Before you start
Confirm all of the following before creating a task and running any tools.
- You own the target system, or you have a signed written authorization document from the system owner.
- The authorization covers the specific IP addresses, domains, and systems you intend to test.
- The authorization covers the testing methods you plan to use, including scanning, exploitation, credential testing, and any wireless tools.
- You are testing within the agreed time window, if one was specified.
- You know which systems are explicitly out of scope and will not touch them.
- You have an emergency contact at the client or system owner in case you cause unintended impact or hit something unexpected.
- You understand the relevant laws in your jurisdiction and the jurisdiction where the target systems operate.
Wireless tools require extra care. Tools like aircrack-ng, airodump-ng, and bettercap can capture traffic from networks you are not a party to. In many jurisdictions this triggers wiretap or interception laws regardless of whether you decrypt the traffic. Only use wireless tools on networks you own or are explicitly authorized to test.