Code of Conduct
GreenHat is a place for people who do security work—pentesters, bug-hunter types, CTF players, tool builders. The rules below are how we keep it usable. You can use a handle; real names aren't required. You still need to follow these standards, our Terms of Service, and Privacy Policy.
Stay on the Right Side of the Line
We're here for legal, authorized security work. That means: testing systems you're allowed to test, discussing vulns and mitigations in an educational way, sharing tools and techniques that don't cross into abuse. No unauthorized access, no credential stuffing, no dropping malware or building botnets. If you're doing bug bounty, stay in scope; if you're doing pentests, have a contract and permission. Gray-area “research” that hurts real users or systems isn't welcome.
Exploit code and PoCs are fine when the context is clearly educational and not aimed at enabling attacks. If in doubt, ask or don't post.
No Harassment, Doxxing, or Hate
Treat others like colleagues. Disagreement and technical debate are fine; personal attacks, slurs, threats, and doxxing are not. We don't tolerate harassment based on identity, and we don't allow content that promotes hate or violence. If someone tells you to back off, back off.
We run a server-side filter on discussions, replies, and DMs. Words that are offensive, sexually explicit, or that promote illegal activity get blocked—your message won't send if it contains them. Trying to work around the filter (e.g. leetspeak, spacing) is also against the rules. The point is to keep the space readable and safe for everyone; the exact list isn't public so people don't game it.
Share What You Know—Responsibly
The community is stronger when people share: write-ups, tool recommendations, career advice, how you solved a challenge. Teaching others and giving credit where it's due is encouraged. What we don't want is dump-and-run exploit code with no context, or step-by-steps that are clearly meant to help someone break into a system they don't own. If you're posting something that could be misused, add a short note on scope and authorization so it's clear you're not endorsing abuse.
Don’t Leak Credentials or PII
Don't post API keys, passwords, tokens, or real contact details that aren't yours. Don't paste logs or dumps that contain other people's data. Use strong, unique passwords for your GreenHat account and be wary of phishing—we won't email you asking for your password. If you see someone else leaking creds or PII, report it; we'll pull it and take action.
What Happens When Someone Breaks the Rules
We look at every report. Depending on severity we may warn, temporarily suspend, or permanently ban. Serious stuff—illegal activity, abuse, doxxing—usually means a ban with no second chance. We don't debate enforcement in public; if you think a decision was wrong you can email us and we'll review, but we’re not going to post a play-by-play.
To report a violation: email security@greenhat.com or use the Contact form and pick Security & Abuse. Include links or screenshots if you have them. We respond as fast as we can without sacrificing a proper check.