Necrom4ncer is a social engineering framework designed for authorized security testing, awareness training, and educational purposes. Similar to Storm Breaker, this tool is intended for authorized security professionals conducting social engineering assessments on systems and organizations where explicit written authorization has been obtained.
Security updates and vulnerability patches are provided for the following versions:
| Version | Supported | Notes |
|---|---|---|
| Latest | ✅ | Active development |
| 1.x | ✅ | Stable release |
| < 1.0 | ❌ | No longer maintained |
If you discover a security vulnerability in Necrom4ncer:
- DO NOT open a public GitHub issue
- DO NOT post vulnerability details on social media or public forums
- Email privately to: anonymous.matrixtm26.dev@gmail.com
Please provide:
- Detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact and severity assessment
- Your contact information (name, email, organization if applicable)
- Any proof-of-concept code (if available)
- Initial Response: Within 48 hours of report submission
- Vulnerability Assessment: Within 5 business days
- Fix Development: Varies based on severity (1-4 weeks typically)
- Public Disclosure: Coordinated with reporter, typically 90 days after fix release
Necrom4ncer follows responsible disclosure practices:
- Report vulnerabilities privately before any public disclosure
- Allow reasonable time for the development team to create a fix
- Coordinate timing for public disclosure with project maintainers
- Avoid unnecessary details in public disclosures that could aid malicious actors
- Credit will be given to researchers who follow responsible disclosure
- We will acknowledge all security reports promptly
- We will provide transparency on the vulnerability and fix status
- We will credit responsible reporters (with their permission)
- We will issue security advisories and updates in a timely manner
- We will not take legal action against security researchers operating in good faith
This project is designed and intended for:
-
Authorized Social Engineering Testing
- Conducting social engineering assessments for organizations you work for
- Testing with explicit written authorization from the organization
- Professional security assessments and red team exercises under contract
-
Security Research
- Academic and institutional security research
- Social engineering vulnerability analysis in controlled environments
- Defense mechanism development and testing
-
Educational & Awareness Purposes
- Training employees on social engineering risks
- Security awareness programs
- Learning about social engineering techniques for defensive purposes
- Training authorized security professionals
- Simulated phishing for authorized security awareness training
This project is NOT intended for and MUST NOT be used for:
-
Unauthorized Social Engineering
- Conducting social engineering attacks without explicit written authorization
- Targeting individuals or organizations without permission
- Collecting personal information without authorization
-
Malicious Activities
- Identity theft or fraud
- Credential harvesting for unauthorized access
- Unauthorized data collection or surveillance
- Scams or fraudulent schemes
-
Illegal Activities
- Any activities that violate local, national, or international laws
- Wire fraud or computer fraud
- Unauthorized access facilitation
- Interference with communications systems
Necrom4ncer is provided "as is" without warranty of any kind, either expressed or implied.
The authors and maintainers of Necrom4ncer are NOT responsible for:
- Any damage, data loss, or privacy violations caused by the use of this tool
- Misuse of this project for unauthorized or illegal purposes
- Any criminal or civil liability arising from the user's actions
- Any violations of applicable laws and regulations
By downloading, installing, or using Necrom4ncer, you acknowledge and agree that:
- You are solely responsible for all activities and consequences of using this software
- You will use this tool only with:
- Explicit written authorization from the organization or individuals being tested
- Proper authorization from management or security leadership
- You understand that unauthorized social engineering is illegal and unethical
- You will comply with all applicable laws, regulations, and organizational policies
- You hold harmless the authors, maintainers, and contributors from any liability
- You will not use this tool for any illegal, unethical, or malicious purposes
The use of this project may be subject to local, national, and international laws, including but not limited to:
- Computer Fraud and Abuse Act (CFAA) - United States
- Computer Misuse Act 1990 - United Kingdom
- Criminal Code - Canada
- Wire Fraud Act (18 U.S.C. § 1343) - United States
- Penal Code provisions - European countries
- Data protection and privacy laws - GDPR and others
- Cybercrime laws - Other jurisdictions
Users are responsible for understanding and complying with applicable laws in their jurisdiction.
Before using Necrom4ncer for any social engineering assessment:
- Obtain written authorization from organizational leadership or system owners
- Document the scope of authorized social engineering testing
- Maintain records of authorization and testing activities
- Report findings responsibly to appropriate parties
- Respect individual privacy and comply with privacy laws
- Authorization First: Never conduct testing without explicit written authorization
- Scope Definition: Clearly define the scope of authorized testing
- Legal Review: Have legal counsel review authorization before proceeding
- Logging & Monitoring: Implement comprehensive logging of all activities
- Privacy Compliance: Ensure compliance with privacy and data protection laws
- Transparency: Debrief participants and provide education after assessments
- Documentation: Document all authorized testing scope, objectives, and findings
- Ethical Guidelines: Follow established ethical guidelines for security testing
- Email: anonymous.matrixtm26.dev@gmail.com
- GitHub: @MatrixTM26
- Response Time: 48 hours maximum
Security researchers who responsibly report vulnerabilities may be credited as follows:
- In security advisories (with permission)
- In release notes (with permission)
- As contributors in the repository (upon request)
- Version: 1.0
- Last Updated: June 4, 2026
- Effective Date: June 4, 2026
Last Modified: June 4, 2026 Maintainer: @MatrixTM26