End User License Agreement

1. Grant of License

1.1 License Types

Netra Security grants you a limited, non-exclusive, non-transferable license to use the ServerTools binary software ("Software") according to the tier specified in your License Key:

• Free Trial: Unlimited use. All 90 scanners available. Output limited to 3 findings per scan. No License Key required. No time limit.
• Single Tool ($29): Full output for 1 designated scanner. 1 machine. 1 year validity.
• Category Bundle ($49–$149): Full output for all scanners in 1 designated category. Up to 3 machines. 1 year validity.
• All Scanners ($199): Full output for all 90 scanners. Up to 5 machines. 1 year validity.
• Professional ($349): All Scanners + scheduling + audit logging. Up to 10 machines. 1 year validity.
• Enterprise ($599): Professional + CERT-In compliance + dashboard + PDF/Excel export. Unlimited machines within your organization. 1 year validity.

1.2 Machine Limits

A "machine" is defined as a unique combination of operating system installation and hardware. Virtual machines, containers, and cloud instances each count as separate machines. You may move your license between machines by deactivating it on one machine before activating on another.

1.3 Organizational Use

For Single Tool, Category Bundle, All Scanners, and Professional tiers, the license is issued to an individual. For Enterprise tier, the license is issued to an organization and may be used by any employee or contractor of that organization.

2. License Key Mechanics

2.1 Key Format

License Keys are Ed25519-signed tokens in the format SRVT-xxxx-xxxx-xxxx-.... Each key contains a cryptographically signed payload specifying: the licensee identity, tier, permitted modules, enabled features, issue date, and expiration date.

2.2 Offline Validation

License validation is performed entirely offline. The Software contains an embedded Ed25519 public key that verifies the signature on your License Key. No internet connection is required for license validation. The Software never contacts our servers during normal operation.

2.3 Key Storage

When activated, your License Key is stored locally at:

• Linux/macOS: ~/.servertools/license.key
• Windows: %USERPROFILE%\.servertools\license.key

You are responsible for protecting your License Key file. Anyone with access to this file can use your license on their machine (subject to machine limits).

2.4 Key Revocation

Because license validation is offline, revocation works by: (a) adding the key to a revocation list distributed with future Software updates, or (b) the key naturally expiring on its embedded expiration date. We reserve the right to revoke keys for Terms violations.

3. Permitted Use

3.1 Authorized Security Testing

You may use the Software to:

• Audit systems, networks, databases, and applications that you own.
• Perform authorized penetration testing under a signed scope of work or rules of engagement.
• Conduct internal security assessments for your organization.
• Generate compliance evidence and audit reports for authorized targets.
• Integrate scan results with the Netra Security platform (if applicable).

3.2 Educational Use

The Software may be used for educational purposes in controlled lab environments (virtual machines, isolated networks, CTF challenges) without restriction.

4. Restrictions

4.1 Software Integrity

You must NOT:

• Reverse-engineer, decompile, or disassemble the Software binary.
• Modify, patch, or create derivative works based on the Software.
• Remove or circumvent the license validation mechanism, trial limitations, or any technical protection measures.
• Extract or reconstruct the Ed25519 private signing key or forge License Keys.
• Distribute modified versions of the Software.

4.2 Distribution

You must NOT:

• Redistribute the Software binary (even in unmodified form) without written permission.
• Share, post, upload, or make your License Key publicly available.
• Include the Software in another product or service offering.
• Use the Software to provide scanning-as-a-service to third parties without an Enterprise license.

4.3 Competitive Use

You must NOT:

• Use the Software to develop a competing security scanning product.
• Benchmark the Software for publication without our written consent.
• Use the Software's scanner logic, vulnerability checks, or report templates as a basis for competing tools.

5. Scanner Categories and Features

5.1 Current Scanner Inventory (v1.0)

The Software includes 90 scanners across 14 categories:

• Database Security (16): MySQL, PostgreSQL, MSSQL, MongoDB, Redis, Elasticsearch, CouchDB, Cassandra, Neo4j, InfluxDB, MariaDB, Oracle, SQLite, DynamoDB, Memcached, ClickHouse
• Web & App Servers (10): Apache, Nginx, Tomcat, IIS, HAProxy, Caddy, Lighttpd, Traefik, Envoy, Express
• Message Queues (4): RabbitMQ, Kafka, ActiveMQ, MQTT brokers
• Infrastructure & DevOps (11): Docker, Kubernetes, Jenkins, Grafana, Prometheus, Vault, Consul, Terraform, Ansible, GitLab CI, Zookeeper
• Network Protocols (12): DNS, SMTP, SNMP, NTP, BGP, DHCP, HTTP/2, SIP, RTSP, LDAP, Kerberos, Radius
• Directory & Auth (3): Active Directory, OpenLDAP, FreeIPA
• Cloud & Storage (4): AWS S3, MinIO, Ceph, Swift
• Remote Access (7): SSH, RDP, VNC, Telnet, WinRM, PPTP/L2TP, IKE/IPSec
• ICS/SCADA/OT (6): Modbus, DNP3, OPC-UA, BACnet, IPMI, EtherNet/IP
• File Sharing (5): FTP, NFS, SMB/CIFS, Rsync, WebDAV
• Communications (3): XMPP, Matrix, IRC
• Network Discovery (2): Port scanner, Service fingerprinting
• IoT & Hardware (3): UPnP, ZigBee, BLE
• Security & Certificates (4): TLS/SSL, OCSP, Certificate transparency, PKI

