Yes, you can legally test Argus on your own network and equipment in Canada.
Criminal Code Section 342.1 - Unauthorized use of computer:
"Every person who, fraudulently and without colour of right, obtains, directly or indirectly, any computer service... is guilty of an indictable offence..."
✅ LEGAL:
- Testing on networks you own
- Testing on devices you own
- Testing with explicit written authorization
- Testing in isolated lab environments
- Testing your own home network
❌ ILLEGAL:
- Testing networks without permission
- Testing systems owned by others (even if "for their benefit")
- Accessing data beyond authorization
- Continuing after being told to stop
- Your home network (you own it)
- Your own devices (routers, IoT devices, etc.)
- Isolated test networks you control
- Virtual machines and containers you created
- Work networks (even if you work there)
- University/school networks
- Public networks (coffee shops, hotels, etc.)
- Neighbors' networks
- Client networks (unless explicitly authorized)
- Cloud infrastructure you don't own
- Clear scope: What networks/devices can be tested
- Timeframe: When testing is authorized
- Purpose: Why testing is being done
- Contact: Who authorized it and how to reach them
- Limitations: Any restrictions or exclusions
[Date]
Authorization for Security Testing
I, [Name], as [Title] of [Organization], authorize [Your Name]
to perform security testing using Argus on the following
network resources:
- Network: [IP Range or Network Name]
- Timeframe: [Start Date] to [End Date]
- Purpose: Security assessment and vulnerability identification
Signed,
[Authorized Person]
[Date]
- Keep authorization letters
- Log what you tested and when
- Record findings appropriately
- Create separate VLANs for testing
- Use virtual machines
- Test on non-production systems
- Inform users if testing on shared networks
- Provide findings reports to authorized parties
- Follow responsible disclosure if vulnerabilities found
- Don't access data beyond testing scope
- Don't collect or store sensitive information
- Follow data protection laws (PIPEDA in Canada)
- Immediately stop if authorization is revoked
- Respect network owner requests
- Remove any tools/probes if requested
✅ Your home router (192.168.x.x range you control)
✅ IoT devices you own
✅ Personal servers/computers
✅ Virtual machines on your network
✅ Isolated test VLAN
⚠️ Shared networks (roommates, family)
⚠️ ISP equipment (you may not fully own it)
⚠️ Neighbors' devices (if on shared network)
- Always get written authorization
- Use professional liability insurance
- Follow industry standards (OWASP, PTES)
- Maintain certifications (CEH, OSCP, etc.)
- Document methodology
- Only test programs you're authorized for
- Follow program rules strictly
- Don't test beyond scope
- Report responsibly
Violations can result in:
- Up to 10 years imprisonment
- Criminal record
- Civil liability
- Professional consequences
If you find vulnerabilities:
- Document the finding
- Notify the owner/authorized contact
- Allow reasonable time for patching
- Don't exploit beyond testing
- Don't publicly disclose until fixed
- Canadian Criminal Code: https://laws-lois.justice.gc.ca
- PIPEDA (Privacy): https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/
- OWASP Testing Guide: https://owasp.org/www-project-web-security-testing-guide/
- Legal Consultation: Consult a lawyer for specific questions
This document provides general information only and does not constitute legal advice.
- Laws can vary by province/territory
- Legal interpretations can change
- Specific situations may have unique considerations
- Always consult a qualified lawyer for legal questions
The authors and contributors of Argus are not responsible for misuse of this tool or violations of law.