PoCcraft is a vulnerability report generator. You start with your proof of concept, fill in finding details, calculate CVSS severity, and export a structured report for pentests or bug bounty programs.
Yes. The core report builder — templates, CVSS, preview, and export — works without an account. Cloud saves with encryption are optional.
No. You can build and export reports without signing up. Drafts persist in your browser via localStorage. Create an account only if you want encrypted cloud saves across devices.
By default, drafts stay in your browser. Cloud-saved reports are encrypted server-side (AES-256-GCM) and tied to your account. We don't sell your data. See our privacy policy for details.
Yes. Full CVSS 3.1 calculator with CVSS 4.0 toggle. Base score and vector string update live as you pick metrics — no separate calculator tab needed.
Markdown, plain text, and PDF. Bug bounty mode produces concise submissions; pentest mode includes fuller sections for client deliverables.
Optional "Generate from PoC" drafts description and impact from your reproduction steps. You review and edit everything before export. Bring your own API key or use offline fallback templates.
Penetration testers, bug bounty hunters, and security researchers who want consistent, well-structured vulnerability write-ups without spending hours on formatting.