Generate professional, platform-compliant security reports in minutes.
Made for bug hunters, by Ruyynn.
Features • Quick Start • Screenshots • Documentation • Support Development
VulnDraft is an open-source tool designed to help security researchers and bug bounty hunters generate clear, structured, and professional vulnerability reports.
In bug bounty and penetration testing workflows, discovering vulnerabilities is only half the battle. Writing well-structured reports that clearly explain the issue, impact, and reproduction steps is just as important. VulnDraft streamlines this process by providing automated report generation using clean templates.
The tool supports report formats for popular bug bounty platforms such as HackerOne, Bugcrowd, and Intigriti, allowing researchers to quickly generate reports that match platform expectations.
- Improve the quality and consistency of vulnerability reports
- Reduce the time spent formatting reports manually
- Provide structured templates for common bug bounty platforms
- Help researchers focus more on finding vulnerabilities, not writing reports
VulnDraft aims to become a simple but powerful tool in the bug bounty and security research workflow, making professional reporting faster and easier.
|
|
|
|
"Finding a bug is hard enough. Writing a professional report shouldn't be."
VulnDraft was created to solve a common problem in bug bounty and penetration testing workflows.
Discovering vulnerabilities is only part of the process — writing a clear, structured report is equally important.
Many security researchers spend unnecessary time formatting reports instead of focusing on actual security research.
- 🔥 Time-consuming — Formatting reports manually wastes valuable time
- 📋 Inconsistent — Every platform has different reporting formats
- 😤 Repetitive — Researchers often rewrite the same structure repeatedly
VulnDraft simplifies the reporting process by generating structured vulnerability reports automatically.
With VulnDraft you can:
- ⚡ Generate professional bug bounty reports in seconds
- 🧩 Use templates for platforms like HackerOne, Bugcrowd, and Intigriti
- 📊 Include CVSS scoring and structured vulnerability details
- 📄 Export clean Markdown reports ready for submission
# Python 3.8 or higher
python --version
# Git (optional)
git --versionInstallation
# Clone the repository
git clone https://github.com/ruyynn/VulnDraft.git
cd VulnDraftInstall dependencies
pip install -r requirements.txt
Usage
🖥️ CLI Mode (Terminal)
python main.pyFollow the interactive prompts:
-
Enter report title and author
-
Add vulnerability details
-
Choose platform (HackerOne/Bugcrowd/Intigriti/Custom)
-
Optional: Calculate CVSS score
-
Add multiple vulnerabilities
-
Report generated automatically!
🌐 Web Mode (Browser)
python main.py --webThen open http://localhost:8000 in your browser.
# Start server
python main.py --web
# Generate report via API
curl -X POST http://localhost:8000/api/v1/reports \
-H "Content-Type: application/json" \
-d '{
"report_title": "SQL Injection Test",
"author": "YourName",
"platform": "hackerone",
"vulnerabilities": [{
"title": "SQL Injection",
"description": "Detailed description...",
"steps_to_reproduce": ["Step 1", "Step 2"],
"impact": "High impact"
}]
}' Clean, professional form interface | Clean, professional |
Interactive CLI prompts | Preview Markdown In Terminal |
Style Report | Style Report |
VulnDraft/
├── main.py # Entry point
├── requirements.txt # Dependencies
├── config.json # Configuration
├── core/ # Core logic
│ ├── cvss.py # CVSS v3.1 calculator
│ ├── prompt.py # CLI interactive prompts
│ ├── builder.py # Report builder
│ └── session.py # Session management
├── api/ # REST API
│ ├── routes.py # FastAPI endpoints
│ └── schemas.py # Pydantic models
├── web/ # Web interface
│ ├── main.py # FastAPI app
│ ├── templates/ # HTML templates
│ └── static/ # CSS/JS assets
├── templates/ # Report templates
│ ├── hackerone.md # HackerOne style
│ ├── bugcrowd.md # Bugcrowd style
│ ├── intigriti.md # Intigriti style
│ └── base.html # HTML base template
├── platforms/ # Platform validators
│ ├── hackerone.py
│ ├── bugcrowd.py
│ └── intigriti.py
├── utils/ # Utilities
│ ├── exporter.py # Export to MD/HTML/JSON
│ ├── validator.py # Input validation
│ └── formatter.py # Text formatting
└── output/ # Generated reports
| Category | Technologies |
|---|---|
| Backend | Python 3.8+, FastAPI, Pydantic |
| CLI | Questionary, Click |
| Frontend | HTML5, TailwindCSS, JavaScript |
| Templating | Jinja2, Markdown |
| Validation | Pydantic, Regex |
| Testing | Pytest |
| Platform | Template | Fields | Status |
|---|---|---|---|
| HackerOne | ✅ | Title, Description, Steps, Impact, CVSS | Full Support |
| Bugcrowd | ✅ | Title, Description, Steps, Impact, PoC, CVSS | Full Support |
| Intigriti | ✅ | Title, Summary, Technical Details, Steps, Impact | Full Support |
| Custom | ✅ | Fully customizable | Full Support |
We welcome contributions! Here’s how you can help:
- Open an issue with detailed steps to reproduce
- Include screenshots if applicable
- Mention your OS and Python version
- Open an issue with
[FEATURE]prefix - Describe your use case and provide examples
- Fork the repository
- Create a feature branch
git checkout -b feature/AmazingFeature
- Commit your changes
git commit -m 'Add some AmazingFeature'
- Push to branch
git push origin feature/AmazingFeature
Open a Pull Request
Fix typos
Add examples
Translate to other languages
If VulnDraft helps you write better bug reports, consider supporting my work!
● 🚀 Early access to new features (PDF export, more platforms)
● 🐛 Faster bug fixes
● 📚 Better documentation & examples
● ☕ Keep me caffeinated for late-night coding sessions
Have questions, suggestions, or want to chat about bug bounty? Reach out!
Distributed under the MIT License. See LICENSE for more information.
MIT License
Copyright (c) 2026 Ruyynn
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions...
Thank you to everyone who has contributed to VulnDraft!
thanks to zeennxx for contributions!
Keep track of VulnDraft’s popularity over time:
Happy Bug Hunting! 🔥





