Cybreach Engine
Optimised all-in-one self-hosted pentest reporting tool.
Centralise client, project, vulnerability and infrastructure management. Generate professional reports and invoices in one click, from your own servers.
Designed by someone
who does pentests.
every week for 8 years.
All-in-one
Clients, contacts, projects, vulnerabilities, hosts, ports, reports, invoices. No more scattered Excel files and copy-pasted Word documents between missions.
100% self-hosted
Your data never leaves your infrastructure. No SaaS, no cloud dependency, no per-vulnerability licence. You control everything.
Optimised
From client creation to report delivery, every step of the workflow is designed so you never do the same thing twice. Reusable clients, vulnerability library, ready-to-use templates.
Everything you need
for a pro mission.
Client management
Complete profiles with multiple contacts, address, company number, VAT and customisable fields per organisation.
- Multiple contacts per client
- Company number, VAT number, department
- Customisable fields
Project management
Create and track missions, statuses, dates, client/contact association, fields adaptable to your workflow.
- Configurable statuses
- Reference contact per project
- Auto-marked "Completed" on invoice export
Vulnerability library
Reusable base across projects. Full CVSS 3.1 and 4.0 fields, OWASP, one-click import into a project.
- 210 vulns in 5 languages (FR EN DE ES IT), all types
- CVSS 3.1 and CVSS 4.0 score
- OWASP category, impact, evidence
Infrastructure mapping
Hosts, ports, services, statuses. Nmap XML import. Test progress tracking.
- Nmap XML import (open/filtered/closed)
- Port test progress tracking
- Protocol and service management
Report generation
8 export formats from customisable templates. Professional deliverables in one click.
- Templates FR EN DE IT ES HTML and PDF included
- Word, Excel, Markdown customisable templates
- Machine-readable export JSON XML SQLite
Timesheets and invoices
Invoices and timesheets generated directly from projects. Auto-numbering, VAT, multiple formats.
- Multiple format export
- Customisable templates
- Auto-numbering YYYYMMDDNNN
Organisation settings
Company profile, logo, VAT, application languages FR EN DE IT ES, customisable OWASP categories.
- Management of all OWASP types
- Custom fields for vulns/projects/clients
- Categorisation for statistics
Security & access
Secure sessions, duplicate session invalidation, API key per user, tier-based licence system.
- Secure access, data encrypted in transit
- API key per user for automation
- Admin, Writer, Reader role management
Full API
All features exposed via a REST API. Integrable into your CI/CD pipelines and third-party tools.
- Postman collection available
- Endpoints for all entities
Your deliverables adapt
to each client's requirements.
8 export formats
All templates are 100% customisable.
6 export formats
All project and client information is pre-filled automatically.
Automatic Nmap XML import. Configurable open / filtered / closed states.
Dual CVSS 3.1 and CVSS 4.0 scoring for reports compliant with current standards.
Docker volume mounts. Editable without rebuilding the image, hot-redeployed.
Up and running in 3 minutes
and 4 steps.
Docker Desktop (Windows/macOS) or Docker Engine + Compose (Linux). 2 GB RAM minimum.
The file ./docker/env.example contains some config variables. Edit it before running setup.ps1 / setup.sh if you want to customise the installation.
# Run the setup script $ ./setup.sh
# Run the setup script (PowerShell) $ .\setup.ps1
That's it. The script generates SSL certificates, prepares the configuration, loads the Docker images and starts the containers automatically.
Remember to change them on first login via Settings › Profile. Once changed, the credentials in the .env.docker will no longer be usable. Leave them if you want a future auditor to think they've found the Holy Grail.
# Open in the browser $ https://127.0.0.1:8001
Let's go.
Who
it's for.
Pentester or firm
Professionalise your deliverables. Generate reports and invoices in your image, without investing in a costly suite. Data 100% yours.
Developers doing security testing
You do simplified security tests and need a professional report to deliver. Cybreach Engine structures your findings and generates a clean deliverable in a few clicks.
Students
In training, on an internship or on an academic project, you may need to structure and present your test results. A professional tool, at no cost.
CI/CD pipeline & automation
API key per user, REST endpoints for all entities. Integrable into your automation tools, scripts or test frameworks.
What you won't
find elsewhere.
A tool used daily by its developer. Every friction point identified is fixed, every field need is integrated.
Project management, vulnerabilities, infrastructure, reporting and invoicing in a single tool. No integration to maintain between 5 different tools.
Data 100% under your control. No SaaS, no cloud dependency, no evolving terms of service. You remain owner of everything.
8 customisable export formats. Word, HTML, PDF, Excel, JSON, XML, SQLite, Markdown adapted to each client and each need.
210 ready-to-use vulnerabilities, translated into 5 languages (FR EN DE IT ES), covering all test types. Importable in one click into any project.
Integrable into your CI/CD pipelines or third-party tools. Postman collection available, endpoints for all entities.
Ready to deploy
Cybreach Engine?
Download the ZIP, run the setup script, deploy in 3 minutes. A question? We're available on LinkedIn or via the contact page.