If you discover a security vulnerability in the ENNA website or its infrastructure, please report it responsibly.
Do not open a public issue for security vulnerabilities.
Instead, email security@en-na.com with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
You will receive a response within 48 hours acknowledging the report. We will work with you to understand and address the issue before any public disclosure.
The following are in scope:
- The ENNA website (en-na.com)
- The ENNA GitHub repository and build pipeline
- Any API endpoints or serverless functions
The following are out of scope:
- Third-party tools listed in the directory (report those to their maintainers)
- Third-party services (Vercel, GitHub, Amazon)
- Social engineering attacks against maintainers
ENNA is a directory that indexes security tools. Some of these tools are offensive in nature. Listing a tool does not constitute an endorsement of illegal activity. If you believe a tool listing contains inaccurate or misleading information, open a regular issue.
Only the latest deployed version of ENNA is supported. There are no versioned releases.