⚠ Critical Notice — Read Before Use
All Rot Hackers tools are offensive security instruments. They are capable of detecting and exploiting vulnerabilities in computer systems and networks. Use of these tools against systems without explicit written authorization from the system owner is illegal under the laws of India, the United States, the European Union, and virtually every jurisdiction worldwide. Violators may face criminal prosecution, civil liability, and imprisonment.
Rot Hackers, its founder Regaan, contributors, and affiliated parties expressly disclaim all liability for any harm, damage, legal penalty, criminal prosecution, civil liability, data loss, or any other consequence arising from:
You are solely and completely responsible for your actions when using any Rot Hackers tool. The provision of these tools does not constitute authorization, encouragement, or endorsement of illegal activities.
WSHawk — WebSocket Scanner
WSHawk is capable of sending thousands of attack payloads to WebSocket endpoints and triggering server-side vulnerabilities. Only run WSHawk against endpoints that you are explicitly authorized to test. DO NOT run WSHawk against production endpoints without written authorization.
Basilisk — AI/LLM Red Teaming Framework
Basilisk sends adversarial prompts to AI/LLM systems to test for prompt injection, system prompt extraction, guardrail bypass, and data exfiltration vulnerabilities. Only test AI systems you own or have explicit written authorization to test. Unauthorized use may violate computer fraud and AI-specific regulations.
ProtoCrash — Protocol Fuzzer
ProtoCrash is a mutation-based protocol fuzzer capable of causing crashes, service interruptions, and denial-of-service conditions in target systems. It must ONLY be used against isolated test environments or systems with explicit, written authorization. Running ProtoCrash against live production infrastructure without authorization is illegal and may constitute criminal damage.
PoCSmith — AI PoC Generator
PoCSmith generates working proof-of-concept exploit code for known CVEs. This code is provided for authorized security research, vulnerability verification, and educational demonstration only. Using PoCSmith-generated code to exploit systems you do not own or are not authorized to test is illegal. Rot Hackers is not responsible for any damage caused by misuse of generated exploit code.
SQL Tamper Framework — WAF Bypass
SQL Tamper Framework provides advanced WAF bypass techniques for use in authorized SQL injection testing via SQLMap. Using this tool to bypass security controls on systems you do not have authorization to test constitutes unauthorized access and is a criminal offence. This tool must only be used within authorized penetration testing engagements.
GraphQL Scanner — API Scanner
GraphQL Scanner probes GraphQL API endpoints with 100+ attack payloads including injection attacks and denial-of-service vectors. It must only be directed at GraphQL APIs you own or are explicitly authorized to test. Unauthorized scanning of GraphQL APIs is illegal under cybercrime legislation and may cause service disruption for real users.
Keikaku (計画) — Programming Language
Keikaku is a general-purpose interpreted programming language. While the language itself is neutral, you are responsible for ensuring that any scripts, programs, or automation you build with Keikaku comply with all applicable laws and are only deployed in authorized environments.
All Rot Hackers tools are provided "AS IS" without any warranty of any kind. We make no representations or warranties:
If you discover a security vulnerability using any Rot Hackers tool during an authorized engagement, you are expected to follow responsible disclosure practices:
If you discover a vulnerability in any Rot Hackers tool itself, please report it to security@rothackers.com before any public disclosure.
Unauthorized use of security tools may constitute offences under the following legislation (non-exhaustive list):
India
Information Technology Act, 2000 (Sections 43, 66, 66B, 66C, 66F)
India
Indian Penal Code — Sections 405, 420, 425, 463
USA
Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030
USA
Electronic Communications Privacy Act (ECPA)
EU
Directive on Attacks Against Information Systems (2013/40/EU)
UK
Computer Misuse Act 1990
All
Local cybercrime and data protection laws in your jurisdiction
Final Reminder
Ethical hacking is legal. Unauthorized hacking is a crime. The tools published by Rot Hackers are the same tools used by professional security engineers every day in legal, authorized engagements. Your use of them is your responsibility alone. Always get written authorization. Always stay within scope. Always act ethically.