Acceptable Use Policy

1. Purpose

This Acceptable Use Policy ("AUP") defines the boundaries of lawful and ethical use of CyberMind CLI, its API, dashboard, and all associated services. This policy exists because CyberMind provides powerful offensive security capabilities — including automated reconnaissance, vulnerability hunting, exploitation guidance, and post-exploitation tooling — that carry significant legal and ethical responsibilities.

2. The golden rule: authorization first

You must have explicit, documented authorization before running any CyberMind workflow against any target.

Authorization means one of the following:

• You own the target system, network, or application outright.
• You have a signed penetration testing agreement or statement of work from the system owner.
• You are participating in a bug bounty program and the target is within the published scope.
• You are working in a CTF competition on designated challenge infrastructure.
• You are using a controlled lab environment (e.g., HackTheBox, TryHackMe, your own VMs).

Verbal permission is not sufficient. Written authorization is required for professional engagements.

3. Permitted uses

• Authorized penetration testing: Testing systems with written permission from the owner, within the agreed scope.
• Bug bounty research: Testing within the published scope of a bug bounty program (HackerOne, Bugcrowd, etc.).
• CTF competitions: Using CyberMind on CTF challenge machines and infrastructure.
• Security education: Learning offensive security techniques in controlled lab environments.
• Red team engagements: Authorized red team operations with a signed rules of engagement document.
• Own infrastructure testing: Testing your own servers, applications, and networks.
• Security research: Responsible disclosure research on systems you own or have authorization to test.
• Fraud investigation (authorized): Security teams and law enforcement agencies may use CyberMind to investigate fraud, phishing infrastructure, scam websites, and cybercrime operations — provided they have legal authority or authorization to do so. This includes identifying fake websites impersonating legitimate brands, analyzing phishing kits, and mapping scammer infrastructure for takedown purposes.
• Anti-fraud research: Researchers working with financial institutions, banks, or law enforcement to expose fraud networks, fake payment gateways, or identity theft operations — within the bounds of applicable law.

4. Prohibited uses — zero tolerance

The following uses are strictly prohibited and will result in immediate account termination, reporting to law enforcement, and potential legal action:

• Unauthorized access: Using CyberMind to access, probe, or attack any system, network, or account without explicit written authorization.
• Denial of service: Using CyberMind to disrupt, degrade, or deny service to any target.
• Credential attacks: Brute-forcing, credential stuffing, or password spraying against systems you do not own.
• Data theft: Exfiltrating data from unauthorized systems.
• Malware deployment: Using CyberMind to deploy, distribute, or execute malware on unauthorized systems.
• Infrastructure attacks: Attacking critical infrastructure (power grids, hospitals, financial systems, government systems).
• Harassment and stalking: Using CyberMind to target individuals, stalk, harass, or intimidate.
• Illegal surveillance: Unauthorized monitoring of communications or systems.
• Bypassing security controls: Using CyberMind to bypass security controls on systems you are not authorized to test.
• Fraud and scamming: Using CyberMind to conduct fraud, run scam operations, steal financial credentials, compromise banking systems, or facilitate any form of financial crime. This includes phishing attacks, fake payment gateway creation, and identity theft.
• Targeting individuals: Using CyberMind to hack personal devices, phones, email accounts, or social media accounts of individuals without their explicit consent.
• Resale of capabilities: Offering CyberMind as a hacking-for-hire service to third parties.
• Account sharing: Sharing API keys across organizations or individuals to circumvent plan limits.

5. CyberMind against fraud — our commitment

CyberMind is built to fight fraud, not enable it. We actively support:

• Fraud investigators: Security professionals investigating scam websites, phishing infrastructure, and cybercrime networks can use CyberMind to map and expose fraudulent operations — with appropriate legal authority.
• Financial institution security teams: Banks and payment processors can use CyberMind to test their own fraud detection systems and identify vulnerabilities before criminals do.
• Law enforcement cooperation: We cooperate fully with law enforcement agencies investigating cybercrime, fraud, and unauthorized computer access. We maintain logs and will provide them upon valid legal request.
• Scam takedown research: Researchers identifying and reporting fake websites, investment scams, and phishing kits to registrars and hosting providers for takedown.

If you are a fraud investigator, law enforcement officer, or financial institution security team and need assistance, contact us at mrabhaygod12@gmail.com.

6. Abhimanyu mode — additional restrictions

Abhimanyu mode provides automated exploitation capabilities including SQLi, RCE, post-exploitation, lateral movement, and data exfiltration tooling. This mode carries heightened responsibility:

• Abhimanyu mode must only be used on systems where you have explicit written authorization for exploitation (not just scanning).
• Many penetration testing scopes authorize scanning but not exploitation — verify your scope before using Abhimanyu.
• Reverse shell generation and post-exploitation tools must only be used in authorized engagements.
• Session data saved by Abhimanyu mode must be stored securely and deleted after the engagement.

7. Responsible disclosure

If you discover a vulnerability in a third-party system during authorized testing:

• Do not exploit the vulnerability beyond what is necessary to confirm its existence.
• Report the vulnerability to the system owner or their bug bounty program promptly.
• Do not publicly disclose the vulnerability before the owner has had a reasonable opportunity to remediate it (typically 90 days).
• Do not access, copy, or exfiltrate data beyond what is necessary to demonstrate the vulnerability.

8. Legal compliance

You are solely responsible for ensuring your use of CyberMind complies with all applicable laws in your jurisdiction, including but not limited to:

• Computer Fraud and Abuse Act (CFAA) — United States
• Computer Misuse Act — United Kingdom
• Information Technology Act, Section 66 — India
• EU Network and Information Security (NIS2) Directive
• Any other applicable national or regional cybercrime laws

Ignorance of the law is not a defense. If you are unsure whether a specific use is lawful, consult a legal professional before proceeding.

9. Enforcement

We reserve the right to:

• Suspend or terminate accounts that violate this AUP without prior notice.
• Report violations to law enforcement authorities.
• Cooperate with law enforcement investigations involving misuse of CyberMind.
• Pursue civil remedies for damages caused by AUP violations.

We monitor for abuse patterns including unusual API usage, suspicious request patterns, and reports from third parties.

10. Reporting violations

If you believe someone is using CyberMind in violation of this AUP, or if you have been targeted by a CyberMind user, please report it immediately:

Email: mrabhaygod12@gmail.com

Include as much detail as possible: timestamps, IP addresses, affected systems, and any evidence of the attack.

11. Contact

For questions about this policy:

Email: mrabhaygod12@gmail.com

Website: https://cybermind.thecnical.dev/contact