LSE toolsLSE toolsVulnreport (136)Vulnreport (136)

Tool and Usage

Project details

BSD 3-clause
Programming language
Tim Bach
Latest release
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Vulnreport is a platform to deal with penetration test results. The tool formats them and provides actionable findings reports. The platform is strong in focusing on automation, to reduce the time spent by engineers.

Background information

Vulnreport was built by the Product Security team from Salesforce. They wanted to reduce the required time to write, format, and proofing the reports of the penetration tests.

Usage and audience

Vulnreport is commonly used for security reviews, vulnerability management, or vulnerability scanning. Target users for this tool are auditors, pentesters, security professionals, and system administrators.


  • Customization and additions are possible
  • Tool allows multiple integrations

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + The source code of this software is available

History and highlights

  • Speaker at Black Hat USA 2016

Author and Maintainers

Vulnreport is under development by Tim Bach and maintained by Salesforce.


Supported operating systems

Vulnreport is known to work on Linux.


Several dependencies are required to use Vulnreport.

  • Bundler
  • PostgreSQL
  • Redis
  • Ruby
  • rollbar

Vulnreport alternatives

Similar tools to Vulnreport:



Faraday is collaboration tool for pentest assignments and vulnerability management. It allows integration with a number of other security tools.


Infection Monkey

The Infection Monkey is a security tool to test the resiliency of a data center or network. It tries to breach the perimeter and infect any internal server. Upon success, it reports the status to the centralized Monkey Island server. This tool can help with automating security assessments or perform a self-assessment.



ShellPop is a security tool used by penetration testers during their assignments. It helps with generating both easy and more sophisticated reverse or bind shell commands.

All Vulnreport alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information