Responsible Use

You may only monitor domains, assets and organizations that you own or that you have explicit, documented permission to assess. Using CTIScanner to observe or probe targets without authorization may violate computer misuse, privacy and other laws in your jurisdiction.

Before monitoring a domain, make sure you can demonstrate ownership or authorization. Domain ownership verification is the gate that establishes you have the right to assess a target. Do not add targets you cannot account for.

• surveillance of individuals or organizations without consent;
• reconnaissance in support of intrusion, fraud or extortion;
• harassment, stalking, or building dossiers on people without a lawful basis;
• any activity that breaks the law where you, or your target, are located.

CTIScanner surfaces exposure so you can fix it. Findings are intended to drive remediation of your own environment, not to weaponize information against others. Validate findings before acting, and handle any sensitive data they reveal with care.

If you believe an account is using CTIScanner to target assets without authorization, report it to us so we can investigate. We take abuse seriously.

We may suspend or terminate accounts that violate this policy or our Terms of Service, and we may cooperate with lawful requests from authorities where required.