We take the security of ExploitLab seriously. Currently, only the following versions are actively supported with security updates. We strongly recommend keeping your installation up to date to ensure the highest level of security and stability.

As an exploitation and analysis framework, ExploitLab interacts with systems at a low level. If you discover a security vulnerability within the core components of ExploitLab itself, we kindly request that you practice responsible disclosure. Please do not report security vulnerabilities through public GitHub issues.

To report a vulnerability, please follow these steps:

1. Send an email detailing the vulnerability to: aratmakefehan@gmail.com
2. Include a comprehensive description of the issue, clear steps to reproduce it, the environment details, and any relevant proof-of-concept (PoC) code.
3. Our security team will acknowledge the receipt of your report within 48 hours.
4. We will investigate the issue and work diligently to provide a patch. We respectfully request that you maintain confidentiality until an official update is released.

Contributors who responsibly disclose confirmed and significant vulnerabilities will be formally acknowledged in our documentation, subject to their prior consent.

Given the intended use cases of ExploitLab, the following scenarios are generally considered out of scope for security vulnerability reports:

• Security issues resulting from the execution of user-authored payloads, custom shellcode, or intentional misconfiguration of the framework.
• Vulnerabilities within external dependencies, unless they introduce a critical and direct vector against the ExploitLab framework itself.
• Vulnerabilities that strictly require physical access or pre-existing elevated privileges (e.g., root/Administrator access) on the host system.