Skip to main content

Rules of Engagement

N0CK's commitment to safe, authorized, and responsible security testing

Core Principles

  • 1.Authorization first. N0CK must only be used against targets you own or have explicit written permission to test.
  • 2.Scope enforcement. Every request passes through a scope gate. Out-of-scope targets are blocked at the engine level.
  • 3.Non-destructive by default. N0CK avoids methods that could cause service disruption, data loss, or account lockouts.
  • 4.Rate limiting. Adaptive QPS controls with jitter prevent overwhelming target systems.
  • 5.Evidence redaction. All captured evidence is sanitized before storage or transmission.

Default Guardrails

HTTP Methods

Default: GET and POST only. PUT, PATCH, DELETE require explicit opt-in.

Rate Limiting

Default: 1 QPS per host with exponential backoff on 429/5xx responses.

Robots.txt

Default: Respected. N0CK will not crawl disallowed paths unless explicitly overridden.

Payload Safety

All test payloads use neutral markers. No executable code, SQL DROP statements, or shell commands in default tests.

Prohibited Actions

N0CK will not and must not be configured to:

  • • Test targets without authorization
  • • Perform brute-force attacks on authentication endpoints
  • • Execute denial-of-service attacks
  • • Modify or delete production data
  • • Exploit vulnerabilities beyond proof-of-concept verification
  • • Access or exfiltrate sensitive user data
  • • Bypass multi-tenant boundaries or cross-tenant isolation

Responsible Disclosure

If N0CK discovers a vulnerability:

  1. 1.Findings are reported to you, not publicly disclosed
  2. 2.Evidence includes minimal reproduction steps
  3. 3.You are responsible for validating and remediating findings
  4. 4.Follow standard disclosure timelines (typically 90 days)

Legal Disclaimer

N0CK is a tool. The operator is responsible for ensuring all testing is authorized, legal, and compliant with applicable laws and regulations.

Unauthorized security testing may violate the Computer Fraud and Abuse Act (CFAA) in the United States, the Computer Misuse Act in the UK, and similar laws in other jurisdictions.

N0CK's developers disclaim all liability for misuse. Use at your own risk and only with proper authorization.