The integrity and ethical use of the CVE Forge framework are our highest priorities. As a tool focused on security, we take the security of the framework and the responsible behavior of our users and contributors extremely seriously.
If you discover a vulnerability within the CVE Forge framework itself (e.g., a critical flaw in the shell interpreter, module loading, or command execution that could lead to unauthorized access or instability), we ask that you report it to us confidentially.
- DO NOT open a public GitHub Issue.
- Email: Please send a detailed description of the vulnerability, including steps to reproduce, to
[n4b3ts3@gmail.com]. - Response: We will acknowledge your report within 48 hours and provide a detailed plan for addressing the vulnerability within one week. We follow a standard coordinated disclosure process.
The use of CVE Forge must be strictly legal and ethical.
- Authorization is Mandatory: Any use of exploit modules or penetration testing features must be conducted with explicit, written permission from the asset owner.
- No Unauthorized Targets: Using this framework to target systems, networks, or devices without prior consent is illegal and violates this policy.
- Malware Policy: All payloads and malware-related components are for authorized countermeasure research and penetration testing within securely isolated environments (e.g., sandboxes, virtual machines). Submission of offensive, deployed, or undocumented malware is strictly prohibited.
Due to the nature of the project:
- All Pull Requests (PRs) related to exploit modules, commands, or core features undergo a mandatory security review by the core team.
- We reserve the right to reject any contribution that poses a security risk to the framework, its users, or that violates our ethical use policy.
For maximum confidentiality when reporting security issues, you may use our PGP key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGjWhzABDADCBDM6WRiZHzAgEQ1VTyGhKjRE12ZipaEdQe8ZSm0MUeZpUcDi
qbyYz+DEBPSC5bi1797uSwJ70UFQs/QuqJ4zSgGMSIHjorcoFxwM19vYW/HA5Cxw
KjY0tDj0kKITofxtVG7KXmgcxziV6icipTVS8ydIi2T3uwveB+fQ+/oXKhmoF/Jt
3eRovxEQMVDDs+mn6IBpTuRXtLfHpkZgjC7F7oVFxNXznJ+5OzUfUGfkIkCdnC1s
+G/XjQPO+7H33QjnOqJcJxxf9gsEbwYG49LOdTGuX/gc9FLDpqw4LHs9yKDJuc3Z
K7P+vdebTuwt6SiU5Sg0OKEZWEB40ps/zXu5inlyEECOckawYDUQXcRSW1icOB6A
MftbB/95UnP/A18zMDBqZcxEDeqTXyMejmKB2v8SPLTkcnz5LK9HbY0IprOK3EtL
gRg1o0LMLIYSu6Y42C1pdZlR3a02eeTZOsx6rWI+DmmCs8P1QQIHRG1ZJZb8ycLr
t5C6uh4Cg6A8dlkAEQEAAbSNIChLZXkgaW50ZW50ZWQgdG8gYmUgdHJhbnNtaXR0
ZWQgZnVsbHkgaW5jbHVkZWQgaXRzIHByaXZhdGUgcGFydCBmb3IgZGVwbG95bWVu
