Code of Conduct

The following files were used as context for generating this wiki page:

• .github/ISSUE_TEMPLATE/-question-or-discussion.md
• .github/ISSUE_TEMPLATE/bug_report.md
• .github/ISSUE_TEMPLATE/feature_request.md
• .github/workflows/ghcr-publish.yml
• README.md

Purpose and Scope

This document establishes behavioral standards and community expectations for all participants in the WSHawk project, including contributors, maintainers, issue reporters, and users. These standards apply to all project spaces including GitHub repositories, issue trackers, pull requests, discussions, and any communication channels affiliated with WSHawk.

For information about security vulnerability disclosure related to WSHawk itself, see Security Policy and Vulnerability Disclosure. For contribution procedures and technical requirements, see Contributing Guidelines. For issue submission procedures, see Issue Reporting and Templates.

Sources: README.md:269-297

---

Community Standards

WSHawk is a professional security tool designed for authorized penetration testing, bug bounty research, and educational purposes. All community members are expected to uphold professional security research ethics and legal compliance.

Ethical Security Research

All users and contributors must adhere to responsible security research practices:

| Standard | Requirement | |----------|-------------| | Authorization | Obtain explicit permission before scanning any system (README.md:269-275) | | Disclosure | Follow coordinated vulnerability disclosure practices | | Legality | Comply with all applicable laws and regulations | | Scope | Respect authorized testing boundaries and limitations |

graph TB
    User["Community Member"]
    
    subgraph "Authorized Use Cases"
        Auth["Authorized Penetration Testing"]
        Bounty["Bug Bounty Programs"]
        Research["Security Research"]
        Education["Educational Purposes"]
    end
    
    subgraph "Required Practices"
        Permission["Explicit Permission<br/>from System Owner"]
        Disclosure["Responsible Disclosure"]
        Legal["Legal Compliance"]
        Respect["Professional Conduct"]
    end
    
    subgraph "Project Interactions"
        Issues["GitHub Issues"]
        PRs["Pull Requests"]
        Discussions["Discussions"]
        Code["Code Contributions"]
    end
    
    User --> Auth
    User --> Bounty
    User --> Research
    User --> Education
    
    Auth --> Permission
    Bounty --> Disclosure
    Research --> Legal
    Education --> Respect
    
    User --> Issues
    User --> PRs
    User --> Discussions
    User --> Code
    
    Issues --> Standards["Community Standards"]
    PRs --> Standards
    Discussions --> Standards
    Code --> Standards

Sources: README.md:267-276

---

Expected Behaviors

Professional Interaction

Community members are expected to demonstrate:

| Behavior | Description | |----------|-------------| | Respectful Communication | Use welcoming, inclusive language in all project interactions | | Constructive Feedback | Provide actionable, respectful critique in code reviews and discussions | | Professional Tone | Maintain technical professionalism in bug reports, feature requests, and questions | | Collaborative Spirit | Focus on what is best for the community and the security ecosystem |

Technical Contribution Standards

Contributors must follow established technical standards:

graph LR
    Contributor["Contributor"]
    
    subgraph "Issue Templates"
        BugReport[".github/ISSUE_TEMPLATE/bug_report.md"]
        FeatureRequest[".github/ISSUE_TEMPLATE/feature_request.md"]
        Question[".github/ISSUE_TEMPLATE/-question-or-discussion.md"]
    end
    
    subgraph "Contribution Workflow"
        IssueCreation["Issue Creation"]
        PullRequest["Pull Request"]
        CodeReview["Code Review"]
        Merge["Merge"]
    end
    
    subgraph "Quality Standards"
        Complete["Complete Information"]
        Reproducible["Reproducible Steps"]
        Context["Adequate Context"]
        Testing["Testing Evidence"]
    end
    
    Contributor --> BugReport
    Contributor --> FeatureRequest
    Contributor --> Question
    
    BugReport --> IssueCreation
    FeatureRequest --> IssueCreation
    Question --> IssueCreation
    
    IssueCreation --> Complete
    PullRequest --> Reproducible
    CodeReview --> Context
    Merge --> Testing
    
