Argus is designed exclusively for authorized security testing. Always obtain written permission before scanning any target. Unauthorized scanning is illegal in most jurisdictions.
If you discover a security vulnerability in Argus itself (not in targets you're scanning), please report it responsibly:
- Do NOT open a public GitHub issue
- Email: c0rtexc0de@proton.me
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
| Action | Timeline |
|---|---|
| Acknowledgment | 48 hours |
| Initial assessment | 5 business days |
| Fix development | 14 business days |
| Public disclosure | After fix is released |
In scope:
- Command injection via crafted input
- Path traversal in report generation
- Credential exposure in logs/reports
- Dependency vulnerabilities
Out of scope:
- Issues in external tools (nuclei, sqlmap, etc.) — report upstream
- Social engineering
- Denial of service against Argus itself
| Version | Supported |
|---|---|
| 6.x | Yes |
| 5.x | Security fixes only |
| < 5.0 | No |