VULNRΞPO is a client-side, end-to-end encrypted vulnerability report generator and repository designed for penetration testers, security auditors, and bug bounty hunters. It streamlines report creation by offering customizable templates, importing data from various security scanners and vulnerability databases, and supporting multiple export formats, all while ensuring data confidentiality.

How It Works

The project utilizes pure JavaScript and client-side encryption (AES) to maintain data confidentiality, with no backend system involved. It allows users to import vulnerability data from sources like Nmap, Nessus, Burp Suite, OpenVAS, Bugcrowd, and Trivy, as well as structured data from CVE, CWE, MITRE ATT&CK, and PCI DSS. Reports can be generated in TXT, HTML, DOCX, and PDF (via print-to-PDF), with options for encrypted HTML reports and automatic changelog generation.

Quick Start & Requirements

• Install/Run: docker-compose up for Dockerized deployment. Development server: ng serve (navigate to http://localhost:4200/).
• Prerequisites: Docker, Node.js/Angular CLI for development.
• Links: Online Demo, Dev Branch, Video Walkthrough

Highlighted Details

• End-to-end encryption (AES) for all data stored locally.
• Imports from Nmap, Nessus, Burp, OpenVAS, Bugcrowd, Trivy, NPM, Semgrep, Composer.
• Supports CVE, CWE, MITRE ATT&CK, PCI DSS data import.
• Exports to TXT, HTML, DOCX, PDF (via print), with encrypted HTML option.
• Automatic changelog generation and file checksums (SHA256).
• Local AI/LLM integration for private model use.

Maintenance & Community

The project is actively developed by kac89. Further community or roadmap information is not detailed in the README.

Licensing & Compatibility

• License: Apache 2.0 License.
• Compatibility: Permissive license suitable for commercial use and integration with closed-source projects.

Limitations & Caveats

The project relies entirely on client-side JavaScript for functionality and encryption, meaning its security and integrity are dependent on the user's browser environment. PDF generation is achieved through browser print functionality, which may lead to inconsistencies.