Acceptable Use Policy

Overview

HAVOC is a security vulnerability scanning platform intended for authorized security testing. This policy defines permitted and prohibited uses. Violations may result in immediate account suspension and legal action.

Authorized Use

You may only use HAVOC to scan:

• Systems, repositories, URLs, and IP addresses you own
• Systems you have received explicit written authorization to test (bug bounty programs, penetration testing contracts, security assessments)
• Systems operated by your employer where you have authorized security testing responsibilities

Prohibited Activities

The following are strictly prohibited:

• Unauthorized scanning — Scanning any system without explicit permission from its owner
• Malicious exploitation — Using scan results to exploit vulnerabilities in systems you do not own
• Denial of service — Using HAVOC in ways that could overwhelm or disrupt target systems
• Circumventing safeguards — Attempting to bypass HAVOC's rate limits, access controls, or scan restrictions
• Illegal activity — Using the Service in violation of any applicable law, including the Computer Fraud and Abuse Act (CFAA), GDPR, or equivalent
• Account sharing — Sharing account credentials with unauthorized individuals or automating account creation
• Competitive abuse — Using HAVOC to scan competitor infrastructure without authorization
• Reselling without permission — Reselling scan capabilities or results as your own product without our written consent

Responsible Disclosure

If you discover a vulnerability in HAVOC itself, please report it responsibly to support@havoc.cloud. Do not publicly disclose vulnerabilities before we have had the opportunity to address them.

Enforcement

Violations of this policy may result in:

• Immediate account suspension or termination
• No refund of fees paid
• Referral to law enforcement
• Civil or criminal liability

Report Abuse

To report abuse or unauthorized scanning activity: abuse@havoc.cloud