Deny-by-default scope.
Nothing is in bounds until you put it there. You declare the exact targets, and anything outside that scope is never touched, not enumerated and not probed.
SECURITY
Riposte drives real offensive tooling against real systems. That power comes with one hard rule and a set of controls built to enforce it. This page covers both: how to use it responsibly, and how to tell us if you find a hole in Riposte itself.
AUTHORIZED USE ONLY
Run Riposte only against systems you own or are explicitly authorized to test. Pointing offensive tooling at infrastructure you do not have written permission to assess is very likely illegal, and it is on you. When in doubt, you do not have authorization.
The controls below are built to keep an authorized engagement inside its lines. They are not a substitute for that authorization, and they cannot make an out-of-scope target legal to touch. They exist so that when you are cleared to test something, it stays hard to stray past the edge of what you were cleared for.
HOW RIPOSTE STAYS IN BOUNDS
Nothing is in bounds until you put it there. You declare the exact targets, and anything outside that scope is never touched, not enumerated and not probed.
The operator does the tedious work but not the deciding. Any move that could change or reach a system stops and waits for your explicit go-ahead. It never escalates on its own.
Every action is written to a tamper-evident log where each entry is chained to the one before it. Break the chain and it shows, so there is always an honest record of what ran.
Each control fails closed. If scope is unset, nothing runs. If an approval is not given, the move does not happen. If the log cannot be written, the operator stops rather than act without a record.
REPORT A VULNERABILITY
Riposte is a security tool, so a flaw in it is a flaw that matters. If you find a vulnerability in Riposte itself, please report it to us privately through a GitHub security advisory before disclosing it anywhere else. That keeps the report between us until there is a fix.
pre-alpha . authorized use only . no telemetry . runs offline