Terms of Service

These Terms of Service ("Terms") govern your access to and use of threatengine.sh and any associated APIs, features, or content (collectively, "the Service"). By accessing or using the Service you agree to these Terms. If you do not agree, do not use the Service.

1. What threatengine.sh is

threatengine.sh is a free, open-source threat intelligence platform that aggregates and cross-links publicly available security data. CVEs, ATT&CK techniques, threat actors, tools, IOCs, detection rules, and compliance frameworks. for use by security professionals, researchers, and students.

The Service is provided as-is, free of charge, for informational and research purposes. It is not a substitute for professional security advice, incident response services, or commercial threat intelligence products.

2. Eligibility

You must be at least 16 years old to create an account. By creating an account you represent that you meet this requirement. The Service is intended for security professionals, researchers, students, and technically literate individuals. It is not intended for consumers who may be harmed by misinterpreting threat intelligence data.

3. Your account

Accounts are created via Google or GitHub OAuth. You are responsible for maintaining the security of your OAuth credentials and for all activity that occurs under your account. Notify us immediately at security@threatengine.sh if you suspect unauthorised access.

We reserve the right to suspend or terminate accounts that violate these Terms, without notice, at our discretion.

4. Acceptable use

• No automated scraping or bulk downloading. Do not use bots, scrapers, crawlers, or scripts to systematically extract data from the Service at a rate or volume that exceeds normal human browsing. The Service has rate limits; attempting to circumvent them is prohibited.
• No commercial resale. Do not resell, sublicense, or monetise the data or outputs from the Service without explicit written permission. The Service is free and must remain accessible to the community. do not build a paid product directly on top of it.
• No use to facilitate illegal activity. Do not use threat intelligence data obtained from the Service to plan, assist, or carry out any attack, intrusion, data theft, fraud, extortion, harassment, or other illegal activity against any person, organisation, or infrastructure.
• No misrepresentation of data. Do not present data from the Service as your own proprietary intelligence, falsify attributions, or mislead others about the source or accuracy of the data.
• No abuse of the infrastructure. Do not attempt to hack, probe, or destabilise the Service's servers, databases, APIs, or authentication systems. Do not attempt to access data that is not intended to be publicly accessible.
• No harmful or malicious use. Do not use the Service to identify targets for harassment, stalking, doxxing, or any other harmful purpose directed at individuals or groups.
• No impersonation. Do not impersonate any person, organisation, or the threatengine.sh team in any communication or on any platform.
• Compliance with export laws. Threat intelligence data may be subject to export control laws. You are responsible for compliance with applicable export regulations in your jurisdiction.

5. Acceptable use for security research

The Service is designed for legitimate security research and defensive use. Using CVE data to understand vulnerabilities in systems you own or are authorised to test is explicitly permitted and encouraged. Using the data to understand attacker TTPs for defensive purposes is the core use case.

We support the security research community and do not restrict use by good-faith security researchers, academics, red teams operating within authorised engagements, or students learning about cybersecurity.

6. Data and content you submit

Any notes, project names, or other content you add to your account remain yours. By storing content on the Service you grant us a limited licence to store and display it back to you. We do not use your saved content for any other purpose.

Do not store classified, secret, or highly sensitive data in your projects or notes. The Service is not designed or accredited as a secure store for sensitive intelligence material.

7. Intellectual property

The underlying threat intelligence data comes from public sources including NVD, MITRE ATT&CK, CISA KEV, Sigma, YARA rules, and others, each subject to their own licences (see /credits). We do not claim ownership of this data.

The threatengine.sh software, interface design, and original content are released as open source. The name "threatengine.sh" and associated branding are not licensed for use in competing or derivative commercial products without permission.

8. Disclaimers

No warranty. The Service is provided "as is" and "as available" without any warranties, express or implied, including but not limited to fitness for a particular purpose, accuracy, or non-infringement.

Data accuracy. Threat intelligence data is aggregated from public sources and may contain errors, outdated information, or gaps. Do not rely solely on this data for critical security decisions without independent verification.

No professional advice. Nothing on this Service constitutes legal, compliance, or professional security advice. Consult qualified professionals for your specific situation.

9. Limitation of liability

To the maximum extent permitted by applicable law, the operators of threatengine.sh shall not be liable for any direct, indirect, incidental, special, consequential, or exemplary damages arising from your use of or inability to use the Service, even if advised of the possibility of such damages. This includes damages arising from data inaccuracies, service interruptions, or security incidents.

Our total aggregate liability to you for any claim arising from these Terms or your use of the Service shall not exceed the amount you paid us in the twelve months preceding the claim. which, since the Service is free, is zero.

10. Indemnification

You agree to indemnify and hold harmless the operators of threatengine.sh from any claims, damages, losses, and expenses (including reasonable legal fees) arising from your use of the Service in violation of these Terms, your violation of any law, or your infringement of any third-party right.

11. Service availability and changes

We provide the Service on a best-effort basis. We reserve the right to modify, suspend, or discontinue any part of the Service at any time without notice. We also reserve the right to update these Terms. Material changes will be posted on the site. Continued use after changes constitutes acceptance.

12. Governing law

These Terms are governed by and construed in accordance with applicable law. Any disputes shall be resolved in the jurisdiction of the service operator. Nothing in these Terms limits rights you may have under applicable consumer protection or data protection laws.

13. Contact