🐞 VulnDraft

Bug Report Generator for Security Researchers

Generate professional, platform-compliant security reports in minutes.
Made for bug hunters, by Ruyynn.

Features • Quick Start • Screenshots • Documentation • Support Development

---

📌 About VulnDraft

VulnDraft is an open-source tool designed to help security researchers and bug bounty hunters generate clear, structured, and professional vulnerability reports.

In bug bounty and penetration testing workflows, discovering vulnerabilities is only half the battle. Writing well-structured reports that clearly explain the issue, impact, and reproduction steps is just as important. VulnDraft streamlines this process by providing automated report generation using clean templates.

The tool supports report formats for popular bug bounty platforms such as HackerOne, Bugcrowd, and Intigriti, allowing researchers to quickly generate reports that match platform expectations.

Key Goals

• Improve the quality and consistency of vulnerability reports
• Reduce the time spent formatting reports manually
• Provide structured templates for common bug bounty platforms
• Help researchers focus more on finding vulnerabilities, not writing reports

VulnDraft aims to become a simple but powerful tool in the bug bounty and security research workflow, making professional reporting faster and easier.

---

✨ Features

🎨 Dual Interface ✅ CLI Interactive Mode - For terminal lovers ✅ Web GUI Mode - Beautiful browser interface ✅ Cross-platform (Windows, Linux, macOS, Termux) ✅ REST API for automation	📄 Multi-Format Export ✅ Markdown (.md) - Ready for platform submission ✅ HTML (.html) - Beautiful styled reports ✅ JSON (.json) - For API integration ✅ PDF (Coming soon)
🏆 Platform Templates ✅ HackerOne Style ✅ Bugcrowd Style ✅ Intigriti Style ✅ Custom Template Support	📊 Advanced Features ✅ CVSS v3.1 Calculator ✅ Multi-vulnerability Reports ✅ Session Management (Save/Resume) ✅ Input Validation & Sanitization

---

🎯 Why VulnDraft?

"Finding a bug is hard enough. Writing a professional report shouldn't be."

VulnDraft was created to solve a common problem in bug bounty and penetration testing workflows.
Discovering vulnerabilities is only part of the process — writing a clear, structured report is equally important.

Many security researchers spend unnecessary time formatting reports instead of focusing on actual security research.

The Problem

• 🔥 Time-consuming — Formatting reports manually wastes valuable time
• 📋 Inconsistent — Every platform has different reporting formats
• 😤 Repetitive — Researchers often rewrite the same structure repeatedly

The Solution

VulnDraft simplifies the reporting process by generating structured vulnerability reports automatically.

With VulnDraft you can:

• ⚡ Generate professional bug bounty reports in seconds
• 🧩 Use templates for platforms like HackerOne, Bugcrowd, and Intigriti
• 📊 Include CVSS scoring and structured vulnerability details
• 📄 Export clean Markdown reports ready for submission

---

🚀 Quick Start

Prerequisites

# Python 3.8 or higher
python --version

# Git (optional)
git --version

Installation

# Clone the repository
git clone https://github.com/ruyynn/VulnDraft.git
cd VulnDraft

Install dependencies

pip install -r requirements.txt

Usage

🖥️ CLI Mode (Terminal)

python main.py

Follow the interactive prompts:

1. Enter report title and author

2. Add vulnerability details

3. Choose platform (HackerOne/Bugcrowd/Intigriti/Custom)

4. Optional: Calculate CVSS score

5. Add multiple vulnerabilities

6. Report generated automatically!

🌐 Web Mode (Browser)

python main.py --web

Then open http://localhost:8000 in your browser.

🔧 API Mode (REST)

# Start server
python main.py --web

# Generate report via API
curl -X POST http://localhost:8000/api/v1/reports \
  -H "Content-Type: application/json" \
  -d '{
    "report_title": "SQL Injection Test",
    "author": "YourName",
    "platform": "hackerone",
    "vulnerabilities": [{
      "title": "SQL Injection",
      "description": "Detailed description...",
      "steps_to_reproduce": ["Step 1", "Step 2"],
      "impact": "High impact"
    }]
  }'

📸 Screenshots

🎨 Web Interface

Clean, professional form interface

Clean, professional

💻 CLI Interface

Interactive CLI prompts

Preview Markdown In Terminal

📄 Report Examples

Style Report

Style Report

📁 Project Structure

VulnDraft/
├── main.py                 # Entry point
├── requirements.txt        # Dependencies
├── config.json            # Configuration
├── core/                  # Core logic
│   ├── cvss.py           # CVSS v3.1 calculator
│   ├── prompt.py         # CLI interactive prompts
│   ├── builder.py        # Report builder
│   └── session.py        # Session management
├── api/                   # REST API
│   ├── routes.py         # FastAPI endpoints
│   └── schemas.py        # Pydantic models
├── web/                   # Web interface
│   ├── main.py           # FastAPI app
│   ├── templates/        # HTML templates
│   └── static/           # CSS/JS assets
├── templates/             # Report templates
│   ├── hackerone.md      # HackerOne style
│   ├── bugcrowd.md       # Bugcrowd style
│   ├── intigriti.md      # Intigriti style
│   └── base.html         # HTML base template
├── platforms/             # Platform validators
│   ├── hackerone.py
│   ├── bugcrowd.py
│   └── intigriti.py
├── utils/                 # Utilities
│   ├── exporter.py       # Export to MD/HTML/JSON
│   ├── validator.py      # Input validation
│   └── formatter.py      # Text formatting
└── output/                # Generated reports

🛠️ Tech Stack

Category	Technologies
Backend	Python 3.8+, FastAPI, Pydantic
CLI	Questionary, Click
Frontend	HTML5, TailwindCSS, JavaScript
Templating	Jinja2, Markdown
Validation	Pydantic, Regex
Testing	Pytest

---

📝 Supported Platforms

Platform	Template	Fields	Status
HackerOne	✅	Title, Description, Steps, Impact, CVSS	Full Support
Bugcrowd	✅	Title, Description, Steps, Impact, PoC, CVSS	Full Support
Intigriti	✅	Title, Summary, Technical Details, Steps, Impact	Full Support
Custom	✅	Fully customizable	Full Support

---

🤝 Contributing

We welcome contributions! Here’s how you can help:

🐛 Report Bugs

• Open an issue with detailed steps to reproduce
• Include screenshots if applicable
• Mention your OS and Python version

💡 Suggest Features

• Open an issue with [FEATURE] prefix
• Describe your use case and provide examples

🔧 Submit PRs

1. Fork the repository
2. Create a feature branch

   git checkout -b feature/AmazingFeature

3. Commit your changes

git commit -m 'Add some AmazingFeature'

4. Push to branch

git push origin feature/AmazingFeature

Open a Pull Request

📝 Improve Documentation

Fix typos

Add examples

Translate to other languages

💖 Support Development

If VulnDraft helps you write better bug reports, consider supporting my work!

Benefits of supporting:

● 🚀 Early access to new features (PDF export, more platforms)

● 🐛 Faster bug fixes

● 📚 Better documentation & examples

● ☕ Keep me caffeinated for late-night coding sessions

📬 Contact

Have questions, suggestions, or want to chat about bug bounty? Reach out!

📄 License

Distributed under the MIT License. See LICENSE for more information.

MIT License

Copyright (c) 2026 Ruyynn

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions...

👥 Contributors

Thank you to everyone who has contributed to VulnDraft!

thanks to zeennxx for contributions!

⭐ Star History

Keep track of VulnDraft’s popularity over time:

_{Built with 💪🧠 by Ruyynn | Bug bounty hunter & tool builder
Happy Bug Hunting! 🔥}