Disclaimer

Last updated: February 10, 2026

⚠️ WARNING — READ BEFORE USE. Max Intel provides tools that actively interact with remote servers, web archives, and public APIs. Some of these tools perform network requests, subdomain enumeration, certificate lookups, historical content retrieval, and live endpoint probing. Using these tools against systems you do not own or have explicit written authorization to test may violate applicable laws. You are solely responsible for ensuring you have proper authorization before scanning any target.

Max Intel is a security research and OSINT platform. It is designed for authorized security professionals, penetration testers, bug bounty researchers, journalists, investigators, and academics conducting lawful open source intelligence gathering and security assessments.

Authorization & Scope of Use

Several tools on this platform perform active reconnaissance against target domains and infrastructure. These include, but are not limited to: Certificate Transparency monitoring, subdomain enumeration, WHOIS history retrieval, Wayback Machine content retrieval, sitemap and robots.txt analysis, live endpoint probing, and social media profile discovery. Before using any tool against a target, you must ensure at least one of the following applies:

You own the target system or domain
You have explicit written authorization from the system owner (such as a penetration testing agreement, scope of work, or bug bounty program terms)
The activity falls within a legally recognized bug bounty or vulnerability disclosure program with a published scope that covers your intended actions
You are conducting passive research using only publicly archived data with no interaction with the live target

Absence of a "no" is not the same as authorization. If you do not have clear, documented permission, do not scan the target.

Penetration Testing & Security Research

If you are using Max Intel tools as part of a penetration test, red team engagement, or security assessment, you should ensure the following before beginning any active reconnaissance:

Written authorization: Obtain a signed Rules of Engagement (RoE), Statement of Work (SoW), or equivalent document that explicitly defines the scope of permitted testing, including which domains, IP ranges, and techniques are authorized
Scope boundaries: Only scan targets explicitly listed in your authorization. Subdomain enumeration and certificate transparency lookups may reveal infrastructure outside your authorized scope — do not interact with out-of-scope assets
Third-party infrastructure: Many targets rely on shared hosting, CDNs, cloud providers, and third-party services. Authorization to test a client's domain does not extend to scanning their hosting provider's infrastructure, upstream APIs, or other tenants on shared systems
Rate limiting and impact: Active tools make network requests that consume target server resources. Configure appropriate delays and request limits to avoid degrading service availability, which could constitute a denial-of-service event even if unintentional
Data handling: Information gathered during reconnaissance — including contact details, email addresses, internal hostnames, and historical content — may contain sensitive or personal data. Handle all findings in accordance with your engagement's data handling requirements and applicable data protection regulations
Documentation: Maintain logs of what you scanned, when, and under what authorization. This protects both you and the target organization in the event of a dispute

Bug Bounty Programs

If you are conducting research under a bug bounty program, review the program's scope and rules carefully before using any Max Intel tool. Many programs restrict or prohibit automated scanning, aggressive enumeration, accessing other users' data, and social engineering. Exceeding the defined scope — even with tools that only query public data — can result in disqualification, legal action, or both. When in doubt, contact the program operator before proceeding.

Applicable Laws

Unauthorized access to computer systems is a criminal offense in most jurisdictions. Relevant laws include, but are not limited to:

United States: Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030 — prohibits intentionally accessing a computer without authorization or exceeding authorized access
United Kingdom: Computer Misuse Act 1990 (CMA) — criminalizes unauthorized access to computer material, unauthorized access with intent to commit further offenses, and unauthorized modification of computer material
European Union: Directive 2013/40/EU on attacks against information systems, implemented through member state legislation, as well as the General Data Protection Regulation (GDPR) for any processing of personal data
Other jurisdictions: Most countries have equivalent cybercrime legislation. You are responsible for understanding and complying with the laws applicable in your jurisdiction, the jurisdiction where the target system is located, and any intermediate jurisdictions through which your traffic passes

The fact that a tool is publicly available, that data is archived, or that information was once public does not necessarily make accessing or collecting it legal in your jurisdiction or context.

What Max Intel Tools Do

For transparency, the following is a summary of the network interactions performed by Max Intel's active tools:

CT Monitor: Queries crt.sh (a public Certificate Transparency log aggregator) to retrieve SSL/TLS certificate records for a domain. Does not interact with the target directly
Wayback Recon: Queries the Wayback Machine CDX API and CommonCrawl index to discover historically archived URLs. Downloads archived page snapshots from web.archive.org. Does not interact with the live target
WHOIS History: Queries the Wayback Machine for archived versions of a domain's pages to extract historical contact information. Does not interact with the live target
Ghost Finder: Queries the Wayback Machine for archived social media profile pages. Does not interact with live social media platforms
Robots.txt Historian: Queries the Wayback Machine for archived robots.txt files and diffs them. Optionally probes removed Disallow paths against the live target to check HTTP status — this constitutes active interaction with the target
Sitemap Historian: Queries the Wayback Machine for archived sitemap.xml files and diffs them. Optionally probes vanished URLs against the live target to check HTTP status — this constitutes active interaction with the target

Educational & Research Purpose

The Site is provided for educational and lawful security research purposes. It serves as both a reference directory cataloging publicly available OSINT resources and a platform hosting original tools for authorized security assessments. The inclusion of any tool, technique, or resource on this Site does not constitute an endorsement of using it for unlawful purposes.

Not a Consumer Reporting Agency

Max Intel is not a consumer reporting agency as defined by the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq. The Site does not provide "consumer reports" as defined by the FCRA. You may not use the Site or any information obtained through linked services for purposes covered by the FCRA, including but not limited to:

Employment screening or hiring decisions
Tenant screening or housing decisions
Credit eligibility determinations
Insurance underwriting
Any other purpose requiring FCRA compliance

Accuracy of Information

Max Intel makes no representations or warranties regarding the accuracy, completeness, reliability, or timeliness of any information retrieved by its tools or provided by third-party services. Archived content may be outdated, incomplete, or altered. Live probe results reflect a point-in-time HTTP response and may not accurately represent the state of the target system. You should independently verify any information before acting on it.

No Professional Relationship

Use of the Site does not create any professional, advisory, fiduciary, or attorney-client relationship between you and Max Intel or its operators. The Site does not provide legal, investigative, financial, medical, or any other form of professional advice. If you need legal guidance on the permissibility of a particular activity, consult a qualified attorney in your jurisdiction.

Third-Party Services & APIs

Max Intel tools rely on third-party services including the Internet Archive Wayback Machine, crt.sh, CommonCrawl, and the NIST National Vulnerability Database. These services have their own terms of use, rate limits, and availability constraints. Max Intel does not guarantee the continued availability or functionality of any third-party service, and is not responsible for changes to their APIs, terms, or access policies.

Limitation of Liability

To the maximum extent permitted by applicable law, Max Intel and its operators shall not be held liable for any damages, losses, legal proceedings, or consequences arising from the use of, or inability to use, the Site or any tool or service accessible through the Site. This includes, without limitation, any direct, indirect, incidental, consequential, special, or punitive damages, and any liability arising from your failure to obtain proper authorization before using active scanning tools.

Use at Your Own Risk

Your use of the Site and all tools available through it is entirely at your own risk. You assume full responsibility for ensuring you have proper authorization for any active reconnaissance, for complying with all applicable laws, and for any consequences resulting from your actions.