RustShield Auditor is intended for authorized defensive assessment, lab validation and evidence preparation.
Do not use it against networks, drones, robotic systems, PLCs or industrial equipment without explicit authorization and a defined safety scope.
PCAP files and evidence packs can contain:
- IP addresses, ports and hostnames.
- Protocol identifiers and device roles.
- Operational behavior.
- Payload fragments.
- Customer, lab or site metadata.
Review and sanitize captures before sharing them.
For security issues, open a private advisory or contact the maintainers through the GitHub organization. Do not publish exploit details or sensitive captures in public issues.
- MAVLink signing is observed, not cryptographically validated.
- Modbus physical semantics require external process context.
- PCAP parsing is intentionally conservative and does not provide full TCP stream reassembly.
- The auditor is not an inline protection gateway and does not enforce policy.