Terms and Conditions

Last Updated: January 27, 2026

Welcome to PentestO. These Terms and Conditions ("Terms", "Agreement") govern your access to and use of the PentestO security testing platform located at pentesto.com.au (the "Service", "Platform"). Please read these Terms carefully before using our Service.

1. Acceptance of Terms

1.1 Agreement to Terms

By accessing or using PentestO, you agree to be bound by these Terms and all applicable laws and regulations. If you do not agree with any part of these Terms, you must not use our Service.

1.2 Eligibility

You must be at least 18 years old and have the legal capacity to enter into binding contracts to use this Service. By using PentestO, you represent and warrant that you meet these requirements.

1.3 Modifications to Terms

We reserve the right to modify these Terms at any time. We will notify you of material changes via email or through a prominent notice on our Platform. Your continued use of the Service after such modifications constitutes acceptance of the updated Terms.

2. Service Description

2.1 PentestO Platform Overview

PentestO is a comprehensive security testing platform that provides automated vulnerability assessment and penetration testing capabilities through seven specialized tools:

Tool	Port	Purpose
EnumBox	9001	Endpoint discovery and enumeration using Katana
VulnBox	9002	Vulnerability scanning using Nuclei templates
LogicBox	9003	Security finding aggregation and correlation
ExploitBox	9004	Exploitation testing and proof-of-concept validation
WebBox	9005	Web application security testing including XSS detection with dalfox
AuthBox	9006	Authentication and authorization testing (JWT, session management)
APIBox	9007	API security testing with Swagger/OpenAPI support

2.2 Service Features

The Platform provides the following capabilities:

• Automated Security Scanning: Comprehensive vulnerability detection across web applications, APIs, and authentication mechanisms
• Progress Tracking: Real-time monitoring of long-running security scans
• Persistent Storage: Historical scan results and data retention
• JSON Export: Comprehensive security reports in JSON format
• Background Processing: Celery-based asynchronous task execution for extended scans
• Integrated Pipeline: Seamless workflow across multiple security testing domains

2.3 Service Limitations

The Service is subject to the following limitations:

• Timeout Controls: Scans are subject to timeout limits (5-10 minutes per tool) to ensure platform stability
• Rate Limiting: Concurrent scans and API requests are rate-limited to prevent abuse
• Resource Constraints: Heavy scans may be queued during peak usage periods
• Tool Availability: Individual tools may be temporarily unavailable for maintenance or updates

3. Account Registration and Security

3.1 Account Creation

To access the Service, you must:

• Provide accurate, complete, and current registration information
• Maintain and update your account information to keep it accurate
• Create a strong, unique password for your account
• Accept sole responsibility for all activities under your account

3.2 Account Security

You are responsible for:

• Maintaining the confidentiality of your account credentials
• Immediately notifying us of any unauthorized access or security breach
• Not sharing your account with others or allowing unauthorized access
• Using strong authentication practices

3.3 Account Termination

We reserve the right to suspend or terminate your account if:

• You violate these Terms or applicable laws
• You conduct unauthorized security testing
• You engage in abusive or fraudulent activity
• Your account remains inactive for an extended period
• We are required to do so by law or legal process

4. Authorized Use and Legal Compliance

4.1 Authorization Requirements

Before using PentestO to test any target, you must:

• Own the target system or application being tested, OR
• Have explicit written permission from the system owner, OR
• Have a formal penetration testing agreement in place

4.2 Prohibited Activities

You must NOT use PentestO to:

• Test systems without proper authorization
• Conduct malicious attacks or cause damage to target systems
• Access, modify, or exfiltrate data without authorization
• Test critical infrastructure, government systems, or financial institutions without proper legal frameworks
• Violate privacy laws or regulations
• Engage in any illegal activity
• Test systems during unauthorized time windows
• Exceed the scope of your authorized testing agreement

4.3 Compliance with Laws

You agree to comply with all applicable laws, including but not limited to:

• Computer fraud and abuse laws
• Data protection and privacy regulations (GDPR, CCPA, Privacy Act 1988)
• Telecommunications regulations
• Cybersecurity laws and standards
• Export control regulations

4.4 Acceptable Use

You may use PentestO only for:

• Authorized security assessments and penetration testing
• Vulnerability research on systems you own or have permission to test
• Security training and education (on designated practice environments)
• Compliance testing as required by security frameworks (PCI-DSS, ISO 27001, etc.)

