Report Export Overview
How Vulnsy generates professional DOCX pentest reports from Word templates using placeholder tags, variable replacement, and flexible export options.
Vulnsy's export system generates professional DOCX reports from Word templates. You define a template once with placeholder tags, and Vulnsy fills in the real data — client information, project details, findings, evidence images, and narrative content — every time you export.
How It Works
The export system is built on Docxtemplater, a templating engine for Word documents. Templates contain placeholder tags written in curly braces (e.g., {client.name}, {report.title}). When you export a report, Vulnsy replaces every tag with the corresponding data from your report.
| Concept | What It Does |
|---|---|
| Template tags | Placeholders in your Word template that get replaced with real data ({client.name}, {#findings}...{/findings}) |
| Export tag prefixes | Scope template data to specific report tabs when exporting multi-tab reports |
| Search & Replace | Replace custom variables ({{client}}, {{scope}}) across all report content before export |
| Templates | Word .docx files with your formatting, branding, and placeholder tags |
What Gets Exported
When you export a report, the generated DOCX document includes:
- Report metadata — title, version, status, generation date
- Client information — company name, contact details, address
- Project details — engagement name, type, dates, description
- Narrative sections — executive summary, methodology, scope, and custom sections
- Findings — all vulnerabilities with severity, description, impact, remediation, and references
- Evidence images — screenshots and proof-of-concept images embedded directly in the document
- Consultant information — names and emails of assigned team members
Export Options
Vulnsy gives you three ways to export:
| Option | Use Case |
|---|---|
| All tabs | Export every tab in the report into a single document |
| Single tab | Export only one specific tab (e.g., just the "Web Application" section) |
| Custom selection | Choose which tabs to include in the export |
When exporting a single tab, only that tab's findings and narrative content appear in the generated document. Report-level fields like title, client info, and executive summary are always included.
Pre-Export Checks
Before generating the DOCX file, Vulnsy scans your report content for any remaining unreplaced variables — patterns matching {{...}} that haven't been resolved through Search & Replace. If any are found, you'll see a warning with the specific variables and where they appear, so you can fix them before delivering the report to your client.
Next Steps
- Template Tags — complete reference of every tag you can use in your templates
- Export Tag Prefixes — scope template data to specific tabs in multi-tab reports
- Search & Replace — replace variables and text across your report before export
- Creating Templates — step-by-step guide to building your own Word templates