Search...Search plugins and themes...
⌘K
Sign in
  • Get started
  • Download
  • Pricing
  • Enterprise
  • Account
  • Obsidian
  • Overview
  • Sync
  • Publish
  • Canvas
  • Mobile
  • Web Clipper
  • CLI
  • Learn
  • Help
  • Developers
  • Changelog
  • About
  • Roadmap
  • Blog
  • Resources
  • System status
  • License overview
  • Terms of service
  • Privacy policy
  • Security
  • Community
  • Plugins
  • Themes
  • Discord
  • Forum / 中文论坛
  • Merch store
  • Brand guidelines
Follow us
DiscordTwitterBlueskyThreadsMastodonYouTubeGitHub
© 2026 Obsidian

Vuln Report Kit

AleffAleff20 downloads

Local-first toolkit for vulnerability cases, reports, templates, secret review, sanitization, dashboards and exports inside Obsidian.

Add to Obsidian
  • Overview
  • Scorecard
  • Updates2

Vuln Report Kit is a local-first Obsidian plugin for vulnerability research notes, disclosure reports, secret review, sanitization, templates, dashboards, timelines, and portable exports.

Version: 1.0.1

What it is

Vuln Report Kit turns an Obsidian vault into a structured workspace for vulnerability research documentation. It is designed for responsible disclosure notes, bug bounty writeups, CVE research notes, public article drafts, and sanitized report preparation.

The plugin is intentionally simple: it works with Markdown files inside your vault and does not require any server, account, cloud database, API key, external AI service, or license server.

Core workflow

  1. Create a vulnerability case.
  2. Document target, reproduction, impact, evidence, remediation, and timeline.
  3. Track cases with a local dashboard.
  4. Use starter or professional templates.
  5. Generate a final Markdown report.
  6. Scan locally for possible secrets.
  7. Create a sanitized public copy.
  8. Export bundles, shareable folders, indexes, and template backups.

Main commands

Vuln Report Kit: Create vulnerability case
Vuln Report Kit: Open quick start guide
Vuln Report Kit: Create demo vulnerability case
Vuln Report Kit: Run local health check
Vuln Report Kit: Open vulnerability dashboard
Vuln Report Kit: Update current case status
Vuln Report Kit: Open templates folder
Vuln Report Kit: Install starter template pack
Vuln Report Kit: Import template pack from vault folder
Vuln Report Kit: Create note from template
Vuln Report Kit: Insert template into current note
Vuln Report Kit: Insert report section
Vuln Report Kit: Generate final Markdown report for current case
Vuln Report Kit: Scan current case for secrets
Vuln Report Kit: Create sanitized public copy
Vuln Report Kit: Open exports folder
Vuln Report Kit: Export current case bundle
Vuln Report Kit: Create shareable case archive
Vuln Report Kit: Export all cases index
Vuln Report Kit: Backup templates

Generated case structure

A new case is created under the configured root folder, by default:

Vulnerability Research/
└── 2026-07-02-example-vulnerability/
    ├── 00-overview.md
    ├── 01-target.md
    ├── 02-reproduction.md
    ├── 03-impact.md
    ├── 04-evidence.md
    ├── 05-remediation.md
    ├── 06-timeline.md
    ├── 08-article-draft.md
    └── attachments/

Generated outputs include:

99-final-report.md
99-public-report.md
secret-scan-report.md

Template packs

The plugin includes a starter template pack and supports importing local template packs into:

Vulnerability Research/_templates/

Supported template variables include:

{{title}}
{{target}}
{{vendor}}
{{category}}
{{severity}}
{{status}}
{{cwe}}
{{cvss}}
{{disclosure}}
{{created}}
{{last_updated}}
{{today}}
{{case_folder}}

Secret scanner and sanitizer

The scanner is local and regex-based. It can flag possible:

private keys
Authorization headers
Bearer tokens
JWTs
AWS keys
GitHub tokens
Google API keys
Slack tokens
Stripe secret keys
generic API keys / client secrets / access tokens
cookies
session IDs
password-like assignments
emails
private IPs
localhost URLs
basic-auth URLs

The sanitizer creates a public copy with placeholders such as:

<REDACTED_TOKEN>
<REDACTED_COOKIE>
<REDACTED_JWT>
<REDACTED_GITHUB_TOKEN>
<REDACTED_AWS_ACCESS_KEY>
<EMAIL>
<PRIVATE_IP>
<LOCAL_URL>

Local-only design

The plugin does not require:

  • server;
  • account;
  • login;
  • cloud database;
  • API key;
  • external AI service;
  • license server.

Everything is stored as local files inside the Obsidian vault.

Important security note

Secret scanning and sanitization are helper features, not a guarantee that a report is safe to publish. Always manually review public reports and shareable archives before sending or publishing them.

Recommended first test

Use a clean test vault and run:

Vuln Report Kit: Create demo vulnerability case
Vuln Report Kit: Open vulnerability dashboard
Vuln Report Kit: Generate final Markdown report for current case
Vuln Report Kit: Scan current case for secrets
Vuln Report Kit: Create sanitized public copy
Vuln Report Kit: Export all cases index
HealthExcellent
ReviewSatisfactory
About
Create structured vulnerability cases and document target, reproduction, impact, evidence, remediation, and timeline in your local Obsidian vault. Use templates and a dashboard to scan for secrets, produce sanitized public copies, and export final Markdown reports, bundles, and shareable archives.
ResearchTemplatingExport
Details
Current version
1.0.1
Last updated
3 days ago
Created
3 days ago
Updates
2 releases
Downloads
20
Compatible with
Obsidian 1.6.0+
Platforms
Desktop, Mobile
License
GPL-3.0
Report bugRequest featureReport plugin
Author
AleffAleffaleff-github
GitHubaleff-github
  1. Community
  2. Plugins
  3. Research
  4. Vuln Report Kit

Related plugins

Templater

Create and use dynamic templates.

QuickAdd

Quickly add new notes or content to your vault.

Zotero Integration

Insert and import citations, bibliographies, notes, and PDF annotations from Zotero.

Folder notes

Create notes within folders that can be accessed without collapsing the folder, similar to the functionality offered in Notion.

LifeOS

Life management system.

Self-hosted LiveSync

Sync vaults securely to self-hosted servers or WEBRTC.

Slides Extended

Create markdown-based reveal.js presentations. Fork of Advanced Slides.

Fantasy Statblocks

Create, manage and view a Fantasy Bestiary with Dungeons and Dragons style statblocks.

Khoj

An AI personal assistant for your digital brain.

Periodic Notes

Manage your daily, weekly, and monthly notes.