5. User Responsibilities

5.1 Target System Responsibility

You acknowledge and agree that:

• You are solely responsible for obtaining and maintaining proper authorization
• You must verify authorization before submitting targets to PentestO
• You must respect scope limitations defined in testing agreements
• You must notify system owners of discovered vulnerabilities in accordance with responsible disclosure practices
• You will not hold PentestO liable for any consequences of unauthorized testing

5.2 Data Security

You are responsible for:

• Protecting sensitive data obtained during security testing
• Properly handling authentication credentials (JWT tokens, API keys, session cookies)
• Securely storing and managing scan results
• Deleting sensitive data when no longer needed
• Complying with data protection requirements when testing systems containing personal data

5.3 Scan Configuration

You must:

• Configure scans appropriately to avoid service disruption
• Respect rate limits and timeout settings
• Schedule intensive scans during approved maintenance windows
• Monitor scan progress and stop scans if issues arise
• Provide accurate target information to ensure scan accuracy

6. Intellectual Property

6.1 PentestO Intellectual Property

The Service, including all software, tools, interfaces, documentation, and content, is owned by PentestO and protected by copyright, trademark, and other intellectual property laws. You are granted a limited, non-exclusive, non-transferable license to access and use the Service in accordance with these Terms.

6.2 Third-Party Tools

PentestO integrates the following open-source security tools:

• Nuclei: Used under ProjectDiscovery's MIT License
• Katana: Used under ProjectDiscovery's MIT License
• dalfox: Used under its respective open-source license

These tools remain the property of their respective owners and are subject to their original licenses.

6.3 User Content

You retain ownership of:

• Target URLs and systems you submit for testing
• Custom API specifications (Swagger/OpenAPI files) you upload
• Authentication credentials you provide

However, you grant PentestO a limited license to process this data solely for the purpose of providing the Service.

6.4 Scan Results

Scan results generated by PentestO are your property. However, we reserve the right to use anonymized, aggregated scan data to:

• Improve our scanning capabilities
• Develop new vulnerability detection signatures
• Conduct security research
• Generate industry benchmarks and statistics

7. Payment and Billing

7.1 Subscription Plans

PentestO offers various subscription tiers with different features and usage limits. Pricing information is available on our website and subject to change with 30 days' notice.

7.2 Payment Terms

By subscribing to a paid plan, you agree to:

• Provide accurate billing information
• Pay all fees according to the billing schedule
• Authorize automatic recurring payments (if applicable)
• Pay applicable taxes and fees

7.3 Refund Policy

Refunds are provided under the following conditions:

• Service downtime exceeding 99% uptime SLA (for applicable tiers)
• Billing errors or duplicate charges
• Cancellation within 14 days of initial subscription (pro-rated)

Refunds are not provided for:

• Violation of Terms resulting in account termination
• Change of mind after 14-day period
• Failure to use the Service

7.4 Cancellation

You may cancel your subscription at any time. Upon cancellation:

• You will retain access until the end of the current billing period
• No refund will be provided for partial months
• Your scan data will be retained for 90 days before deletion

8. Service Availability and Performance

8.1 Service Level

We strive to maintain high availability but do not guarantee uninterrupted access. The Service is provided "as is" and "as available."

8.2 Maintenance and Downtime

We reserve the right to:

• Perform scheduled maintenance with advance notice
• Conduct emergency maintenance without notice
• Temporarily suspend the Service for updates or security patches
• Modify or discontinue features with reasonable notice

8.3 Technical Support

Technical support is provided via email at support@pentesto.com.au. Response times vary based on subscription tier:

• Enterprise: 4-hour response for critical issues
• Professional: 24-hour response for standard issues
• Basic: 48-hour response for general inquiries

9. Data Protection and Privacy

9.1 Privacy Policy

Your use of PentestO is also governed by our Privacy Policy, which is incorporated into these Terms by reference. Please review our Privacy Policy at pentesto.com.au/privacy.

