| Version | Supported |
|---|---|
| 3.0.x | β Active support |
| 2.0.x | |
| < 2.0 | β No longer supported |
If you discover a security vulnerability in KeyShield, please report it responsibly:
Send details to: keyshield-security@example.com
- Description of the vulnerability
- Steps to reproduce
- Impact assessment β what could an attacker do?
- Suggested fix (if you have one)
- Your contact information for follow-up
| Stage | Timeline |
|---|---|
| Acknowledgment | Within 48 hours |
| Initial assessment | Within 5 business days |
| Fix development | Within 14 business days |
| Public disclosure | After fix is released |
We will credit security researchers in our CHANGELOG and README (unless you prefer to remain anonymous).
- β Scans local processes, files, and system configuration
- β Generates reports stored locally
- β Runs a local-only web server (127.0.0.1 by default)
- β No network telemetry β never phones home
- β No data collection β all data stays on your machine
- β No cloud dependencies β works fully offline
- β No keystroke capture β KeyShield detects keyloggers, it is not one
- β No persistent system modifications β config stored in
~/.keyshield/
- Binds to
127.0.0.1by default (localhost only) - Path traversal protection on report downloads
- Thread-safe state management with proper locking
- No authentication by default (local-only use)
β οΈ If binding to0.0.0.0, the web GUI will be accessible from the network. Use this only in trusted environments and consider adding authentication.
We follow a coordinated disclosure process:
- Reporter submits vulnerability privately
- We acknowledge and begin investigation
- We develop and test a fix
- We release the fix and update CHANGELOG
- We credit the reporter (with permission)
- Reporter may publish details after fix release
KeyShield is a defensive security tool. We ask that all contributors and users:
- Use KeyShield only for authorized security testing
- Never use KeyShield code to create offensive tools
- Report vulnerabilities responsibly
- Follow all applicable laws and regulations