisions; integrity in reporting directly protects the people who rely on those decisions.
6. Legal Compliance
You are solely responsible for ensuring your use of Pentesty complies with all applicable laws, regulations, and contractual obligations in your jurisdiction.
7. Reporting Misuse
If you become aware of someone using Pentesty for unauthorized or malicious purposes, please report it immediately to support@pentesty.co. We take misuse seriously and will cooperate fully with law enforcement when required.
8. Consequences of Violation
Violation of this Code of Ethics may result in: immediate suspension or termination of your account; legal action by affected parties; referral to law enforcement; and civil or criminal liability under applicable laws.
A Note from the Team
Pentesty was built by security professionals who have spent years in the field. We know that the vast majority of our users are defenders, engineers securing their own products, consultants protecting their clients, researchers making the internet safer. This Code exists not to restrict them, but to protect the integrity of security work and the trust that makes it possible. Thank you for using our tools responsibly.