Tool and Usage
Vulnreport is a tool to automate and manage all the data involved security reviews. In particular, it focuses on discovered vulnerabilities.
Why this tool?
Vulnreport is a platform to deal with penetration test results. The tool formats them and provides actionable findings reports. The platform is strong in focusing on automation, to reduce the time spent by engineers.
Vulnreport was built by the Product Security team from Salesforce. They wanted to reduce the required time to write, format, and proofing the reports of the penetration tests.
Usage and audience
Vulnreport is commonly used for security reviews, vulnerability management, or vulnerability scanning. Target users for this tool are auditors, pentesters, security professionals, and system administrators.
- Vulnreport is written in Ruby
- Customization and additions are possible
- Tool allows multiple integrations
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
History and highlights
- Presentation at Black Hat USA 2016
Supported operating systems
Vulnreport is known to work on Linux.
Several dependencies are required to use Vulnreport.
Similar tools to Vulnreport:
Faraday is collaboration tool for pentest assignments and vulnerability management. It allows integration with a number of other security tools.
Web Application Security Scanner aimed towards helping users evaluate the security of web applications
Utility like pkg-audit for Arch Linux to find vulnerable packages on the system
|Latest release||3.0.3 [2016-10-14]|
|Vulnreport GitHub project|
|Vulnreport project website|