    IssueCreation --> PullRequest
    PullRequest --> CodeReview
    CodeReview --> Merge

Issue Template Compliance

When reporting bugs, contributors must provide complete information as specified in .github/ISSUE_TEMPLATE/bug_report.md:

| Required Field | Purpose | |----------------|---------| | version | WSHawk version identifier (.github/ISSUE_TEMPLATE/bug_report.md:19-25) | | description | Clear bug description (.github/ISSUE_TEMPLATE/bug_report.md:28-34) | | steps | Reproducible steps (.github/ISSUE_TEMPLATE/bug_report.md:38-45) | | expected | Expected behavior (.github/ISSUE_TEMPLATE/bug_report.md:49-54) | | actual | Actual behavior (.github/ISSUE_TEMPLATE/bug_report.md:57-62) | | os | Operating system (.github/ISSUE_TEMPLATE/bug_report.md:71-81) |

Feature requests must follow .github/ISSUE_TEMPLATE/feature_request.md structure:

| Required Field | Purpose | |----------------|---------| | problem | Problem statement (.github/ISSUE_TEMPLATE/feature_request.md:19-25) | | solution | Proposed solution (.github/ISSUE_TEMPLATE/feature_request.md:28-34) | | contribution | Willingness to implement (.github/ISSUE_TEMPLATE/feature_request.md:49-54) |

Sources: .github/ISSUE_TEMPLATE/bug_report.md:1-88, .github/ISSUE_TEMPLATE/feature_request.md:1-55, .github/ISSUE_TEMPLATE/-question-or-discussion.md:1-37

---

Unacceptable Behaviors

The following behaviors are explicitly prohibited in all project spaces:

Security-Related Violations

graph TB
    subgraph "Prohibited Security Behaviors"
        Unauthorized["Unauthorized Scanning<br/>Testing without permission"]
        Malicious["Malicious Repackaging<br/>Distributing fake/malicious versions"]
        Weaponize["Weaponization<br/>Using for illegal activities"]
        Disclosure["Irresponsible Disclosure<br/>Public exploit release without coordination"]
    end
    
    subgraph "Consequences"
        BanProject["Project Ban"]
        BanCommunity["Community Blacklist"]
        LegalAction["Legal Action<br/>if applicable"]
        ReportAuthorities["Report to Authorities"]
    end
    
    subgraph "Referenced Policies"
        LegalDisclaimer["README.md:289-297<br/>Legal Disclaimer"]
        SecurityWarning["README.md:3-14<br/>Security Warning"]
        ResponsibleUse["README.md:267-276<br/>Responsible Disclosure"]
    end
    
    Unauthorized --> BanProject
    Malicious --> LegalAction
    Weaponize --> ReportAuthorities
    Disclosure --> BanCommunity
    
    LegalDisclaimer --> BanProject
    SecurityWarning --> LegalAction
    ResponsibleUse --> BanCommunity

Community Interaction Violations

| Violation | Description | |-----------|-------------| | Harassment | Offensive comments, personal attacks, trolling, or sustained disruption | | Discrimination | Discriminatory language or behavior based on personal characteristics | | Spam | Repeated unwanted promotion, off-topic content, or noise in issue tracker | | Privacy Violation | Publishing others' private information without permission | | Impersonation | Falsely claiming affiliation with project maintainers or contributors |

Malicious Distribution

As documented in README.md:3-14, the distribution of fake or malicious versions of WSHawk is a critical violation:

SECURITY WARNING: FAKE VERSIONS CIRCULATING

Fake versions of WSHawk are being distributed on third-party download sites and linked in social media posts (e.g., LinkedIn). These versions may contain MALWARE.

Official distribution channels only:

• GitHub: https://github.com/regaan/wshawk
• PyPI: pip install wshawk
• Docker Hub: docker pull rothackers/wshawk
• GHCR: ghcr.io/regaan/wshawk

Distribution of WSHawk through unauthorized channels constitutes malicious activity and will be reported to appropriate authorities.