5.2 Feature Matrix by Tier

• scanning: Run scans (all tiers)
• full_results: Complete finding output without 3-finding limit (all paid tiers)
• scheduling: Cron-based recurring scans (Professional, Enterprise)
• audit_log: Tamper-evident JSON Lines audit trail (Professional, Enterprise)
• cert_in_compliance: CERT-In reporting format (Enterprise only)
• dashboard: Local web dashboard at localhost:9090 (Enterprise only)
• pdf_export: PDF report generation (Enterprise only)
• excel_export: Excel/CSV export with pivot tables (Enterprise only)

6. Output Formats

The Software generates scan results in the following formats:

• .netra — Native JSON format (v1.0 specification)
• .json — Standard JSON
• .csv — Comma-separated values
• .txt — Plain text
• .md — Markdown
• .html — Standalone HTML with dark theme
• .pdf — PDF report (Enterprise only)
• .xlsx — Excel workbook (Enterprise only)

All scan output is owned by you. We claim no rights to your scan results.

7. Updates and Support

7.1 Software Updates

During your license period, you are entitled to download updated versions of the Software. Updates may include new scanners, bug fixes, and feature improvements. We are not obligated to provide any specific update cadence.

7.2 Support

• Free Trial: Community support only (documentation, GitHub issues).
• Single Tool / Category Bundle: Email support, 72-hour response time.
• All Scanners: Email support, 48-hour response time.
• Professional: Priority email support, 24-hour response time.
• Enterprise: Dedicated support channel, 4-hour response time during business hours (IST).

7.3 End of Life

If we discontinue the Software, we will: (a) provide at least 6 months advance notice, (b) offer pro-rated refunds for unexpired Enterprise licenses, and (c) release the final version for continued offline use (existing License Keys will continue to work until their embedded expiration date).

8. Disclaimer of Warranties

THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. NETRA SECURITY DISCLAIMS ALL WARRANTIES INCLUDING, WITHOUT LIMITATION:

• MERCHANTABILITY and FITNESS FOR A PARTICULAR PURPOSE.
• That the Software will detect all vulnerabilities or security issues.
• That scan results will be free of false positives or false negatives.
• That the Software will operate error-free or uninterrupted.
• That the Software will be compatible with all target systems or configurations.

9. Limitation of Liability

IN NO EVENT SHALL NETRA SECURITY BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING FROM THE USE OF OR INABILITY TO USE THE SOFTWARE, INCLUDING BUT NOT LIMITED TO:

• Damage to systems caused by scanning (service disruption, data loss, etc.).
• Undetected vulnerabilities that are later exploited.
• Regulatory penalties resulting from reliance on scan results.
• Loss of business, revenue, or data.

TOTAL LIABILITY SHALL NOT EXCEED THE LICENSE FEE PAID IN THE 12 MONTHS PRECEDING THE CLAIM.

10. Export Compliance

The Software contains cryptographic components (Ed25519) and security scanning capabilities. You are responsible for complying with all applicable export control laws and regulations, including:

• Wassenaar Arrangement — Intrusion software controls (Category 4).
• US Export Administration Regulations (EAR) — if accessing from or transiting through the US.
• EU Dual-Use Regulation — if located in the EU.
• Indian SCOMET list — Special Chemicals, Organisms, Materials, Equipment and Technologies.

You represent that you are not located in a sanctioned country and are not on any denied party list.

11. Termination

This EULA is effective until terminated. It terminates automatically when your License Key expires. We may terminate it immediately if you breach any term. Upon termination:

• You must stop using the Software (or continue in trial mode only).
• You must delete the License Key file from all machines.
• Sections 4, 8, 9, 10, and 12 survive termination.

12. Governing Law

This EULA is governed by the laws of India. Disputes shall be resolved through binding arbitration in Mumbai, India. You irrevocably consent to this jurisdiction.

13. Entire Agreement

This EULA, together with the Terms of Service, Privacy Policy, and Refund Policy available on our website, constitutes the complete agreement between you and Netra Security regarding the Software. It supersedes all prior agreements, representations, and understandings.

14. Contact

• Email: legal@netra.tools
• Support: support@netra.tools
• Entity: Netra Security