The PwnDoc Alternative
With AI Built In.
The vendor-supported pentest engagement platform with on-prem AI built in. No abandoned releases, no community-script duct tape, no DIY maintenance. The engagement workflow is in the box.
Neuron vs PwnDoc-ng
Side by side. The differences that change a buying decision.
| Neuron | PwnDoc-ng | |
|---|---|---|
| License model | Commercial, vendor-supported | Open source (PwnDoc-ng fork; original PwnDoc inactive) |
| Deployment | Self-hosted, single binary plus PostgreSQL | Self-hosted Docker |
| Vendor support and SLA | Yes | Community issues only (small-team maintainership) |
| Latest tagged release | Active vendor cadence | PwnDoc-ng v0.5.5 (Feb 2023) |
| Native generative AI | Included (Neuron AI module) | None |
| Engagement management beyond reporting | Yes (scheduling, assets, credentials, QA) | Reporting only |
| Retest workflow | Round-based with peer cosign by severity, round-lock, QA log, per-assessment evidence schemas | Code exists, undocumented and unmaintained |
| Engagement scheduling | Gantt with drag-drop, five perspectives, capacity conflict detection, Health Dashboard | None |
| AD attack path graphing | Per-engagement, collaborative (Directory module) | Not native |
| Burp Suite integration | Right-click send from Burp | Community script (third-party) |
| Multi-scanner imports | Yes (core platform) | Community script (third-party) |
| Knowledge libraries | Findings, commands, snippets, checklists, scan templates | Single shared vulnerability database |
| Client portal with audit trail | Client Portal module | Not native |
| CVSS support | CVSSv3 and CVSSv4 | CVSSv3 |
| Real-time collaborative editor | Yes (core platform) | Yes |
License model
Deployment
Vendor support and SLA
Latest tagged release
Native generative AI
Engagement management beyond reporting
Retest workflow
Engagement scheduling
AD attack path graphing
Burp Suite integration
Multi-scanner imports
Knowledge libraries
Client portal with audit trail
CVSS support
Real-time collaborative editor
Three reasons to choose Neuron over PwnDoc-ng.
Last tagged release: February 2023. Your CISO will notice.
PwnDoc-ng's last tagged release is v0.5.5, from February 2023. Master-branch work continues with a small volunteer group, but there is no release cadence, no SLA, and no support tier. Patches for CVEs in the project and its template-rendering toolchain are on your team to track. Neuron is vendor-supported, with a roadmap and a phone number.
Zero AI in PwnDoc-ng. Neuron has the AI.
Neither PwnDoc nor PwnDoc-ng integrates a language model, narrative generation, or AI assistance. Every executive summary, finding description, and remediation is hand-written. Neuron's AI module drafts findings on your hardware, grounded in your approved library, with prompts and output that never leave the network.
PwnDoc-ng is a report generator. Neuron runs the engagement.
PwnDoc-ng covers audits, vulnerabilities, and DOCX export. It does not have engagement scheduling, native scanner imports, a Burp extension, AD attack-path graphing, or a client portal. Customers either build those themselves or do without. Neuron ships them.
PwnDoc-ng has no AI. Neuron has on-prem AI.
Reporting is where engagements slow down. PwnDoc-ng's answer is a hand-written workflow. There is no LLM integration, no narrative drafting, no remediation suggestion. Every executive summary, finding description, and reproduction step is written from scratch.
Neuron's AI runs on your hardware. The whole model. It drafts findings from a one-sentence prompt, pulling approved Risk Statements and Remediation Guidance directly from your library. Prompts, context, and output all stay inside your network.
Neuron's AI drafting a finding. Nothing about it leaves the network.
Hand-written reporting is a choice. With Neuron, it does not have to be.
Free is not free when you are the vendor.
The original PwnDoc was declared inactive by its maintainer in early 2023. PwnDoc-ng is the active fork, but the most recent tagged release is v0.5.5 from February 2023. Master-branch development continues with a small volunteer group. No release cadence, no support tier, no SLA.
