Vulnerability database/library

PCF is very featureful but is lacking of the most important feature of them all: having a vulnerability database.

Dradis, Ghostwriter, PwnDoc, WriteHat, etc. all collaborative penetration test reporting platforms have that, sometimes under a different name like issue library etc.

The idea is that you can save generic vulnerabilities since description and recommendation will always be the same or will require very few changes, you link the same resources, have the same title etc. So when you do a new pentest you can import a vulnerability in your audit an just have to change very few things and add your observations, details and proof and re-use most of the rest. And so saving a lot of time.

The best vulnerability database implementation I have seen if from pwndoc if you want to quickly deploy their docker and see what I mean.