Terms of Service

These Terms of Service ("Terms") govern your access to and use of Defenty Scanner ("Defenty", "we", "our", "the Service"), an automated security scanning platform operated by Defenty. By using the Service you agree to be bound by these Terms. If you do not agree, do not use the Service.

Defenty is an automated security scanning platform for web domains and internet-facing infrastructure. It orchestrates a pipeline of open-source security tools and proprietary verification checks to identify misconfigurations, exposed credentials, vulnerable software versions, open network ports, and other security weaknesses. Results are delivered as a structured report via the web-based dashboard and by email.

Depending on the plan selected, the scanning pipeline may include the following modules and tools:

• Stack Fingerprinting — technology, hosting, CDN, and WAF detection via whatweb, curl, and wafw00f;
• SSL/TLS Audit — certificate validity, issuer, TLS version support, and known protocol vulnerabilities (Heartbleed, POODLE, BEAST, ROBOT, and others) via testssl;
• Subdomain Reconnaissance — passive enumeration and active probing via subfinder, httpx, and dnsx;
• Endpoint Discovery — path probing and web crawling via katana, gau, ffuf, and kiterunner;
• Vulnerability Detection — CVE and misconfiguration scanning via Nuclei (3,800+ templates, critical through informational severity);
• Secrets in JavaScript — detection of API keys, tokens, and credentials embedded in client-side JavaScript files via SecretFinder and custom patterns;
• Infrastructure Security — network port scanning and service fingerprinting via naabu and nmap; OSINT collection via theHarvester;
• Web Application Checks — XSS probing via dalfox; login security, rate limiting, CAPTCHA, cookie flags, CSP quality, SRI checks, CORS misconfiguration, database exposure probes, dependency vulnerability cross-referencing, and environment/backup file exposure;
• Historic Exposures — Wayback Machine URL probing for confirmed data leaks (DeepRecon only);
• Email Security — DNS-level verification of SPF, DMARC, and DKIM records to detect email spoofing exposure and misconfigured mail policies;
• Attack Map / Topology Visualisation — interactive graph of the target's discovered assets, services, and associated findings (paid plans only);
• AI-Generated Report — executive summary, technical analysis, business impact, and prioritised action plan generated by a large language model based on scan findings; AI Attack Scenario narrative (DeepRecon only).

The Service is intended for security professionals, developers, and organisations conducting security assessments of systems they own or are explicitly authorised to test.

You may use Defenty only to scan:

• Domains and systems you own or directly control;
• Domains and systems for which you hold a written authorization from the responsible party (e.g., a signed penetration testing agreement, a bug bounty program scope confirmation, or a client contract that explicitly covers security testing);
• Domains and systems covered by a formal engagement such as a bug bounty program where the target domain is listed as in-scope.

Scanning a domain does not require creating an account. By submitting a domain for scanning you represent and warrant that you have the legal right to initiate a security scan against that domain.

You must not use Defenty to:

• Scan any domain, host, IP address, or network that you do not own or are not explicitly authorized to test;
• Conduct reconnaissance, enumeration, or security testing against government, financial, healthcare, or critical infrastructure systems without a formal and documented authorization;
• Use scan results to facilitate unauthorized access, extortion, blackmail, or any other illegal activity;
• Attempt to circumvent rate limits, access controls, or any other technical measure implemented by Defenty;
• Resell, sublicense, or redistribute the Service or scan results without our prior written consent;
• Use automated scripts or bots to submit scan requests at a scale that degrades service quality for other users.

All scan requests are logged with the following data: originating IP address (IPv4 and IPv6 where available), precise timestamp, target domain, geolocation data, ISP, and a unique scan identifier. These records are retained for a minimum of 12 months.

Defenty cooperates fully with law enforcement agencies — including the Brazilian Federal Police (Polícia Federal), the National Data Protection Authority (ANPD), Interpol, the FBI, and equivalent international agencies — in response to lawful requests such as court orders or ongoing criminal investigations.

You are solely and entirely responsible for every scan initiated from your session. The Service is a tool; it does not constitute authorization to perform security testing. Defenty bears no responsibility for direct, indirect, incidental, or consequential damages arising from unauthorized or improper use of the Service.

Unauthorized access to computer systems is a criminal offence. Depending on jurisdiction, penalties include:

• Brazil: Lei 12.737/2012 (Lei Carolina Dieckmann) — detention of 3 months to 1 year, plus fines; penalties increased by one to two thirds if data is obtained or service is interrupted.
• United States: Computer Fraud and Abuse Act (CFAA) — fines and imprisonment of up to 10 years for first offence, up to 20 years for repeat offences.
• European Union: Directive 2013/40/EU — member states impose penalties of at least 2 years imprisonment for illegal system access.

The scan results produced by Defenty are informational in nature. They do not constitute a certified professional security audit, penetration test, or compliance assessment. Defenty makes no warranties, express or implied, regarding the completeness, accuracy, or fitness for a particular purpose of the scan results.

Defenty is not liable for any security incidents, breaches, or damages arising from vulnerabilities that were not detected by the Service, whether due to scan scope limitations, tool coverage gaps, or infrastructure changes after the scan was completed.

To the maximum extent permitted by applicable law, Defenty's total liability for any claim arising out of or relating to the Service shall not exceed the amount you paid for the specific scan in question.

The Defenty platform, including its source code, algorithms, templates, reports, design, and branding, is protected by applicable intellectual property laws. No licence is granted to copy, modify, distribute, or create derivative works based on the Service without our prior written consent.

Open-source tools used by Defenty (such as Nuclei, Subfinder, Nmap, and others) remain under their respective open-source licences. Defenty's proprietary orchestration layer, custom templates, and reporting engine are not open source.

All payments for Defenty plans are single-use and non-recurring. There are no subscriptions. Once a paid scan has been initiated, the payment is non-refundable, as the scanning infrastructure and tool runtime are allocated immediately upon payment confirmation.

If a technical failure on our side prevents a paid scan from completing, we will issue a full refund or credit at our discretion. To request a refund due to a platform failure, contact us at billing@defenty.com within 7 days of the scan date.

We may update these Terms from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the Service after changes are posted constitutes acceptance of the revised Terms.

These Terms are governed by the laws of the Federative Republic of Brazil, including the Marco Civil da Internet (Law 12.965/2014) and the Lei Geral de Proteção de Dados — LGPD (Law 13.709/2018), without regard to conflict of law principles.

Any disputes arising out of or relating to these Terms shall be submitted to the exclusive jurisdiction of the courts of the Comarca de São Paulo, State of São Paulo, Brazil, without prejudice to mandatory consumer protection remedies available under applicable local law.

Use the appropriate contact below depending on your inquiry:

• General / legal inquiries: contact@defenty.com
• Report abuse, unauthorised use, or Terms violations: report@defenty.com
• Billing and payment questions: billing@defenty.com

São Paulo, Brazil