9.2 Data Processing

By using the Service, you consent to:

• Processing of target URLs and system data for security testing purposes
• Storage of scan results and vulnerability findings
• Analysis of scan data to improve service quality
• Data transfers necessary to provide the Service

9.3 Data Retention

We retain your data as follows:

• Scan results: Indefinitely (unless deleted by you)
• Account data: Duration of active account plus 90 days
• System logs: 90 days for security and troubleshooting
• Billing records: As required by law (typically 7 years)

9.4 Data Security Measures

We implement industry-standard security controls including:

• SSL/TLS encryption via Let's Encrypt certificates
• ModSecurity 3.0.10 Web Application Firewall
• Secure password hashing and storage
• Docker container isolation
• Regular security updates and patch management
• Access controls and authentication mechanisms

10. Disclaimers and Limitations of Liability

10.1 Service Disclaimer

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:

• Warranties of merchantability, fitness for a particular purpose, or non-infringement
• Warranties that the Service will be uninterrupted, secure, or error-free
• Warranties regarding the accuracy, completeness, or reliability of scan results
• Warranties that all vulnerabilities will be detected

10.2 Security Testing Limitations

You acknowledge that:

• No security tool is perfect: PentestO may produce false positives or false negatives
• Scanning is not comprehensive: Automated tools cannot detect all security issues
• Results require validation: Findings should be manually verified by qualified security professionals
• Scanning is not exploitation: Detection of a vulnerability does not guarantee exploitability
• New vulnerabilities emerge: Zero-day vulnerabilities may not be detected

10.3 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, PENTESTO SHALL NOT BE LIABLE FOR:

• Indirect, incidental, consequential, or punitive damages arising from your use of the Service
• Loss of data, profits, revenue, or business opportunities resulting from Service use or unavailability
• Damages resulting from unauthorized security testing conducted using our Platform
• Damages caused by false positives or false negatives in scan results
• Service disruptions or downtime affecting your target systems
• Security breaches at target systems discovered through our Service
• Legal consequences arising from your violation of applicable laws

10.4 Maximum Liability Cap

In no event shall PentestO's total liability to you for all claims arising from or related to the Service exceed the amount you paid to PentestO in the 12 months preceding the claim, or $100 AUD, whichever is greater.

10.5 Third-Party Actions

PentestO is not responsible for:

• Actions taken by target system owners in response to security testing
• Legal action resulting from unauthorized testing
• Third-party claims related to your use of the Service
• Bugs or issues in third-party open-source tools (Nuclei, Katana, dalfox)

11. Indemnification

11.1 Your Indemnification Obligation

You agree to indemnify, defend, and hold harmless PentestO, its officers, directors, employees, contractors, and agents from and against any claims, liabilities, damages, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising from:

• Your violation of these Terms
• Your violation of any law or regulation
• Your unauthorized security testing or illegal access to systems
• Your infringement of any third-party rights
• Your misuse of scan results or vulnerability information
• Any content or data you submit to the Service
• Your failure to obtain proper authorization for security testing

11.2 Defense of Claims

PentestO reserves the right to assume the exclusive defense and control of any matter subject to indemnification by you, and you agree to cooperate with our defense of such claims.

12. Dispute Resolution

12.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of Australia (specifically Western Australia), without regard to its conflict of law provisions.

12.2 Jurisdiction

You agree that any legal action or proceeding arising from these Terms shall be brought exclusively in the courts of Western Australia, Australia. You consent to the personal jurisdiction of such courts.

12.3 Informal Resolution

Before filing any legal claim, you agree to first contact us at legal@pentesto.com.au to attempt to resolve the dispute informally. We will work in good faith to resolve disputes through negotiation.

