Cybreach Consulting Book a call
Free for solo users · no restrictions

Cybreach Engine

Optimised all-in-one self-hosted pentest reporting tool.

Centralise client, project, vulnerability and infrastructure management. Generate professional reports and invoices in one click, from your own servers.

OWASP Management CVSS 3.1-4.0 210 vulnerabilities 5 languages
Why Cybreach Engine

Designed by someone
who does pentests.

every week for 8 years.

All-in-one

Clients, contacts, projects, vulnerabilities, hosts, ports, reports, invoices. No more scattered Excel files and copy-pasted Word documents between missions.

100% self-hosted

Your data never leaves your infrastructure. No SaaS, no cloud dependency, no per-vulnerability licence. You control everything.

Optimised

From client creation to report delivery, every step of the workflow is designed so you never do the same thing twice. Reusable clients, vulnerability library, ready-to-use templates.

Features

Everything you need
for a pro mission.

Client management

Complete profiles with multiple contacts, address, company number, VAT and customisable fields per organisation.

  • Multiple contacts per client
  • Company number, VAT number, department
  • Customisable fields

Project management

Create and track missions, statuses, dates, client/contact association, fields adaptable to your workflow.

  • Configurable statuses
  • Reference contact per project
  • Auto-marked "Completed" on invoice export

Vulnerability library

Reusable base across projects. Full CVSS 3.1 and 4.0 fields, OWASP, one-click import into a project.

  • 210 vulns in 5 languages (FR EN DE ES IT), all types
  • CVSS 3.1 and CVSS 4.0 score
  • OWASP category, impact, evidence

Infrastructure mapping

Hosts, ports, services, statuses. Nmap XML import. Test progress tracking.

  • Nmap XML import (open/filtered/closed)
  • Port test progress tracking
  • Protocol and service management

Report generation

8 export formats from customisable templates. Professional deliverables in one click.

  • Templates FR EN DE IT ES HTML and PDF included
  • Word, Excel, Markdown customisable templates
  • Machine-readable export JSON XML SQLite

Timesheets and invoices

Invoices and timesheets generated directly from projects. Auto-numbering, VAT, multiple formats.

  • Multiple format export
  • Customisable templates
  • Auto-numbering YYYYMMDDNNN

Organisation settings

Company profile, logo, VAT, application languages FR EN DE IT ES, customisable OWASP categories.

  • Management of all OWASP types
  • Custom fields for vulns/projects/clients
  • Categorisation for statistics

Security & access

Secure sessions, duplicate session invalidation, API key per user, tier-based licence system.

  • Secure access, data encrypted in transit
  • API key per user for automation
  • Admin, Writer, Reader role management

Full API

All features exposed via a REST API. Integrable into your CI/CD pipelines and third-party tools.

  • Postman collection available
  • Endpoints for all entities
Output formats

Your deliverables adapt
to each client's requirements.

Pentest report

8 export formats

All templates are 100% customisable.

.docx.pdf.html .xlsx.json.xml .sqlite.md
Timesheets and invoices

6 export formats

All project and client information is pre-filled automatically.

.docx.pdf.html .xlsx.json.xml
Import infrastructure

Automatic Nmap XML import. Configurable open / filtered / closed states.

Vulnerability scoring

Dual CVSS 3.1 and CVSS 4.0 scoring for reports compliant with current standards.

Simple update

Docker volume mounts. Editable without rebuilding the image, hot-redeployed.

Installation

Up and running in 3 minutes
and 4 steps.

Docker Desktop (Windows/macOS) or Docker Engine + Compose (Linux). 2 GB RAM minimum.

Step 1 · Download Cybreach Engine
↓ Download v1.6 (ZIP)
Free for solo users · no restrictions
Optional configuration before launch

The file ./docker/env.example contains some config variables. Edit it before running setup.ps1 / setup.sh if you want to customise the installation.

VariableDefaultWhen to change it
APP_HTTPS_PORT8001If port 8001 is already in use on your machine
APP_BIND_IP127.0.0.1Leave 127.0.0.1 to expose locally only
ADMIN_EMAILauto-generatedLeave empty, auto-generated. Change it on first login
ADMIN_PASSWORDauto-generatedLeave empty, auto-generated. Change it on first login
ALLOWED_ORIGINShttps://localhost:8001Change the port here if you changed APP_HTTPS_PORT
SESSION_TTL_SECONDS900Session duration in seconds (900 = 15 min)
Step 2 · Run the setup
# Run the setup script
$ ./setup.sh
# Run the setup script (PowerShell)
$ .\setup.ps1

That's it. The script generates SSL certificates, prepares the configuration, loads the Docker images and starts the containers automatically.

Step 3 · Retrieve your credentials
The setup displays the auto-generated credentials at the end of execution. You can also find them at any time in the file .env.docker.

Remember to change them on first login via Settings › Profile. Once changed, the credentials in the .env.docker will no longer be usable. Leave them if you want a future auditor to think they've found the Holy Grail.
Step 4 · Connect
# Open in the browser
$ https://127.0.0.1:8001

Let's go.

Use cases

Who
it's for.

Free for solo users · no restrictions

Pentester or firm

Professionalise your deliverables. Generate reports and invoices in your image, without investing in a costly suite. Data 100% yours.

Developers doing security testing

You do simplified security tests and need a professional report to deliver. Cybreach Engine structures your findings and generates a clean deliverable in a few clicks.

Students

In training, on an internship or on an academic project, you may need to structure and present your test results. A professional tool, at no cost.

CI/CD pipeline & automation

API key per user, REST endpoints for all entities. Integrable into your automation tools, scripts or test frameworks.

Differentiators

What you won't
find elsewhere.

Used daily

A tool used daily by its developer. Every friction point identified is fixed, every field need is integrated.

All-in-one

Project management, vulnerabilities, infrastructure, reporting and invoicing in a single tool. No integration to maintain between 5 different tools.

Self-hosted

Data 100% under your control. No SaaS, no cloud dependency, no evolving terms of service. You remain owner of everything.

Templates

8 customisable export formats. Word, HTML, PDF, Excel, JSON, XML, SQLite, Markdown adapted to each client and each need.

Library

210 ready-to-use vulnerabilities, translated into 5 languages (FR EN DE IT ES), covering all test types. Importable in one click into any project.

API included

Integrable into your CI/CD pipelines or third-party tools. Postman collection available, endpoints for all entities.

Download

Ready to deploy
Cybreach Engine?

Download the ZIP, run the setup script, deploy in 3 minutes. A question? We're available on LinkedIn or via the contact page.

Free for solo users · no restrictions

Download Cybreach Engine

Leave your email to receive updates. Optional - download works either way.