Please report security issues privately through GitHub Security Advisories when the repository is published. If advisories are not enabled yet, contact the maintainers privately before opening a public issue.

Do not include:

• Real API keys, session cookies, bearer tokens, or passwords.
• Raw traffic from systems you do not own.
• Burp project files, .har, .pcap, or .pcapng captures containing sensitive data.
• Exploit chains against real third-party systems.

Use synthetic examples that preserve the shape of the bug without exposing real secrets or targets.

The main branch and the latest GitHub release are supported for security fixes.

This tool is intended for authorized testing and education. Reports or contributions that attempt to turn it into an autonomous exploitation tool will not be accepted.