About Vulnerability Reporter v2.0

Vulnerability Reporter is an all-in-one, browser-based security orchestration suite designed to streamline the entire penetration testing lifecycle - from scoping and execution to automated, professional report generation. It centralizes risk scoring, evidence management, and standardized reporting - all processed securely within the browser.

Built with ❤️ to help you write better reports - your 🧠 makes them great.

Standardized Reporting 🐞

The platform eliminates inconsistencies in reporting by providing a library of pre-vetted vulnerability templates.

  • Uniformity: Every pentester uses the same high-quality Descriptions and Recommendations.
  • Rich Context: Each entry includes critical metadata such as CWE IDs, OWASP Categories, and direct refernce links to PortSwigger or OWASP.
  • One-Click Copy: The "Copy Full Report" button allows for instant migration of data into final client deliverables.

Report Generator 📄

A high-performance, client-side reporting engine built for modern pentesters.

  • Uniformity: Real-Time Editing: Modify findings before export.
  • Rich Context: Evidence Embedding: Attach PoC images directly to vulnerabilities.
  • One-Click Copy: Automated .DOC Output: Generate professional reports instantly — no backend, no database.

Integrated Scoring ⚖️

Instead of switching between multiple browser tabs, testers can now calculate and assess risk directly inside the interface.

  • OWASP Risk Calculator: Provides a granular severity score by evaluating key risk factors on Threat Agent, Vulnerability, Technical Impact, and Business Impact factors.
  • CVSS Risk Calculator: Allows users to toggle Exploitability and Impact metrics to generate a standardized CVSS vector string.

Community-Driven Vulnerability Expansion 📈

The "Add Vulnerability" module allows the database to grow while maintaining a strict data structure.

  • JSON Generation: Pentesters can draft new findings (Name, Severity, Technical Observations) and generate a structured JSON object.
  • Validation Workflow: These JSON proposals can be submitted for review before being added to the master library, ensuring the "Standardized Reporting" remains high-quality.

Interactive Methodology Checklist 📄

The Checklist transforms static guides into an interactive workflow.

  • Live Status Tracking: Pentesters can mark test cases as PASS, FAIL, or N/A with clear color-coded visual feedback.
  • Exportable Artifacts: Once the audit is complete, the results can be exported to CSV format, serving as evidence for the final audit report.

Scope Call & MOM Generator 🎧

A specialized client-side utility designed to streamline the pre-assessment phase by serving as a central interface for capturing requirements and generating documentation.

  • Automated PDF Reporting: Instantly converts raw form data into a professional Scope Call Report ready for client sign-off.
  • Smart MOM Generation: Automatically drafts detailed "Minutes of Meeting" including scheduling, scope definitions, and action items.
  • Outlook Integration: Features a direct "Send to Outlook" function with pre-formatted subject lines and body content.
  • Secure & Offline: Runs entirely in the browser without a backend, ensuring sensitive client data never leaves the local machine.

Why Reporter?

Unlike traditional document-based reporting, Vulnerability Reporter adopts structured output to enforce a consistent technical language - reducing reporting time, improving accuracy, and maintaining uniformity across team reports.