Skip to content

Security for defenders

Guidance for allowing SQUR traffic and understanding runtime behavior.

Egress IP allowlisting

Allow outbound SQUR traffic from these static IPs:

  • 104.155.20.182
  • 34.76.33.170
  • 34.22.192.89

User agent behavior

SQUR identifies itself with a consistent user agent string containing an identifier "SQUR/xx.xxxxx" where xx.xxxxx represents an identifier for the pentest. This user agent is not guaranteed to be used in every interaction with the target! You may log or filter traffic accordingly.

Network overview

  • All testing actions respect your configured scope and permissions.
  • Traffic originates from the egress IPs above.
  • Rate limits and safety checks are applied to avoid disruption.

PII minimization

  • Provide dedicated test accounts without personal data where possible.
  • SQUR minimizes retention of PII in logs and findings.
  • Use roles with least-privilege access appropriate for testing.
? SQUR