Author: André Henrique (@mrhenrike) | União Geek — https://github.com/Uniao-Geek
Language: English (en-US) — default. Português (pt-BR): SECURITY.pt-BR.md
- In scope: flaws in WirelessXPL-Forge itself (Python code, declared dependencies,
tools/scripts) affecting the operator (RCE on the analyst machine, unsafe input handling, etc.). - Out of scope: “0-day” on third-party devices found while using the framework; report through vendor or their bug bounty.
- Functional scope: 802.11 / WPA / WPA3 / EAPOL, Bluetooth LE, PCAP analysis, wordlists, and bridges to host tooling — not the RouterXPL SOHO exploit tree.
- Use GitHub private vulnerability reporting: Security → Report a vulnerability on
mrhenrike/WirelessXPL-Forge. - Or email suporte@uniaogeek.com.br with subject
WXF Security. - Do not file a public issue with a full exploit before triage.
- Include:
- Affected commit or tag
- Minimal reproduction steps
- Impact (confidentiality, integrity, availability)
- Suggested patch (optional)
- Logs without third-party secrets
| Phase | Target |
|---|---|
| Acknowledgement | ~72 hours |
| Initial triage | ~7 business days |
| Fix | depends on severity and complexity |
We prefer coordinated disclosure: keep details private until a fix or agreed timeline. Immediate public PoC may be discouraged when it puts users at risk.
- Use only on assets you own or with written authorization.
- Third-party production requires contract and clear rules of engagement.
- Do not submit customer data, credentials, or dumps to this repository.
- Modules may be destructive in lab environments — isolate test networks.
Harassment or abuse in project channels: see CODE_OF_CONDUCT.md and use private reporting where appropriate.
Author: André Henrique (@mrhenrike) | União Geek — https://github.com/Uniao-Geek