Pentest Reports
The Pentest Reports page (/reports) lets you generate, manage, and download professional penetration testing reports for any project. Reports are self-contained HTML documents that compile all reconnaissance data, vulnerability findings, CVE intelligence, attack chain results, and remediation recommendations into a client-ready deliverable.
When an AI model is configured, reports include LLM-generated narratives that provide executive-level prose, contextual risk analysis, and prioritized remediation guidance. If no LLM is available, the report is still generated with all data tables, charts, and metrics — only the narrative sections are omitted.
- Navigate to the Reports page from the sidebar
- Select a project from the project dropdown on the right side of the header
- Click Generate Report
- The report takes 1–5 minutes depending on data volume and LLM response time
- Once complete, the report appears in the list below
The generation process gathers all data from Neo4j and PostgreSQL, optionally requests LLM narratives from the agent service, renders a self-contained HTML file, and saves metadata to the database. If the LLM is unavailable or times out, the report is generated without narrative sections — no error is shown.
Each report in the list shows:
- Title — includes the project name and target domain
- AI badge — indicates if LLM-generated narratives are included
- Project name and domain — which project the report belongs to
- Date and file size
- Risk score — color-coded overall risk assessment (Critical / High / Medium / Low / Minimal)
- Vulnerability and remediation counts
Actions per report:
| Button | Action |
|---|---|
| Download (arrow icon) | Saves the HTML file to your local machine |
| Open (external link icon) | Opens the report in a new browser tab for immediate viewing |
| Delete (trash icon) | Deletes the report after confirmation |
Reports are included in project export/import — both the metadata and HTML files are preserved in the ZIP archive.
The generated report is a single self-contained HTML file with embedded CSS, inline SVG charts, and no JavaScript dependencies. It is optimized for both screen viewing and print/PDF export (Ctrl+P).
The report contains the following sections:
The opening page displays the project name, target domain, generation date, and overall risk score as a color-coded badge. If Rules of Engagement are configured, the client name and engagement type are also shown. A confidentiality classification banner appears at the top.
The most important section — designed for CISOs, board members, and executive stakeholders. It presents key metrics in compact cards: risk score, total findings, critical/high/medium/low vulnerability counts, known CVEs, exploitable conditions, attack surface size, remediations, and secrets exposed.
When LLM narratives are available, a concise 3–4 paragraph briefing covers the risk verdict, business impact, top remediation actions, and overall posture conclusion. Detailed technical analysis is provided in the Risk Summary section.
Opens with a quick-glance overview showing scan mode (Domain or IP/CIDR), subdomain count, unique IPs, base URLs, endpoints, and parameters. Below that, a Subdomain Resolution Map (domain mode) or IP Target Map (IP mode) lists every discovered target with its resolved IPs, CDN status, and open port count. The section also includes the target information, discovery summary, and Rules of Engagement when configured.
Contains three key visualizations:
- Security Posture Radar — a 6-axis SVG radar chart showing Attack Surface, Vulnerability Density, Exploitability, Certificate Health, Injectable Parameters, and Security Header coverage. Each axis uses logarithmic normalization, matching the same formulas as the Insights Dashboard.
- CVSS Score Distribution — histogram of CVSS scores across all CVEs
- Vulnerability Severity Distribution — breakdown of non-CVE vulnerability findings by severity level
A remediation status summary shows the distribution of open, in-progress, and completed remediation items.
When LLM narratives are available, this section includes an extensive technical analysis (8–12 paragraphs) covering the full vulnerability landscape with per-severity breakdowns, CVSS distribution analysis, detailed exploitation results, technology and CVE chain analysis, infrastructure security posture (certificates, headers, injectable parameters), attack surface metrics, and secrets/data exposure assessment.
