From First Finding to Final Report. In One Place.
MainFrame manages your entire penetration testing workflow — engagement setup, finding documentation, internal review, client portal, report generation and GRC compliance tracking — from a single platform built for Australian security consultants.
Everything a pentest engagement needs
Engagement Management
Create and manage penetration testing engagements with full scope definition, team assignment, timeline tracking and client contact management. Supports 11 engagement types from web app to red team.
- 20+ engagement types
- Lead tester + PM assignment
- In-scope / out-of-scope tracking
- Objective documentation
- Attachment storage (NDAs, scope docs)
Finding Library & CVSS
Document findings with full CVSS 3.1 vector scoring, impact and likelihood ratings, rich-text evidence fields and status workflows. Build a reusable finding repository to save time across similar engagements.
- CVSS 3.1 calculator built-in
- 5 severity levels, 7 status states
- Rich text: description, impact, evidence, recommendations
- Reusable finding templates
- CWE/CVE reference support
Report Generation
Generate professional PDF, Word, Excel or HTML reports from your findings in seconds. The placeholder system auto-populates titles, dates, finding counts, severity charts and remediation tables from your engagement data.
- PDF, DOCX, XLSX, HTML export
- 40+ auto-filled placeholders
- Severity bar charts and pie charts
- Remediation tracker tables
- Version control with draft/final toggle
Client Portal
Give clients real-time visibility into published findings through a read-only portal. They can comment on findings, track remediation status and view the final report — without seeing internal notes or draft findings.
- Real-time published finding view
- Client commenting on findings
- Separate from internal comments
- Email notifications on updates
- Revocable per-engagement access
GRC Module
Map findings and controls against major compliance frameworks. Track control implementation status, assign assessors and generate compliance progress reports alongside your technical findings.
- NIST CSF 2.0, ISO 27001:2022
- SOC 2 Type II, HIPAA, NIST 800-171
- Control hierarchy: family → category → control
- Status per control: not started through implemented
- GRC project linked to engagements
Essential Eight & CIS v8 Audits
Run audit-ready assessments against the Australian Essential Eight and CIS Controls v8, then track gaps through to remediation.
- Essential Eight maturity assessment
- CIS Controls v8 safeguard coverage
- Evidence and assessor notes
- Gap tracking and remediation status
- Exportable audit-ready outputs
One dashboard. Every engagement.
Manage active engagements, track critical findings, monitor remediation progress and generate reports — all from one place. Full demo available on request.
Request a Private DemoFrom kickoff to client clearance
Setup
Create the engagement, add client contact, define scope and assign your team. Upload your Word report template or use the default.
Document
Pentesters log findings with full CVSS detail, evidence and recommendations as they test. Findings stay in Draft until ready for review.
Review
Lead tester and PM review findings, add internal comments and move to Published status. Nothing reaches the client portal until published.
Generate Report
Select your template. MainFrame auto-fills all placeholders — finding counts, severity charts, remediation tables, team details — and exports in seconds.
Client Portal
Client receives email notification. They log in to see published findings, add comments and view the report. Remediation tracking begins.
Track & Close
Update finding status as the client remediates. Generate a re-test report and formal clearance once all criticals are resolved.
Professional reports in seconds, not hours.
Use your own Word template or the MainFrame default. The placeholder system auto-populates everything — finding counts, severity distribution charts, remediation tables, team members, scope lists and version history — every time you generate.
Map findings to compliance frameworks
Identify, Protect, Detect, Respond, Recover and new Govern function with full control hierarchy.
All Annex A controls from the 2022 revision with implementation status tracking and evidence fields.
Trust Service Criteria covering Security, Availability, Confidentiality, Processing Integrity and Privacy.
Administrative, Physical and Technical safeguard controls with implementation and risk acceptance tracking.
CUI protection requirements for organisations handling controlled unclassified information.
Assess maturity against the Australian Essential Eight and map implementation progress against CIS Controls v8 safeguards.
Works with the tools you already use
AI-Powered (Local)
Run Ollama locally for AI-assisted finding descriptions and report text. Free, on-device, no data leaves your environment.
Google Gemini (Optional)
Connect your Gemini API key for cloud-based AI assistance with report generation and finding summaries.
OziScan Integration
Push vulnerability findings directly from Recon ASM into MainFrame engagements. No copy-paste, no CSV export.
Email Notifications
Gmail SMTP integration for automated client notifications when findings are published or updated.
Google OAuth SSO
Single sign-on for your team. Staff log in with their Google accounts — no password management required.
Ready to streamline your pentest workflow?
Request a private demo or view pricing to get started with MainFrame today.
