Currently supported versions with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security issue, please follow these steps:
Please do not report security vulnerabilities through public GitHub issues.
Send your report to:
- GitHub Security Advisories: Use the private vulnerability reporting feature
- Email: Create a private disclosure (recommended for critical issues)
Please provide:
- Type of vulnerability
- Full path of source file(s) related to the issue
- Location of affected source code (tag/branch/commit)
- Step-by-step instructions to reproduce
- Proof-of-concept or exploit code (if available)
- Impact assessment
- Suggested fix (if any)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Fix Timeline: Critical issues within 30 days
-
Run with Appropriate Privileges
# Only use sudo when necessary sudo python3 main.py -
Keep Dependencies Updated
pip install --upgrade -r requirements.txt
-
Verify Source
# Always clone from official repository git clone https://github.com/U-C4N/Wif-G.git -
Review Permissions
- Port scanning may require firewall exceptions
- Network modifications need admin rights
- Be cautious with optimization features
-
Code Review
- All PRs require review before merge
- Security-sensitive changes need extra scrutiny
-
Dependency Scanning
# Check for known vulnerabilities pip install safety safety check -
Static Analysis
# Security linting bandit -r src/ -
Input Validation
- Always validate user inputs
- Sanitize command-line arguments
- Prevent injection attacks
- Port scanning may trigger IDS/IPS alerts
- Some networks block or rate-limit scanning
- Ensure you have permission to scan the network
- Tool requires sudo for full functionality
- Minimal privilege principle applied where possible
- Root operations clearly documented
- No sensitive data is stored permanently
- Network credentials are never collected
- Temporary files cleaned up on exit
We believe in responsible disclosure:
- Report the vulnerability privately
- Allow reasonable time for fix development
- Coordinate public disclosure timing
- Credit researchers appropriately (if desired)
Security patches are released as:
- Critical: Immediate patch release
- High: Within 7 days
- Medium: Next minor version
- Low: Next major version
We appreciate security researchers who help keep Wif-G safe:
- [List will be updated as reports come in]
Last Updated: 2025-01-28