After a dozen-ish years of Nikto and some other tools, it's not been a problem for me either.
However, it doesn't have to be illegal for someone to sue you, or include you in a court case, which can ruin your day and possibly cost you money regardless of right or wrong. Having disclaimers and a license with a forum selection clause can make your life easier should the worst case thing happen. Just my $.02--the closest I am to being a lawyer is having watched Boston Legal. -Sullo to DoS something On Fri, Apr 4, 2014 at 2:29 PM, Andres Riancho <andres.rian...@gmail.com>wrote: > Hi. As w3af's project leader I've not received any legal threats over > the seven years this project has been alive. > > Only a couple of months ago, and just to be sure, I added this > disclaimer which users need to accept to run the tool. > > DISCLAIMER = """Usage of w3af for sending any traffic to a target > without prior mutual consent is illegal. It is the end user's > responsibility to > obey all applicable local, state and federal laws. Developers assume > no liability > and are not responsible for any misuse or damage caused by this > program.""" > > On Fri, Apr 4, 2014 at 7:58 AM, Bryan Bickford <br...@unhwildhats.com> > wrote: > > Greetings > > > > I am a security researcher who is working on a project in my free time, > > without going into details - the project will end with a powerful tool > > being publicly released. > > > > Obviously most cyber security tools have the potential for abuse. What > sort > > of legal hurdles (if any) do you need to overcome to protect yourself > when > > releasing software along the lines of metasploit? > > > > _______________________________________________ > > Sent through the Full Disclosure mailing list > > http://nmap.org/mailman/listinfo/fulldisclosure > > Web Archives & RSS: http://seclists.org/fulldisclosure/ > > > > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > -- http://www.cirt.net | http://rvasec.com/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/