Sources: README.md:3-14, README.md:289-297

---

Enforcement Procedures

Enforcement Workflow

graph TB
    Report["Code of Conduct<br/>Violation Report"]
    
    subgraph "Review Process"
        Receive["Maintainer Receives Report"]
        Assess["Assess Severity<br/>and Evidence"]
        Investigate["Investigation"]
        Decision["Enforcement Decision"]
    end
    
    subgraph "Severity Classification"
        Minor["Minor Violation<br/>Warning"]
        Moderate["Moderate Violation<br/>Temporary Ban"]
        Severe["Severe Violation<br/>Permanent Ban"]
        Critical["Critical Violation<br/>Legal Action"]
    end
    
    subgraph "Actions"
        Warning["Written Warning"]
        TempBan["Temporary Ban<br/>7-30 days"]
        PermBan["Permanent Ban<br/>from all project spaces"]
        Legal["Legal Action<br/>Law Enforcement Report"]
    end
    
    Report --> Receive
    Receive --> Assess
    Assess --> Investigate
    Investigate --> Decision
    
    Decision --> Minor
    Decision --> Moderate
    Decision --> Severe
    Decision --> Critical
    
    Minor --> Warning
    Moderate --> TempBan
    Severe --> PermBan
    Critical --> Legal

Enforcement Actions

| Severity | Action | Duration | Applies To | |----------|--------|----------|------------| | Warning | Private written warning with explanation | N/A | First-time minor violations | | Temporary Ban | Suspension from project spaces | 7-30 days | Repeated minor or moderate violations | | Permanent Ban | Removal from all project spaces | Permanent | Severe or repeated violations | | Legal Action | Report to authorities, DMCA takedowns | Varies | Malicious distribution, illegal activity |

Appeal Process

Individuals subject to enforcement actions may appeal by:

1. Contacting project maintainers at support@rothackers.com (README.md:304)
2. Providing context and evidence for reconsideration
3. Demonstrating understanding of violation and commitment to compliance

Appeals are reviewed within 14 days. Decisions on severe violations (permanent ban, legal action) are final.

Sources: README.md:299-305

---

Reporting Mechanisms

Reporting Violations

graph LR
    Witness["Witness of<br/>Code of Conduct Violation"]
    
    subgraph "Reporting Channels"
        Email["Email<br/>support@rothackers.com"]
        GHIssue["GitHub Issue<br/>Private Security Advisory"]
        Direct["Direct Contact<br/>Project Maintainer"]
    end
    
    subgraph "Report Contents"
        What["What happened"]
        When["When it occurred"]
        Where["Where in project spaces"]
        Who["Who was involved"]
        Evidence["Evidence<br/>screenshots, links, logs"]
    end
    
    subgraph "Maintainer Response"
        Ack["Acknowledgment<br/>within 48 hours"]
        Review["Review and Investigation"]
        Action["Enforcement Action"]
        Followup["Follow-up with Reporter"]
    end
    
    Witness --> Email
    Witness --> GHIssue
    Witness --> Direct
    
    Email --> What
    GHIssue --> When
    Direct --> Where
    
    What --> Ack
    When --> Ack
    Where --> Ack
    Who --> Ack
    Evidence --> Ack
    
    Ack --> Review
    Review --> Action
    Action --> Followup

Report Structure

When reporting Code of Conduct violations, include:

| Information | Description | |-------------|-------------| | Description | Clear description of the violation | | Location | Where in project spaces it occurred (issue number, PR, discussion) | | Participants | GitHub usernames of involved parties | | Timeline | When the violation occurred | | Evidence | Screenshots, links, or logs demonstrating the violation | | Impact | How the violation affected you or the community |

Confidentiality

All reports are handled with appropriate confidentiality:

• Reporter identity is protected unless disclosure is legally required
• Evidence is shared only with project maintainers on a need-to-know basis
• Public statements about enforcement actions do not identify reporters
• Private violations are addressed privately; public violations may require public response