That puts the install, the database, the upgrade path, and every patch on your team. CVEs in the project itself and in the underlying template-rendering library land on you to track and remediate. The night before a deliverable, the phone number you call is your own.
Neuron is vendor-supported. Patches ship from us. Upgrades are a single binary swap. When something breaks, the phone number is ours.
A report generator, or an engagement platform.
PwnDoc-ng covers audits, a vulnerability database, and DOCX export. Everything around it is on you: engagement scheduling, asset and credential tracking, a client portal with audit trail, native scanner imports, a Burp extension, AD attack path graphing. None of those ship.
For firms running multiple engagements a week, stitching the workflow around a report generator becomes its own project. Neuron is the engagement platform with the report as one part.
The platform primitives PwnDoc-ng doesn't have.
PwnDoc-ng inherits its retest code from upstream PwnDoc, where it is undocumented. A user opened a public GitHub issue in October 2023 asking whether anyone was actually using the retest functionality and noting they could not find documentation to guide them. The issue is still open. Engagement scheduling is not in the product at all.
Neuron treats both as platform primitives. Retests are round-based first-class records under the same engagement, with per-finding outcomes (Resolved, Partially Resolved, Not Resolved, Risk Accepted, No Retest Performed), peer cosign gated by severity policy, round-locked audit integrity, and per-assessment evidence schemas. Once a round moves to ready for approval, per-finding mutations freeze. Every state change writes a QA log entry with actor, timestamp, and prior state.
The schedule is a Gantt the team runs from. Drag bars to reschedule, drop on a tester to reassign, switch between me, users, teams, by-client, and by-engagement perspectives without leaving the view. Real-time capacity conflict detection surfaces overload day counts, peak concurrent counts, and a next-free window calculation. The Health Dashboard ranks twelve categories of risk before they hit kickoff. Retests appear as first-class allocatable scope on the Gantt alongside phases and assessments.
Frequently asked questions
The questions buyers ask us most when evaluating Neuron against PwnDoc-ng.
Can I migrate my data from PwnDoc-ng to Neuron?
Yes. We work directly with customers to migrate vulnerability databases, audit data, and templates from PwnDoc-ng. Reach out and we will walk through your specific export and the migration path during a demo.
PwnDoc-ng is free. Why would I pay for Neuron?
Because the cost of free is your team's time. With PwnDoc-ng you own the install, the upgrades, the security patches, the scanner-import scripts, the lack of AI, and the support call when something breaks. Neuron is the engagement platform with that work already done. The hours go back into the engagement instead of the tool.
What about the original PwnDoc?
The original PwnDoc was declared inactive by its maintainer in early 2023, with users pointed at the PwnDoc-ng fork. The original repo's last release is v1.4.6 from April 2023. Teams running the original today are running unmaintained software.
Does Neuron support multi-language reports?
Yes. Neuron supports multi-language reports, including AI-drafted reporting briefs in the target language separate from the full report.
Is Neuron's on-prem deployment hard to set up?
No. Neuron ships as a single binary. Run it, and a guided init wizard walks you through license activation (online or fully air-gapped), database setup, admin user creation, and server config in one session. PostgreSQL is the only external dependency, and the wizard prints the exact commands to set it up.
Does PwnDoc-ng have retests or scheduling?
Retest code exists in the upstream PwnDoc repo but is undocumented. A user opened a public issue in October 2023 asking whether anyone was actually using the retest functionality and noting they could not find documentation. The issue is still open. PwnDoc-ng has no engagement scheduling at all. Neuron treats both as platform primitives: round-based retests with per-finding outcomes, peer cosign by severity policy, round-locked audit integrity, per-assessment evidence schemas, and a full QA log, plus a Gantt for engagements, assessments, phases, and retests with drag-drop reassignment, five perspectives, capacity conflict detection, and a Health Dashboard.
See Neuron in action.
Walk through the platform, the on-prem AI, and how it deploys in your environment.