Service agreement and scan authorization

pentesting.se performs active probing against assets that the customer adds and verifies. By using the service the customer warrants the following:

1. Ownership or written authorization. The customer owns – or has documented written authorization from the owner of – every domain, IP, application or other asset added for scanning. This warranty is given both at registration and at every new asset added.
2. Permitted scope. The customer accepts that the service performs active probing (HTTP requests, port scans, vulnerability checks) within the specified scope. Probing follows a "gentle" baseline unless otherwise agreed.
3. Side effects on shared infrastructure. Many assets sit behind shared CDN, hosting or SaaS providers. The customer understands that probing of an owned asset may in rare cases trigger alerts or throttling at such a third party. The customer is solely responsible for handling any inquiries from providers of shared infrastructure.
4. Limitation of liability. Adminor AB is not liable for indirect damages, downtime or compensation claims arising from the customer adding an asset without proper authorization, or from side effects on third-party infrastructure. The customer indemnifies Adminor AB against third-party claims caused by incorrect scope or ownership information provided by the customer.
5. No active exploitation. The service performs vulnerability detection, not active exploitation. We do not modify or delete data in the customer's systems, and we do not touch third-party systems.
6. Revocation. The customer can pause or remove an asset from scanning at any time via the control panel. The service stops probing that asset within 24 hours.

If you need a separately signed version of this scan authorization (e.g. for Enterprise engagements or where the customer represents another legal entity) contact [email protected].