Vulnotes

Write Better Pentest Reports

A modern, web-based platform to create high-quality pentest reports faster, enhanced by AI.

Dashboard preview

Built for Pentesters, by Pentesters

After trying countless reporting tools and hearing the same frustrations from pentesters across companies, we decided to build the platform we always wanted but never found.

Context-aware AI for pentesters
Screenshot to finding in seconds. Improve writing, multi-language support, and auto-anonymize sensitive data before AI processing.

Live collaboration with your team
Edit the same report simultaneously with presence indicators, cursor tracking, and instant, conflict-free updates.

Design white-label templates, built in Vulnotes
Visually design report layouts with full control over structure, branding, variables, and reusable sections.

Enterprise security and granular permissions
SSO, 2FA, role-based access control, and fine-grained permissions for clients, reports, and templates.

Plan and schedule your pentests
Calendar view for engagements, team availability tracking, and one-click report creation from scheduled tests with all requirements.

Built-in review and approval workflow
Snapshots, threaded comments, change requests, and approval tracking. Never miss a finding before delivery.

100% Integrated Platform

One Platform.
Complete Workflow.

From template design to client delivery, everything happens in Vulnotes. No more reports sent through unsecure channels, no back-and-forth file sharing, no version chaos.

STEP 1

Design

Build Your Templates

Create pixel-perfect report templates with our visual builder. Your branding, your style, your methodology.

STEP 2

Write

AI-Powered Reporting

Document findings with AI assistance. Screenshot to finding in seconds. CVSS v3.1 & v4.0 scoring built-in.

STEP 3

Collaborate

Real-Time Teamwork

Work together in real-time. See cursors, take notes, comments, and changes instantly.

STEP 4

Review

Quality Assurance

Built-in review workflow with snapshots, comments, and approval tracking. Never miss a finding.

STEP 5

Deliver

Export & Send

One click to PDF or encrypted ZIP. White-label ready. Direct to client.

Enterprise-Ready. Security-First.

Built with the features security teams actually need.

Multi
Language
Reports & AI Translation
CVSS
or Custom
Flexible Scoring
Self
or Cloud
Your Choice
API
MCP & Webhooks
Full Integration
Import
Your Provider
Easy Migration
SSO
& 2FA
Enterprise Auth

Frequently Asked Questions

Everything you need to know about Vulnotes

Can I automate my workflow with Vulnotes?

Absolutely. Vulnotes provides a full REST API that lets you create reports, add findings, export documents and more, all programmatically. We also support MCP, giving you full control over your Vulnotes workspace from any compatible tool or agent. Automate your entire pipeline from scan to delivery.

What AI models are supported? Can I disable AI?

We include Vulnotes AI (powered by Mistral, a French AI provider hosted in Europe) with every plan, but you can also use your own model. We support OpenAI, Anthropic, Google Gemini, Claude, etc.. Any OpenAI API-compatible provider including local models. If you don't want AI at all, no problem, you can enable only the features you need or completely disable it.

How does real-time collaboration work?

Team members can work on the same report simultaneously, with changes appearing in real-time. You can see who's editing what section, leave comments, and track all changes. Built-in review workflows let other team members approve reports before delivery.

What scoring systems does Vulnotes support?

We fully support CVSS v3.1 and v4.0 with built-in visual calculators and automatic score calculation. But if CVSS doesn't fit your needs, we've got you covered. You can create your own custom scoring system tailored to your methodology. Whether it's WiFi audits, automotive security, IoT assessments, or any other specialty, build the scoring that makes sense for your engagements.

How does the AI writing assistance work?

Our AI understands penetration testing methodology and can help generate finding descriptions, remediation steps, CVSS scoring suggestions, executive summaries and everything you need in your report. You can even upload screenshots of your exploits and get complete findings generated automatically.

Can I create custom report templates?

Vulnotes allows you to create fully customizable templates with our visual builder. Match your methodology, branding, and client requirements. Save templates for reuse and share them with your team. You can also use our template library to get started, creating a template have never been easier.

Can I self-host Vulnotes?

Yes! Self-hosting is included in every plan, no need to contact us. You can deploy on your own infrastructure or use our cloud-hosted solution. Choose whatever fits your organization's needs.

Can I import my existing customers and vulnerabilities?

Yes! We already support full import from Pwndoc: clients, vulnerabilities and categories. Migration is completed in minutes with all your data preserved. Using another provider? Contact us and we'll add yours.

Still have questions?

Contact our team
Coming soon

Ready to Write
Better Reports?

Be the first to know when Vulnotes launches. Drop your email and we'll notify you.