Lists all remediation items grouped by severity (critical, high, medium, low, info). Each finding card includes:
- Title and severity badge
- Status indicator (Open / In Progress / Fixed)
- Description
- Category, affected assets, steps to reproduce, suggested fix, and references where available
When LLM narratives are available, a prose summary contextualizes the findings and highlights the most impactful issues.
Raw vulnerability data from all scanning sources (Nuclei, GVM, security checks, AI agent findings). Grouped by source, each entry shows name, severity, CVSS score, target host, and category. This section complements the curated Findings section with the full raw scan output.
Comprehensive view of the discovered attack surface:
- Technologies — detected software with version and CVE count
- Security Headers Gap Analysis — per-header coverage bars with weighted overall score (HSTS, CSP, X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy)
- Injectable Parameters — summary and per-position breakdown showing injection risk
- Services and Ports — open services and port distribution
- CDN Coverage — ratio of CDN-fronted vs directly exposed IPs
- DNS Records and Certificate Health
Detailed CVE analysis including:
- CISA KEV Callout — a prominent alert box highlighting any vulnerabilities in the CISA Known Exploited Vulnerabilities catalog (only shown when KEV entries exist)
- Known CVEs Table — all discovered CVEs with CVSS scores, severity, associated technology, and CWE/CAPEC mappings
- CWE Breakdown — common weakness patterns found across all CVEs
- Attack Flow Chains — a flow table showing complete attack paths: Technology → CVE → CWE → CAPEC, revealing how vulnerabilities map to concrete attack patterns
- Confirmed Exploits — GVM-confirmed and agent-confirmed exploits with target, CVSS, and evidence
Only included when GitHub secret hunting has discovered exposed credentials or sensitive files. Lists each secret type and the associated repository or file.
Only included when AI agent attack chains have been executed. Shows each chain with its steps, decisions, findings, and outcomes. Includes exploit successes with full evidence.
Prioritized remediation guidance organized by severity. Each recommendation includes the vulnerability title, severity, category, suggested solution, associated CVE/CWE IDs, and current status.
When LLM narratives are available, this section includes an exhaustive triage organized into priority tiers: emergency actions, critical/high CVE remediation, medium-priority items, low/informational improvements, and strategic long-term recommendations. The narrative covers 100% of all discovered issues.
Supporting reference material:
- Graph Node Distribution — breakdown of all node types in the project graph
- Assessment Tools — list of tools used during the assessment
- Severity Definitions — standard severity level definitions with CVSS score ranges
Six report sections support LLM-generated narrative prose:
| Section | Narrative Key | Description |
|---|---|---|
| Executive Summary | executiveSummary |
Concise executive briefing (3–4 paragraphs) |
| Scope & Methodology | scopeNarrative |
Assessment scope context and methodology description |
| Risk Summary | riskNarrative |
Extensive technical risk analysis (8–12 paragraphs) |
| Findings | findingsNarrative |
Findings context and impact analysis |
| Attack Surface | attackSurfaceNarrative |
Attack surface analysis and exposure assessment |
| Recommendations | recommendationsNarrative |
Exhaustive prioritized remediation triage |
The LLM receives all project data (metrics, findings, CVE chains, exploits, remediations, security headers, parameter analysis) and produces professional prose matching the depth and tone of reports from established security consultancies.
If the agent service is unavailable or no LLM API key is configured, the report is generated without narratives. The AI badge in the reports list indicates which reports include LLM-generated content.
The report HTML is optimized for printing. Use Ctrl+P (or Cmd+P on macOS) to print or save as PDF. The report includes:
- Page breaks between major sections
- Print-friendly CSS (hidden navigation, adjusted colors)
- SVG charts that render cleanly in print
- CSS bar gauges that print correctly
View an example pentest report rendered in your browser:
Pentest Report — devergolabs.com (HTML)
- Insights Dashboard — Explore interactive analytics charts for the same data
- CypherFix — Automated Remediation — Generate and track remediation items
- Data Export & Import — Export projects including reports
- AI Model Providers — Configure LLM providers for narrative generation