It would be better if you could. If I were looking for something like this I'd like to know the in and out even before trying it on my server. Especially because the customer won't care about why their password was leaked etc. Mentioning 'some cyber sec test' is not enough.