| Version | Supported |
|---|---|
| 0.1.x | ✅ |
This is an offensive security tool designed for authorized assessments only. If you find a security vulnerability:
- Do not open a public GitHub issue.
- Report it privately via GitHub's Private Vulnerability Reporting.
- Include steps to reproduce, affected versions, and any suggested fix if known.
You should receive a response within 72 hours. If you don't, please follow up.
Tip
Enable Private Vulnerability Reporting in your repo settings to let researchers submit reports directly through the GitHub UI.
- Vulnerabilities in
qostitself (e.g., command injection, credential leakage in logs) - Unsafe default configurations or permissions
- Supply chain risks from dependencies
Warning
Abusing this tool against targets without authorization is a legal matter, not a security bug. This will not be treated as a valid report.
- Known CVEs in third-party dependencies that are already patched by upgrading