Bug bounties are requests for penetration testing against the AniNIX services.

#  Rules 
1.  Do not test against AniNIX production services without prior authorization. Instead, set up a replica using [ShadowArch](/AniNIX/ShadowArch) and any other AniNIX Foundation repository.
1.  Report bugs immediately to AniNIX staff via [AniNIX IRC](ircs://aninix.net:6697).
1.  Control the scope of your pentesting. Using root access to the host to conduct a Direct Memory Access attack on CryptoWorkbench, for example, is not an exploit in that project. Physical penetration is always outside scope.

#  Active Targets 
##  CryptoWorkbench 
The [CryptoWorkbench](/foundation/CryptoWorkbench) has a --blind option. This is intended to prevent data exfiltration and CLI access, despite being a CLI tool. Install ShadowArch, and use the CryptoWorkbench "make sshuser" command to set up the captive user. If you can use the captive user over SSH to gain a prompt or exfil data through the CryptoWorkbench, please announce it to the admins.