FindingsFolio

About FindingsFolio

FindingsFolio is built for penetration testing teams that need speed, consistency, and defensible reporting outcomes across the full engagement workflow.

What we solve

Security teams often juggle spreadsheets, scan outputs, screenshots, status updates, and report templates across disconnected systems. FindingsFolio unifies these workflows so analysts can stay focused on risk discovery, evidence review, and client communication.

How the platform works

  • Create tenant accounts, organisation owners, and scoped user roles.
  • Set up projects and scope details for each engagement.
  • Maintain asset inventories by IP, hostname, and CIDR with meaningful tags and optional custom nuclei URLs.
  • Capture asset-level security exception notes to preserve approved risk context in reporting.
  • Queue scan jobs and track asset/tool status through completion across external workers.
  • Review nmap, nuclei, ssh-audit, smbmap, and opt-in Routersploit evidence with full artifact access.
  • Generate executive and technical reports with scoped asset selection and evidence links.

Delivery and reporting features

  • Automated brief and detailed asset summaries with deterministic fallback behaviour when language-model services are unavailable.
  • Adverse findings badges (red, amber, green, manual check) surfaced in asset views and reports.
  • Human-readable artifact viewing modes plus raw and pretty-printed JSON when needed.
  • Email, SMS, and browser push scan completion notifications with tenant-level preferences.
  • Asset technical reports generated automatically at scan completion, with executive summaries generated on demand.
  • Executive reports can include scoped assets and optional appendices for current reports and full artifact evidence.

Worker architecture and modules

  • Nmap-first scan lifecycle with follow-up jobs resolved from discovered services.
  • Current follow-up modules include nuclei, ssh-audit, smbmap, and DNS intel.
  • DNS intel captures DNS records, linked IP ownership details, and ICMP reachability checks for comparison over time.
  • Gatekeeping behaviour is identified to support access-control validation and reduce false-positive exposure assumptions.

Recent report examples from production workflow

These lines are taken from recent generated report output and then fully anonymised for public use, while preserving reporting style and structure.

  • Executive Summary Report - Northbridge Logistics Group: Scope=all assets; Assets=6, activity(7d) runs=10 modules=30, failed=1, active=0.
  • Asset Technical Report - remote-access.northbridgelogistics.com.au: remote-access.northbridgelogistics.com.au | ports=5 | modules=3.
  • Asset Technical Report - client-portal.northbridgelogistics.com.au: client-portal.northbridgelogistics.com.au | ports=3 | modules=4.
  • Asset summary status: remote-access.northbridgelogistics.com.au [green], client-portal.northbridgelogistics.com.au [green], www.northbridgelogistics.com.au [manual_check].
  • Operator interpretation: urgent issues are separated from gated/interference conditions to preserve remediation priority quality.

Design principles

  • Security-first controls with role-based access, session security, and optional TOTP 2FA.
  • Auditability across authentication, scope changes, scan execution, and report access.
  • Clear system boundaries: the web application orchestrates work; scanning executes on external workers.
  • Practical reporting outputs built for technical teams and executive stakeholders.