penreport
24 features · built for pentesters

Every tool you need.
Nothing you don’t.

AI finding enhancement, a built-in CVSS calculator, multi-format export, reusable templates, retest workflows, and white-label branding. No general-purpose bloat.

Get started free View pricing
AI-powered

Let AI handle the
tedious parts.

5 AI calls per month on Free. 200 on Pro. Powered by Claude.

5
AI calls / mo · Free
200
AI calls / mo · Pro
  • 01

    AI finding enhancement

    Enter a vulnerability title. AI fills description, impact, remediation, CVSS vector, and CWE references. Review, tweak, done.

  • 02

    Bulk enhance

    Process every unprocessed finding in one click. Each suggestion is reviewable before applying.

    Pro
  • 03

    AI executive summary

    Generate a professional executive summary from all your findings, automatically.

    Pro
  • 04

    CVSS 3.1 calculator

    Built-in interactive calculator. Pick metrics, see score and vector string update live.

  • 05

    Severity auto-mapping

    The calculator sets the finding severity from the computed CVSS score automatically.

Report building

Edit, organise,
and ship with
zero friction.

The boring infrastructure of writing reports, auto-save, reorder, clone, export, is handled. So you don’t think about it.

Auto-save

Every field saves on blur. No save button. No lost work.

Drag and drop reorder

Reorder findings by dragging. New order persists instantly.

Report cloning

Duplicate any report as a starting point. One click.

Multi-format export

PDF and Markdown free. DOCX, HTML, CSV, JSON on Pro.

Report sharing

Read-only links. No client account needed. Revoke anytime.

Custom disclaimer

Add your own legal disclaimer to every generated report.

Pro
drag to reorder · auto-saves
01CSQL Injection in /auth/login9.8
02HStored XSS in /profile bio8.1
03MMissing HSTS on login5.3
04LVerbose stack traces in API errors3.1
Templates and workflow

Stop rewriting the
same findings.

Templates and libraries make every report faster than the last.

01

Methodology templates

Pre-built scaffolds for OWASP WSTG, PTES, OSSTMM, NIST 800-115, and more.

02

Finding templates

Pro

Save common findings as reusable templates. Apply to any report in one click.

03

Finding library

Browse and apply your saved templates from inside the report editor.

04

Up to 100 findings

Each report supports up to 100 findings with full detail fields.

Methodologies supported
OWASP WSTGPTESOSSTMMNIST 800-115OWASP Top 10OWASP MASVSCIS Benchmarks
Remediation and retests

Follow every fix
to closed.

Mark each finding Open, In Progress, Fixed, or Won’t Fix. Add internal notes. Spin up a retest report from any original, findings carry over, statuses reset to Not Retested. Mark Fixed, Persists, or Partial as you go.

  • 01Four states: Open, In Progress, Fixed, Won't Fix
  • 02Per-finding notes for patch refs and accepted risks
  • 03One-click retest report generation
  • 04Live diff banner with Fixed, Persists, Partial, New
q1-acme · retest report
Retest summary
2 fixed1 persists1 partial1 not retested
CSQL Injection in /auth/login9.8Fixed
HStored XSS in /profile8.1Fixed
HIDOR on /api/invoices/:id7.5Persists
MMissing HSTS on login5.3Partial
LVerbose stack traces3.1Not retested
Security and brand

Enterprise security.
Your reports,
your brand.

Argon2id, encrypted Postgres, database-backed sessions. The boring security work, done properly.

White-label branding

Pro

Upload your logo and set brand colors. Every PDF reflects your identity.

Argon2id passwords

Industry-leading password hashing. No bcrypt, no shortcuts.

Encrypted database

All data stored in encrypted Postgres. Database-backed sessions, never JWT.

Google SSO

Sign in with Google or email and password. Your choice.

Everything, in one list

All 24 features.

AI

  • AI finding enhancement

    Type a title, get a complete finding.

  • Bulk AI enhancePro

    Process every finding in one click.

  • AI executive summaryPro

    Auto-generated from your findings.

  • CVSS 3.1 calculator

    Live score and vector string.

  • Severity auto-mapping

    Severity follows CVSS score.

Reports

  • Auto-save

    Every field saves on blur.

  • Drag and drop reorder

    Persists instantly.

  • Report cloning

    Duplicate any report.

  • PDF export

    Print-ready, cover and summary.

  • DOCX exportPro

    Native Word file.

  • HTML, CSV, JSON exportPro

    All the formats.

  • Share links

    Read-only, revocable.

  • Custom disclaimerPro

    Your own legal text.

Templates and retest

  • Methodology templates

    OWASP, PTES, OSSTMM, NIST.

  • Finding templatesPro

    Save and re-apply.

  • Finding library

    Browse from the editor.

  • Up to 100 findings

    Per report.

  • Remediation tracking

    Open / In Progress / Fixed / Won't Fix.

  • Retest reports

    Findings carry over with status diff.

Security

  • White-label brandingPro

    Logo and brand colors on PDFs.

  • Argon2id passwords

    Industry-leading hashing.

  • Encrypted database

    Encrypted Postgres at rest.

  • Google SSO

    Or email and password.

  • DB-backed sessions

    Never JWT.

Ready when
you are.

Start free. Generate your first professional pentest report in under five minutes, no credit card required.

Get started free Or compare plans