PwnDoc – Pentest Report Generator


PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. The main goal is to have more time to Pwn and less time to Doc by mutualizing data like vulnerabilities between users.


  • Multiple Language support
  • Multiple Data support
  • Great Customization
    • Manage reusable Audit and Vulnerability Data
    • Create Custom Sections
    • Add custom fields to Vulnerabilities
  • Vulnerabilities Management
  • Multi-User reporting
  • Docx Report Generation
  • Docx Template customization


PwnDoc uses 3 containers: the backend, the frontend and the database.


All 3 containers can be run at once using the docker-compose file in the root directory.

For production usage make sure to change the JWT secret in «src/lib/auth.js» and certificates in «ssl» folder

Build and run Docker containers

docker-compose up -d --build

Display backend container logs

docker-compose logs -f pwndoc-backend

Stop/Start containers

docker-compose stop
docker-compose start

Remove containers

docker-compose down


docker-compose down
git pull
docker-compose up -d --build

Application is accessible through https:// localhost: 8443
API is accessible through https:// localhost: 4242 /api

When using Firefox, a certificate exception must be added for the backend. For that go to 
https:// localhost: 4242/api/users/init


For development purposes, a specific docker-compose file can be used in each folder (backend/frontend).

Source code can be modified live and application will automatically reload on changes.

Build and run backend and database containers

docker-compose -f backend/ up -d --build

Display backend container logs

docker-compose -f backend/ logs -f pwndoc-backendPentest Report Generator

Stop/Start container

docker-compose -f backend/ stop
docker-compose -f backend/ start

Remove containers

docker-compose -f backend/ down

Application is accessible through http:// localhost :8081
API is accessible through https:// localhost :5252/api


For now, only backend tests have been written (it’s a continuous work in progress)

Test files are located in backend/tests using Jest testing framework

Script at the root folder can be used to launch tests :

Usage:        ./ -q|-f [-h, --help]

  -h, --help  Display help
  -q          Run quick tests (No build)
  -f          Run full tests (Build with no cache)

Don’t use it in production as it will delete the production Database


It’s possible, even recommended, to regularly backup the backend/mongo-data folder. It contains all the database.

To restore:

  • Stop containers
  • Replace the current backend/mongo-data folder with the backed up one
  • Start containers


Multi-User reporting