By accessing or using VulneraX, you agree to these Terms & Conditions and any policies referenced herein. If you do not agree, do not use the Service.

You represent that you have the authority to bind the entity or organization on whose behalf you use VulneraX.

VulneraX provides an automated vulnerability scanning and reporting tool for websites and web applications. The release includes 155 modular scanners across three depth tiers: Shallow, Deep, and Deepest.

Reports include a summary dashboard, findings, remediation guidance, and a computed posture score. The posture score is informational and should not be treated as a certification or guarantee.

• Shallow Scanners: headers, cookies, basic hygiene, tech fingerprinting.
• Deep Scanners: injection vectors, file traversal, admin discovery, API key leaks, OAuth misconfig, and more.
• Deepest Scanners: XSS families, prototype pollution, SSRF (incl. OOB), CRLF, WebSocket issues, and advanced tactics.

You may only scan domains, subdomains, applications, or infrastructure for which you hold explicit authorization. You are solely responsible for ensuring you have the legal right to perform scans.

Prohibited: scanning third-party assets without permission, government or critical infrastructure targets where scanning is restricted, or any target prohibited by applicable law.

You agree not to misuse the Service. Do not attempt to disrupt service, escalate privileges, or perform denial-of-service attacks.

You will respect rate limits, robots and legal constraints, and will not use VulneraX to exfiltrate data or bypass authentication beyond controlled test vectors used by the scanners.

The release supports Google OAuth sign-in. You are responsible for maintaining the confidentiality of your account and tokens.

You agree that activity under your account is your responsibility. Notify us of suspected compromise immediately.

Generated reports (PDFs) and related artifacts are provided for your internal use and may include sensitive information about your systems.

You are responsible for distributing, storing, and applying remediation based on the report. We may retain anonymized or aggregated data to improve the Service.

During this release phase, billing features may be limited or in-progress. Payment tiers, invoicing, and subscription management may be introduced in future releases.

If you are on a paid plan (when enabled), you agree to timely payment of fees and applicable taxes.

We may modify, suspend, or discontinue parts of the Service with or without notice. We will make reasonable efforts to minimize disruption.

Features marked ‘Planned’ are not part of the release and may change or be cancelled.

Each party may receive confidential information from the other. You agree to protect our non-public information; we agree to protect yours, including scan inputs and results, per our Privacy Policy.

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE.” WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

Security scanning is inherently probabilistic: findings may contain false positives or false negatives. Reports and scores are informational and do not constitute a security certification.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE WILL NOT BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, DATA, OR GOODWILL.

Our aggregate liability for claims arising out of or relating to the Service shall not exceed the amounts paid by you to us in the 12 months preceding the event giving rise to the claim, or $100 if no amounts were paid.

You will indemnify and hold VulneraX harmless from claims arising out of your misuse of the Service, your breach of these Terms, or your unauthorized scanning of assets.

Our collection, use, and processing of personal data is described in our Privacy Policy. By using the Service, you consent to such processing.

You represent and warrant that your use of the Service complies with applicable laws, including export control, sanctions, and data protection.

These Terms are governed by applicable law as determined by the Service operator’s domicile, without regard to conflict of laws. Venue and jurisdiction will be in the courts of that domicile.

Parties will first attempt to resolve disputes informally before initiating legal action.

We may update these Terms from time to time. Material changes will be posted with a new effective date. Continued use after changes constitutes acceptance.

For questions about these Terms, contact: legal@vulnerax.in