998 B
998 B
Security policy
Thanks for taking the time to look at this. This tool authenticates against BMCs over SSH and HTTPS, runs commands as the chosen user, and writes their output to disk — so vulnerability reports are very welcome.
Supported versions
Only the latest tagged release is supported. Older versions will not get fixes; please upgrade first.
How to report a vulnerability
Please do not open a public issue for security-sensitive findings.
Report privately by email to the maintainer at engelgardt2024@gmail.com.
Please include:
- The version you tested (the startup banner is enough).
- Steps to reproduce.
- An assessment of impact.
Reports are reviewed and addressed on a best-effort basis. A fix and a public advisory will be published once the issue is resolved. Reporters are credited unless they prefer to stay anonymous.
Out of scope
- Issues that require the attacker to already control the host or the BMC.
- Behaviour with explicitly broken credentials.