dHMgYW5kIHJldmVhbHMgb2YgZ2l0IHNlY3JldHMgYW5kIG1vcmUpIDxwdWJsaWNA
ZXRoZXJiZWluZy5kZXY+iQHOBBMBCgA4FiEEuw8qUzgK0I0Jejmju715v44bAbEF
AmjWhzACGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQu715v44bAbFuLgv+
N0mG+7Kfy+HaxUyNFNc3phe4HIbvy8Nlk1Q0KWAfmg3Rxx+gt2OoRZyt703fYGEH
ztzrvKwjB0C+I1cWZVCW94S4edowHj6tlLqbe9mAKKP4q6VuIY/nBcVqEu8asPAY
8Uxoc3lUhJ6j1j5eBCQb/9aSFyjZCSeAgNJeXjoJ9IGuSLIrkqS0pukZyQb8UHXt
QFE7BZszqQ2eXmELF3UHaHVXqjJC/9PkqLdsFyekaDYS3893WhmtTxjZqdtmOVvb
04u/V8Y8bw62i8NDcJM2N1xpn4Wrjt5MKAk4DKonkqC2G10I4qVtNwuTKFTEiTtL
2U5UOE8GhPkiq9eP0AjMIgOdDGnTVlYVyI12KmbWMQfGAVx1gbXMtDUKV9FBK4sa
YywWAEfePpA4UKIRVgmKL35O72SuTyvqVHIiagCp15jPeWYW5aoEQyxrd0YEZuV9
/H/RgEBdXv03zAxNX2hdyX17g1BAdD6AEbyRphAr13y2MkBu+vpqra+J7Y2GvB1A
uQGNBGjWhzABDADKQzAIQGyy2xdL+OWaPFLyHAwbVZXorJ/bSEnK3EZDi/RtIrMQ
liRFYKnHXw3YN1UllV9Mj/hhAXKoqqOKEquYkqF5KaZNJXu4pjo2JfLByhBIBP9a
FvIWHV/ySmdq5mc0QVD3xsarilfGBrtvrRypxJFEfFA4sZYHufCnCw5oV7OFt1MC
StAA7xWNgwwki7WrxdXSH4OjCF4qSp7aXsMp+ELDFmx9NyHJa/Iy+lLnrtyPjYGJ
im0cUCPMEnThwqZi0ccfHln7lV7cS/4D3FSJNpxBBLYMp4waiaaFwQgSdzz3X4Qs
D/k8dYPf9SV2IFV+dHVJgamCKYhV/RwoNVENRgrJQfbifE74n8wTgXUPR1DXPaAo
PynM1m35b8o4k38lBZa4oKtAb7Jq+NxZNqMg161Xm5iEHpLv5SL7tkYx7aB+LQJ+
2SZMVA5cAps0AZEyPfjwA0Zz5+2maDTMWJRetmIu2Ttu9S9fBx0fpkqsI1iWGlRH
KsBkDvI6Chgd2wUAEQEAAYkBtgQYAQoAIBYhBLsPKlM4CtCNCXo5o7u9eb+OGwGx
BQJo1ocwAhsMAAoJELu9eb+OGwGxLT0MALZIdYczT57DM5j+2sWvw5MYCBzGJLRH
JGvT1Kr0vqrL9e8MmuYgcXqSEZTvWCOZeI095MgAivlsgIcdO4HGEZ+0P1DalVbj
iu6NrBpE//PE7nto84QSX0NgmjAQV1FyLt5UXzjK1dq/ohqq/Zi62uJGW7Ksq394
7quI34J3UHbS6dn6UYaMA2FU06USC2XMmcS5EDNqA7UQfqgAitphzhDjU9qj3b4g
BZtSXzW+oZ0Y6J8SGsFn9gPAN7gXTP/h7jm7zfiyUnqvniTlubIJMHWjWHQ4Knbt
9O/bKU79j24vsamzIdwqMRIxTyWZ63oqmjyQx+9NZObDHR1AR5R7g2iYDp35J38H
yLYvoOoXLHAhWZ+2oprEks4U9zfY/KbagqsoE0aWt4HqijwwCf5gwAqtTA0O1Meo
ztYxm9E+V7EUAo8EbRJzcPFup2VpMFDhwOJb0BMFkmH6F9cmRz7SqkWYD4afaGQ9
1dF5ZmESy/OZ7Lc5Bjv+5Xvfxy+KW2K9Nw==
=CIaQ
-----END PGP PUBLIC KEY BLOCK-----
CVE Forge is fundamentally a tool for digital defense, education, and empowering self-determination. We provide open-source resources to security practitioners globally to test, secure, and understand the vulnerabilities within their own authorized systems, networks, and informational environments. Our mission is to strengthen digital resilience and ensure that information access and security are available to all, regardless of geopolitical climate.
We strongly oppose the use of our framework for offensive cyber-aggression or unauthorized intrusion. The responsibility for ensuring authorization and adhering to the principle of Harm Minimization rests entirely with the user.