Active Malware or Exploits Policy
Policy governing the use of Uhpenry to host or distribute malicious or harmful software.
Uhpenry is committed to maintaining a secure and trustworthy community. Projects that intentionally harm others, spread malware, or facilitate exploitation of systems or individuals are strictly prohibited. While Uhpenry values educational content and ethical security research, safety will always come first.
Strictly Prohibited Behavior
You may not use Uhpenry to:
- Deliver or distribute malicious executables or scripts (e.g., viruses, trojans, ransomware).
- Act as command-and-control (C2) infrastructure for malware or botnets.
- Launch or organize denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks.
- Enable unauthorized access to devices or networks (e.g., backdoors, credential dumpers).
- Create or distribute cryptojacking tools or unauthorized miners.
- Host phishing kits or other social engineering payloads.
- Cause technical harms, including:
- Downtime
- Physical damage
- Overconsumption of resources
- Data loss or corruption
Ethical Security Research
Uhpenry allows dual-use security research projects with limitations:
- Projects must have clearly stated educational or research intent in the
README.md. - Dangerous functionality must be neutralized or sandboxed (e.g., commented-out payloads, restricted IP range, disabled auto-run).
- Projects must not be monetized or promoted as tools for unauthorized hacking or exploitation.
- Publicly known exploit proof-of-concepts (PoCs) are allowed if responsibly shared and disclosed.
To improve visibility and enforcement, all such projects must be tagged with the Security preset. This helps Uhpenry categorize, monitor, and support responsible security research while reducing abuse.
Projects lacking the Security preset may be flagged or removed if found to contain sensitive or dual-use content.
Special Considerations for Uhpenry
Unlike GitHub, Uhpenry is not designed as a primary platform for distributing exploit kits or vulnerability test tools. Therefore:
- Projects explicitly focused on offensive security or post-exploitation frameworks may be flagged, restricted, or removed at Uhpenry's discretion.
- Uhpenry does not allow malware campaigns or research content that could be easily repurposed for harm without modification.
- Listings used to monetize or promote dangerous tools (e.g., exploit bundles or red-team payloads) are not permitted, regardless of license or disclaimer.
Temporary Restrictions and Takedowns
In cases where abuse is detected:
- Uhpenry may place the project behind authentication, restrict visibility, or remove the project.
- Takedown actions may be taken without prior notice in severe cases, especially if the project endangers users or systems.
- Affected developers may appeal decisions by contacting support@uhpenry.com.
Project Owner Responsibility
All project owners are expected to:
- Include a disclaimer about potentially harmful components.
- Provide a contact method in
SECURITY.mdfor abuse-related inquiries. - Respond promptly to complaints or takedown requests from the Uhpenry team.
Failure to comply may result in project removal or account suspension.
GitHub Integration and Platform Responsibilities
Since Uhpenry integrates with GitHub, any repository synced to Uhpenry must also comply with:
If GitHub disables or restricts access to a repository, Uhpenry may mirror that action to ensure platform safety.
Final Notes
Uhpenry does not tolerate the use of its platform to facilitate harm, intentional or not. While we aim to support innovation and research, abuse of these freedoms will result in swift and decisive action to protect the community.