Responsible Use Guidelines

ProRT-IP is a powerful network scanning tool. With power comes responsibility. This guide outlines legal, ethical, and professional standards for using ProRT-IP.

Authorization Requirements

CRITICAL: Never scan systems without explicit written authorization.

Unauthorized scanning may violate:

  • United States: Computer Fraud and Abuse Act (CFAA) - 18 U.S.C. Section 1030
  • European Union: Directive 2013/40/EU on attacks against information systems
  • United Kingdom: Computer Misuse Act 1990
  • Canada: Criminal Code Section 342.1
  • Australia: Criminal Code Act 1995, Part 10.7

Obtaining Authorization

Before scanning any system:

  1. Identify the asset owner - Who controls the systems?
  2. Request written permission - Email/contract with explicit scope
  3. Define boundaries - IP ranges, ports, timing, techniques
  4. Document everything - Keep records of all authorizations
  5. Verify scope - Confirm you're scanning authorized targets only

Authorization Template

NETWORK SCANNING AUTHORIZATION

Date: [DATE]
Authorizing Party: [NAME/TITLE]
Organization: [COMPANY]

I hereby authorize [YOUR NAME/COMPANY] to perform network
scanning activities on the following systems:

Target Scope:
- IP Ranges: [SPECIFY]
- Ports: [SPECIFY]
- Protocols: [TCP/UDP/BOTH]

Authorized Techniques:
- [ ] TCP SYN Scan
- [ ] TCP Connect Scan
- [ ] UDP Scan
- [ ] Service Detection
- [ ] OS Detection
- [ ] Stealth Scans (FIN/NULL/Xmas)

Time Window: [START] to [END]
Emergency Contact: [PHONE/EMAIL]

Signature: _________________
Date: _________________

Ethical Guidelines

Professional Standards

Follow these principles in all scanning activities:

  1. Minimize Impact

    • Use appropriate timing templates (T2-T3 for production)
    • Enable rate limiting to prevent service disruption
    • Scan during maintenance windows when possible

  2. Respect Privacy

    • Don't access data beyond scan scope
    • Protect discovered information
    • Report vulnerabilities responsibly

  3. Maintain Integrity

    • Don't modify target systems
    • Don't exploit discovered vulnerabilities (unless authorized)
    • Document all findings accurately

  4. Act Professionally

    • Follow disclosure policies
    • Communicate clearly with stakeholders
    • Maintain confidentiality

Acceptable Use Cases

Authorized Uses:

Use CaseRequirements
Penetration TestingWritten contract, defined scope
Red Team OperationsManagement approval, rules of engagement
Security ResearchOwn systems or bug bounty programs
Network InventoryInternal authorization, asset ownership
Compliance AuditsAudit charter, management approval
Incident ResponseAuthorization from affected party

Prohibited Uses:

  • Scanning without authorization
  • Attacking systems you don't own
  • Distributed denial of service
  • Data theft or exfiltration
  • Competitive intelligence gathering
  • Harassment or stalking

Best Practices

Pre-Scan Checklist

  • Written authorization obtained
  • Scope boundaries confirmed
  • Emergency contacts available
  • Timing appropriate for target
  • Rate limiting configured
  • Output security planned

During Scanning

  • Monitor resource usage
  • Watch for service disruption
  • Stay within authorized scope
  • Log all activities
  • Be ready to stop immediately

Post-Scan Actions

  • Secure all results
  • Delete unnecessary data
  • Report findings appropriately
  • Maintain confidentiality
  • Document lessons learned

Data Protection

Handling Scan Results

Scan results may contain sensitive information:

  • IP addresses and hostnames
  • Service versions and configurations
  • Potential vulnerabilities
  • Network topology information

Protection Requirements:

  1. Encryption - Encrypt results at rest and in transit
  2. Access Control - Limit who can view results
  3. Retention - Delete when no longer needed
  4. Sharing - Only share with authorized parties

GDPR Considerations

If scanning involves EU systems or data subjects:

  • Document lawful basis for processing
  • Implement data minimization
  • Respect data subject rights
  • Report breaches within 72 hours
  • Maintain processing records

Emergency Procedures

If You Cause Disruption

  1. Stop scanning immediately
  2. Document what happened
  3. Contact the asset owner
  4. Assist with remediation
  5. Review and improve procedures

If You Discover Critical Vulnerabilities

  1. Don't exploit the vulnerability
  2. Document findings securely
  3. Report through proper channels
  4. Follow responsible disclosure timeline
  5. Assist with remediation if requested

See Also