I have a question, I am trying to make a phishing attack to my own company. And i wanted to know if this is agains the terms of use??. I read them and i think i can but just to be sure.
I own the real domain and the domain i am using for the phishing attack, and i have full permisión. So i think i can do it without violating anything.
Remember that the phishing attack it is going to be against our own company and we are not going to use it for anything else
There's some previous discussion on this topic here:
The subscriber agreement has been updated since that time, but I think the core issues for this kind of case are the same: The agreement says that you warrant that the information in your certificate is "not misleading" and that you can only use it "solely in compliance with all applicable laws", which can all be kind of vague and probably intentionally so. Let's Encrypt generally tries to stay out of the role of being "the Internet police", but they reserve the right to revoke the certificate and say you're violating their agreement (or refuse to issue you a cert even if it would otherwise be in accordance with their agreement).
I doubt you're going to get someone from Let's Encrypt here to explicitly say, "Yes, please use our services for 'bad' domain names," just because that can lead to bad optics, but in practice I suspect if you legitimately own the domain name that you're using for your testing that they wouldn't do anything to stop you. But I'm just a random guy on the Internet.
3 Likes
Thank you very much, and i appreciate your response