Offline • Local-first • SQLite-backed

A private reporting workspace for findings → evidence → reports

Ducky Pwn Docs is a desktop app for red teamers, bug bounty hunters, and security consultants who want a clean, fast workflow on their own machine. Built with Electron + React/Vite and backed by SQLite. An alternative for Dradis Framework when you want local-first speed and privacy.

Get the desktop builds Run locally (dev)

Storage

SQLite vault

Reports

PDF / HTML / DOCX

Evidence

Images + videos

Mode

Offline-ready

Local-first. Professional deliverables.

Designed for fast report authoring and evidence capture.

Private Offline

Electron React + Vite SQLite Markdown editor SMTP delivery

Workflow

From recon notes to client-ready exports

Structured findings, inline evidence, and fast templates.

Confidence

Private by default, offline-ready

Local vault No cloud Audit-ready

Tip: host this page on GitHub Pages / Netlify for a clean download portal later.

Fast workflow

Smooth path from finding creation to polished deliverables — built for speed and focus.

Template-ready

Batch exports

Local vault

SQLite database stored in your user data directory — no cloud dependency required.

Project scoped

Offline native

Pro outputs

Generate PDF/HTML/DOCX deliverables and email findings via SMTP with attachments.

Client-ready

Email send

Product demos

Quick walkthroughs of the reporting flow and evidence capture inside the app.

Local-first Evidence Exports

Tip: videos are local and load fast — no external embeds.

Editor flow

Create findings, add evidence, export

Report view

Preview deliverables with clean layouts

Key features

Everything you need for a clean reporting workflow — fully offline and local-first.

Vault Reporting Evidence Operations

See dev setup

Project Vault

Organize clients, targets, and findings per project with a clean workspace.

Finding Management

Severity, CVSS, assets, descriptions, and custom fields for structured reporting.

Markdown Notes

Rich editor for tactical notes, methodologies, and checklists.

Evidence Attachments

Attach images and videos with inline preview for clean evidence trails.

Deliverables

Generate professional PDF / HTML / DOCX reports for clients and audits.

Email Send

Configure SMTP and send reports with attachments from inside the app.

Report History

Track sent reports with timestamps and delivery history per project.

Local Persistence

All data stored on your device in a local SQLite vault directory.

Offline-ready

No cloud dependency — ideal for sensitive engagements and air-gapped work.

Downloads

Fully open-source. Desktop installers are available now.

View source on GitHub

Stable Beta Nightly

Recommended

.AppImage x64 Portable

Snap

.snap x64 Store

All builds are hosted on GitHub Releases.

Release summary

Stable release

Choose the build that matches your OS and install preference.

Windows .exe

Installer for most Windows users.

Debian .deb

Best for APT-based Linux distros.

AppImage

Portable, no install required.

Snap

Store-friendly, auto-updating package.

Integrity checks (SHA256) will be published alongside releases.

Planned public landing page

A web download portal with versioned releases + checksums is on the roadmap.

Open source

License: MIT • Built for security teams and solo hackers alike.

Checksums (SHA256) will be added for each release build.

Run locally (dev)

Start Vite + Electron for development.

Node 18+ Electron Vite

1) Install dependencies

npm install

2) Start Electron + Vite

npm run electron:dev

You can paste these commands into your terminal inside the project folder.

Build production (desktop)

Build the renderer and package the app.

Windows Linux macOS

Build + package

npm run build
npx electron-builder

Linux (.deb)

npx electron-builder

Windows (.exe)

Build on Windows (recommended):

npx electron-builder --win nsis

macOS (.dmg / .zip)

npx electron-builder --mac

Data storage

All data is stored locally in SQLite.

${app.getPath('userData')}/ducky-pwn-docs/vault.db

Uploaded assets are stored alongside the database in:

${app.getPath('userData')}/ducky-pwn-docs/assets

Local path only

No cloud sync

SMTP / Email

Configure SMTP settings inside the Profile page. Send finding reports with attachments.

Security note

Never commit real SMTP credentials. Use .env.example as a template and keep secrets out of git.

Report formats

PDF: professional printable report
HTML: email-friendly layout
DOCX: editable report for Office/Google Docs

Roadmap

Download portal

Public website with versioned builds, checksums, and release notes.

AppImage packaging

Better Linux distribution and smoother install experience.

Update channels

Simple, secure update channels for stable and beta releases.

Security

Keep secrets out of git. Store everything locally. Ship clean builds.

Do not commit secrets

Remove SMTP credentials from any tracked files before publishing.

Local-first design

SQLite vault and assets remain on your machine — ideal for sensitive engagements.