Skip to content

Commit a373e26

Browse files
committed
Add license and security policy
1 parent dae88f3 commit a373e26

6 files changed

Lines changed: 185 additions & 3 deletions

File tree

LICENSE

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
MIT License
2+
3+
Copyright (c) 2026 RedteamNotes
4+
5+
Permission is hereby granted, free of charge, to any person obtaining a copy
6+
of this software and associated documentation files (the "Software"), to deal
7+
in the Software without restriction, including without limitation the rights
8+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9+
copies of the Software, and to permit persons to whom the Software is
10+
furnished to do so, subject to the following conditions:
11+
12+
The above copyright notice and this permission notice shall be included in all
13+
copies or substantial portions of the Software.
14+
15+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21+
SOFTWARE.

README.md

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,8 @@ A C# CLI tool for reading and modifying AD-Integrated DNS records over LDAP, bui
1111
<p>
1212
<img src="https://img.shields.io/badge/platform-Windows-blue" alt="Platform">
1313
<img src="https://img.shields.io/badge/language-C%23-239120" alt="Language">
14-
<img src="https://img.shields.io/badge/license-MIT-green" alt="License">
14+
<a href="LICENSE"><img src="https://img.shields.io/badge/license-MIT-green" alt="License"></a>
15+
<a href="SECURITY.md"><img src="https://img.shields.io/badge/security-policy-blue" alt="Security Policy"></a>
1516
</p>
1617

1718
<p>
@@ -595,6 +596,16 @@ Type-specific data:
595596
cchNameLength (17 = label data including trailing 0x00)
596597
```
597598

599+
## Security
600+
601+
Please do not disclose vulnerabilities in public issues or pull requests. See
602+
[`SECURITY.md`](SECURITY.md) for the reporting process, supported versions,
603+
coordinated disclosure expectations, and safe harbor terms.
604+
605+
## License
606+
607+
SharpADIDNS is released under the MIT License. See [`LICENSE`](LICENSE).
608+
598609
## Disclaimer
599610

600611
For use in authorized security assessments, CTFs, and lab environments only. The author assumes no responsibility for misuse.

SECURITY.md

Lines changed: 126 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,126 @@
1+
# Security Policy
2+
3+
SharpADIDNS is a dual-use security and administration tool for AD-integrated
4+
DNS. This policy covers vulnerabilities in this project itself. It does not
5+
provide authorization to test, attack, or modify systems that you do not own or
6+
do not have explicit permission to assess.
7+
8+
## Supported Versions
9+
10+
This project does not maintain long-term support branches. Security fixes are
11+
handled for the latest tagged release and the `main` branch.
12+
13+
| Version | Security support |
14+
| ------- | ---------------- |
15+
| Latest tagged release | Supported |
16+
| `main` branch | Supported on a best-effort basis |
17+
| Older tags or forks | Not supported |
18+
19+
## Scope
20+
21+
In scope:
22+
23+
- Vulnerabilities in the SharpADIDNS source code.
24+
- Vulnerabilities in official release artifacts published from this repository.
25+
- Build, packaging, or documentation issues that could materially mislead users
26+
into unsafe operation.
27+
- Supply-chain or repository-integrity concerns affecting this project.
28+
29+
Out of scope:
30+
31+
- Abuse of expected SharpADIDNS functionality against systems without
32+
authorization.
33+
- Vulnerabilities in third-party environments, AD deployments, DNS
34+
configurations, C2 frameworks, or operator infrastructure.
35+
- Requests for help bypassing detection, access controls, or organizational
36+
policy in environments where you are not authorized.
37+
- Social engineering, physical attacks, spam, denial-of-service testing, or
38+
attacks against GitHub, maintainers, or project users.
39+
- Theoretical reports without a plausible impact path.
40+
41+
## Reporting a Vulnerability
42+
43+
Please do not disclose vulnerability details in a public issue, pull request,
44+
discussion, gist, social post, or chat transcript.
45+
46+
Preferred reporting channel:
47+
48+
- Use GitHub Private Vulnerability Reporting for this repository, if available:
49+
<https://github.com/RedteamNotes/SharpADIDNS/security/advisories/new>
50+
51+
Fallback reporting channel:
52+
53+
- If private reporting is not available, open a public issue titled
54+
`Security contact request` and include only a brief, non-sensitive summary.
55+
A maintainer can then arrange a private channel.
56+
57+
Please include:
58+
59+
- Affected version, tag, commit, or release artifact.
60+
- A clear impact statement and the security boundary being crossed.
61+
- Minimal reproduction steps or proof-of-concept details.
62+
- Relevant logs, command output, or screenshots with secrets removed.
63+
- Whether the issue is already publicly known or under active exploitation.
64+
- Any suggested remediation, if you have one.
65+
66+
Do not include production credentials, tokens, private keys, customer data,
67+
domain names, IP addresses, or other sensitive environmental details unless the
68+
maintainer explicitly asks for them and a private channel has been agreed.
69+
70+
## Handling and Disclosure
71+
72+
Expected response targets:
73+
74+
- Acknowledgement: within 3 business days.
75+
- Initial triage: within 7 business days.
76+
- Fix plan: based on severity, exploitability, affected versions, and release
77+
complexity.
78+
79+
Target remediation windows after confirmation:
80+
81+
| Severity | Target |
82+
| -------- | ------ |
83+
| Critical | 14 days |
84+
| High | 30 days |
85+
| Medium | Next reasonable release |
86+
| Low | Best effort |
87+
88+
For issues with broad user impact, the project may publish a GitHub Security
89+
Advisory, request a CVE, or release coordinated mitigation guidance. Public
90+
credit will be offered unless the reporter requests otherwise.
91+
92+
Please coordinate public disclosure with the maintainers. As a default, wait
93+
until a fix or mitigation is available, or 90 days after the issue is confirmed,
94+
whichever comes first, unless both sides agree to a different timeline.
95+
96+
## Safe Harbor
97+
98+
The project will not pursue legal action against good-faith security research
99+
that:
100+
101+
- Targets only systems, accounts, repositories, and data you are authorized to
102+
test.
103+
- Avoids privacy violations, data destruction, persistence, lateral movement,
104+
and service disruption.
105+
- Uses the minimum testing necessary to demonstrate the issue.
106+
- Reports the issue promptly and keeps details confidential during coordinated
107+
disclosure.
108+
- Does not use the vulnerability for extortion, unauthorized access, or
109+
operational advantage.
110+
111+
This safe harbor applies only to this project and its maintainers. It cannot
112+
bind third parties, employers, service providers, customers, or other legal
113+
owners of affected systems.
114+
115+
## Secure Use Expectations
116+
117+
SharpADIDNS is intended for authorized security assessments, lab environments,
118+
CTFs, and controlled administration work. Operators should prefer `--dry-run`
119+
and `--backup-to` before write operations, keep engagement authorization and
120+
change records, and avoid including secrets or customer-specific details in bug
121+
reports.
122+
123+
The maintainers may decline reports or requests whose primary purpose is to
124+
enable unauthorized operation, evade policy in third-party environments, or
125+
provide offensive tasking support rather than improve the security of the
126+
project.

SharpADIDNS.cs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
// SPDX-License-Identifier: MIT
2+
// Copyright (c) 2026 RedteamNotes
13
// SharpADIDNS - A C# CLI tool for reading and modifying AD-Integrated DNS records over LDAP.
24

35
using System;

docs/README.fr.md

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,8 @@ Outil CLI en C# pour lire et modifier les enregistrements DNS intégrés à AD v
1111
<p>
1212
<img src="https://img.shields.io/badge/platform-Windows-blue" alt="Platform">
1313
<img src="https://img.shields.io/badge/language-C%23-239120" alt="Language">
14-
<img src="https://img.shields.io/badge/license-MIT-green" alt="License">
14+
<a href="../LICENSE"><img src="https://img.shields.io/badge/license-MIT-green" alt="License"></a>
15+
<a href="../SECURITY.md"><img src="https://img.shields.io/badge/security-policy-blue" alt="Security Policy"></a>
1516
</p>
1617

1718
<p>
@@ -543,6 +544,17 @@ Données spécifiques au type :
543544
cchNameLength (17 = données de label incluant le 0x00 final)
544545
```
545546

