Acceptable Use Policy

Buckler builds offensive security training tools. These tools automate real attack techniques and generate real exploit payloads. They are powerful — and that power comes with responsibility. This Acceptable Use Policy defines the boundaries of legal, ethical use. Violation of this policy constitutes a breach of your license agreement and may result in criminal liability.

• Testing systems, networks, and applications that you own outright.
• Testing in a lab environment you control (physical or virtual, including LabGen environments).
• Authorized penetration testing engagements with a signed, written statement of work from the asset owner.
• CCDC, CTF, and other sanctioned cyber defense competitions with explicit permission from event organizers.
• Academic research in isolated lab environments with institutional approval.
• Security training and education in closed, air-gapped, or purpose-built learning environments.

• Testing or attacking any system, network, or application without explicit written authorization from the owner.
• Using Buckler tools against critical infrastructure, healthcare systems, financial systems, or government networks.
• Denial-of-service attacks or any action intended to degrade availability of systems you do not own.
• Exfiltrating, modifying, or destroying data on systems you are not authorized to access.
• Deploying malware, ransomware, or persistent backdoors on systems without explicit authorization.
• Using Buckler tools to facilitate crimes, harassment, espionage, or any activity prohibited by applicable law.
• Sharing, reselling, or distributing your license key or downloaded installers to third parties.
• Using Buckler tools to attack Buckler's own infrastructure or other Buckler customers.

"Authorization" means explicit, written permission from a person with legal authority to grant such permission for the specific systems in scope. Verbal permission, implied consent, and "I own an account on the site" do not constitute authorization to run offensive security tools against a system.

If you are uncertain whether your use case is authorized, stop and get written sign-off before proceeding.

If you become aware of misuse of Buckler products, or if you discover a security vulnerability in Buckler software, please report it immediately to bucklersoftware@gmail.com. We take all reports seriously and will respond within 48 hours.

Violations of this policy will result in immediate license termination without refund. We reserve the right to report violations to law enforcement agencies and cooperate fully with investigations.

Unauthorized computer access is a criminal offense in most jurisdictions, including under the U.S. Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act, and equivalent laws worldwide. "I was using a legitimate tool" is not a defense.

This AUP is incorporated by reference into the Buckler Terms of Use. In the event of a conflict between this AUP and the Terms, this AUP controls with respect to acceptable use.

Questions about this policy: bucklersoftware@gmail.com