Sources: README.md:299-305

---

Integration with Project Workflows

GitHub Actions Integration

Code of Conduct enforcement integrates with automated project workflows:

graph TB
    subgraph "GitHub Workflows"
        GHCRPublish[".github/workflows/ghcr-publish.yml"]
        DockerBuild["docker-build.yml"]
    end
    
    subgraph "Community Contributions"
        PR["Pull Request"]
        Issue["Issue Creation"]
        Discussion["Discussion Post"]
    end
    
    subgraph "Automated Checks"
        CLA["Contributor Agreement<br/>implicit via PR"]
        Format["Issue Template Validation"]
        Build["Build/Test Success"]
        Review["Code Review Requirements"]
    end
    
    subgraph "Maintainer Actions"
        Approve["Approve & Merge"]
        RequestChanges["Request Changes"]
        Close["Close with Explanation"]
        Ban["Ban User"]
    end
    
    PR --> CLA
    Issue --> Format
    PR --> Build
    
    CLA --> Review
    Format --> Review
    Build --> Review
    
    Review --> Approve
    Review --> RequestChanges
    Review --> Close
    Review --> Ban
    
    GHCRPublish --> Approve
    DockerBuild --> Approve

Distribution Channel Integrity

Official distribution channels are protected by Code of Conduct enforcement:

| Channel | Protection Mechanism | |---------|---------------------| | GitHub | Repository permissions, maintainer approval required for merges | | PyPI | Maintainer credentials only, 2FA required | | Docker Hub | Automated builds from official repository via .github/workflows/ghcr-publish.yml:1-50 | | GHCR | GitHub Actions with token authentication, branch protection |

Violations related to unauthorized distribution trigger critical severity enforcement including DMCA takedowns and law enforcement reports.

Sources: .github/workflows/ghcr-publish.yml:1-50, README.md:3-14

---

Legal Framework

Liability Disclaimer Integration

The Code of Conduct reinforces the legal disclaimer in README.md:289-297:

WSHawk is designed for security professionals, researchers, and developers for authorized testing only.

• Usage: You must have explicit permission from the system owner before scanning.
• Liability: The author (Regaan) is NOT responsible for any damage caused by the misuse of this tool.
• Malware: WSHawk is a security scanner, NOT malware. Any repackaged version found on third-party sites containing malicious code is NOT associated with this project.

By participating in the WSHawk community, members acknowledge:

1. They understand WSHawk is for authorized testing only
2. They will obtain explicit permission before scanning any system
3. They accept personal liability for misuse
4. They will not distribute modified or repackaged versions without authorization

Agreement Mechanism

graph LR
    Action["Community Action"]
    
    subgraph "Implicit Agreement Points"
        CreateIssue["Create GitHub Issue"]
        SubmitPR["Submit Pull Request"]
        UseCode["Clone/Install WSHawk"]
        Discuss["Participate in Discussions"]
    end
    
    subgraph "Agreement Scope"
        CoC["Code of Conduct"]
        Legal["Legal Disclaimer"]
        Ethics["Security Ethics"]
        Distribution["Distribution Rules"]
    end
    
    subgraph "Enforcement Authority"
        Maintainer["Project Maintainers"]
        GitHub["GitHub Terms of Service"]
        Law["Applicable Laws"]
    end
    
    Action --> CreateIssue
    Action --> SubmitPR
    Action --> UseCode
    Action --> Discuss
    
    CreateIssue --> CoC
    SubmitPR --> Legal
    UseCode --> Ethics
    Discuss --> Distribution
    
    CoC --> Maintainer
    Legal --> GitHub
    Ethics --> GitHub
    Distribution --> Law

Sources: README.md:289-297

---

Updates and Amendments

This Code of Conduct is a living document that may be updated to reflect:

• Changes in project scope or community size
• New security research ethical standards
• Legal or regulatory requirements
• Community feedback and incident learnings

Updates are announced via:

• GitHub repository notifications
• README.md updates
• Project documentation updates

Current Version: 3.0.0 (aligned with WSHawk v3.0.0 release)
Last Updated: 2024
Contact: support@rothackers.com

Sources: README.md:1-311, .github/ISSUE_TEMPLATE/bug_report.md:1-88, .github/ISSUE_TEMPLATE/feature_request.md:1-55