547+
## Sécurité
548+
549+
Ne publiez pas les détails d'une vulnérabilité dans une issue ou une pull
550+
request publique. Consultez [`SECURITY.md`](../SECURITY.md) pour le processus de
551+
signalement, les versions prises en charge, la divulgation coordonnée et les
552+
conditions de safe harbor.
553+
554+
## Licence
555+
556+
SharpADIDNS est publié sous licence MIT. Consultez [`LICENSE`](../LICENSE).
557+
546558
## Avertissement
547559

548560
Réservé à la recherche autorisée, aux environnements de laboratoire et aux travaux d'administration en environnement contrôlé. L'auteur n'assume aucune responsabilité en cas d'utilisation abusive.

docs/README.zh-CN.md

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,8 @@
1111
<p>
1212
<img src="https://img.shields.io/badge/platform-Windows-blue" alt="Platform">
1313
<img src="https://img.shields.io/badge/language-C%23-239120" alt="Language">
14-
<img src="https://img.shields.io/badge/license-MIT-green" alt="License">
14+
<a href="../LICENSE"><img src="https://img.shields.io/badge/license-MIT-green" alt="License"></a>
15+
<a href="../SECURITY.md"><img src="https://img.shields.io/badge/security-policy-blue" alt="Security Policy"></a>
1516
</p>
1617

1718
<p>
@@ -601,6 +602,15 @@ offset size field
601602
cchNameLength (17 = 标签数据含末尾 0x00 字节)
602603
```
603604

605+
## 安全反馈
606+
607+
请不要在公开 issue 或 pull request 中披露漏洞细节。报告流程、支持版本、
608+
协调披露要求与安全港条款见 [`SECURITY.md`](../SECURITY.md)
609+
610+
## 开源许可
611+
612+
SharpADIDNS 基于 MIT License 开源,详见 [`LICENSE`](../LICENSE)
613+
604614
## 免责声明
605615

606616
仅供授权研究、实验环境与运维测试使用。作者不对滥用承担任何责任。

0 commit comments

Comments
 (0)