Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content of repository possibly breaks new github community guidelines #1

Open
Dantali0n opened this issue Oct 20, 2016 · 2 comments
Open

Content of repository possibly breaks new github community guidelines #1

Dantali0n opened this issue Oct 20, 2016 · 2 comments

Comments

@Dantali0n
Copy link

Dantali0n commented Oct 20, 2016
edited
Loading

According to the new in development github community guidelines links to active malware or exploits are not allowed. A exception is made for source code as it serves a education value.

However the files inside this repository are not source code and are direct malicious executable's hence the do not comply with github there new rules (sadly).

Quote from guidelines:
Active malware or exploits - Being part of a community includes not taking advantage of other members of the community. We do not allow anyone to use our platform for exploit delivery, such as hosting malicious executables, or as attack infrastructure, for example by organizing denial of service attacks or managing command and control servers. Note, however, that we do not prohibit the posting of source code which could be used to develop malware or exploits, as the publication and distribution of such source code has educational value and provides a net benefit to the security community.

the new community guidelines are however still up for debate so I recommend raising our voice now while we still can. you can do so here: https://github.com/contact/community-guidelines

For a complete list of the new community guidelines see: https://help.github.com/articles/github-community-guidelines/#what-is-not-allowed
@vanhauser-thc
Copy link

The code here is not "active".

(Their definitiion being "exploit delivery, such as hosting malicious executables, or as attack infrastructure").

If this repository would be not according to the guideline, then metasploit and others would be neither.

Rather it could be a copyright issue, as the code might be from the NSA. However as the NSA has not officially said this code is theirs, this is also not the case (for now).

@Dantali0n
Copy link
Author

Dantali0n commented Oct 21, 2016
edited
Loading

These guidelines are proposed and not in effect as of right now, thus what is currently allowed is relevant but could change in the near future.
Quote:

GitHub's community guidelines are currently proposed. These guidelines are first and foremost community guidelines and we'd like your feedback on them before they're finalized. Please let us know your thoughts prior to November 20th, 2016.

They make very clear in the current guidelines that the only exception is source code with a educational value. The executables in for example this folder are native Windows executables not source code.

The executables in this repository are very much active as the can be downloaded with a simple link and directly executed, If you do not see that as 'active' then what is?

Metasploit on the other hand contains images, scripts and DLL's or other library files as payloads and they could be in murky water as well. But at least there windows exploits are inside a DLL instead of a directly executable file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Dantali0n @vanhauser-thc