12.4 Arbitration

If informal resolution fails, disputes shall be resolved through binding arbitration in Perth, Western Australia, under the rules of the Australian Centre for International Commercial Arbitration (ACICA), except for:

• Claims for injunctive or equitable relief
• Claims related to intellectual property
• Small claims court matters under jurisdictional limits

12.5 Class Action Waiver

You agree that any proceedings to resolve disputes will be conducted on an individual basis and not as a class action, consolidated action, or representative action.

13. Prohibited Uses and Enforcement

13.1 Platform Abuse

You must not:

• Attempt to circumvent security controls or rate limits
• Reverse engineer, decompile, or disassemble any part of the Service
• Use automated tools to access the Service beyond normal operation
• Overload our infrastructure with excessive requests
• Interfere with other users' access to the Service
• Introduce malware, viruses, or harmful code
• Attempt to gain unauthorized access to our systems

13.2 Content Restrictions

You must not use PentestO to test or attack:

• Systems containing child sexual abuse material
• Systems involved in terrorism or violent extremism
• Systems facilitating illegal weapons or drug trafficking
• Systems designed to circumvent law enforcement

13.3 Enforcement Actions

Upon detection of violations, we may:

• Issue warnings or temporary suspensions
• Terminate your account immediately
• Report illegal activity to law enforcement
• Cooperate with investigations and provide user data as required by law
• Pursue legal action for damages or injunctive relief

14. Export Controls and Sanctions

14.1 Export Compliance

The Service may be subject to export control laws and regulations. You represent that you are not:

• Located in a country subject to comprehensive sanctions
• Listed on any government restricted parties list
• Prohibited from receiving products or services under applicable export laws

14.2 Technology Use Restrictions

You agree not to use the Service for:

• Development of weapons of mass destruction
• Nuclear, chemical, or biological weapons programs
• Missile technology development
• Any purpose prohibited by export control regulations

15. Miscellaneous Provisions

15.1 Entire Agreement

These Terms, together with our Privacy Policy, constitute the entire agreement between you and PentestO regarding the Service and supersede all prior agreements and understandings.

15.2 Severability

If any provision of these Terms is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.

15.3 Waiver

Our failure to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. Any waiver must be in writing and signed by an authorized representative of PentestO.

15.4 Assignment

You may not assign or transfer these Terms or your account without our prior written consent. We may assign these Terms without restriction. Any attempted assignment in violation of this section is void.

15.5 Force Majeure

PentestO shall not be liable for any failure or delay in performance due to circumstances beyond our reasonable control, including acts of God, war, terrorism, riots, natural disasters, or infrastructure failures.

15.6 Notices

Notices to PentestO must be sent via email to legal@pentesto.com.au. Notices to you will be sent to the email address associated with your account. You agree that electronic notices satisfy any legal communication requirements.

15.7 Survival

The following sections shall survive termination of these Terms: Intellectual Property, Payment and Billing (for unpaid amounts), Disclaimers and Limitations of Liability, Indemnification, Dispute Resolution, and Miscellaneous Provisions.

16. Responsible Disclosure

16.1 Reporting Security Issues

If you discover security vulnerabilities in PentestO's platform, we request that you:

• Report the issue confidentially to security@pentesto.com.au
• Provide sufficient detail to reproduce the vulnerability
• Allow reasonable time for remediation before public disclosure
• Do not exploit the vulnerability beyond what is necessary for demonstration

16.2 Bug Bounty

We may offer rewards for responsibly disclosed security vulnerabilities. Details of our bug bounty program are available upon request.

17. Professional Use and Recommendations

17.1 Not a Substitute for Professional Services

PentestO is a tool to assist with security testing but does not replace:

• Professional penetration testing services
• Security consulting and advisory services
• Compliance assessments and audits
• Legal counsel regarding authorization and liability
• Incident response and forensic services

17.2 Recommendations

We recommend that users:

• Combine automated scanning with manual testing
• Engage professional penetration testers for critical assessments
• Consult legal counsel before conducting security testing
• Maintain comprehensive documentation of testing activities
• Follow industry frameworks (OWASP, NIST, PTES) for methodology

---

© 2026 PentestO Pty Ltd. All rights reserved.
These Terms and Conditions were last updated on January 27, 2026.