[REPORT] VectorVue: Adversary Reporting Framework

📊 VECTORVUE: ADVERSARY REPORTING FRAMEWORK

 __      __         _              __   __            
 \ \    / /        | |             \ \ / /            
  \ \  / /__   ___ | |_  ___   _ __ \ V / _   _   ___ 
   \ \/ / _ \ / __|| __|/ _ \ | '__| \ / | | | | / _ \
    \  /  __/| (__ | |_| (_) || |    | | | |_| ||  __/
     \/ \___| \___| \__|\___/ |_|    \_/  \__,_| \___|

Project Status: 🚀 Stable (v1.6). Core Architecture: Centralized SQLite backend with automatic schema repair. Security Profile: Authorized Security Testing Purposes Only.

📋 PROJECT CAPABILITIES

VectorVue is engineered to manage the entire finding lifecycle, from initial discovery to final PDF delivery.

Finding Management: Centralized storage for findings across Web, API, Mobile, and Infrastructure assessments.
Status Lifecycle: Tracks vulnerabilities through “Open,” “Fixed,” and “Risk Accepted” states.
Raw SQL Interface: Supports direct database querying from the CLI for advanced data manipulation.
Dynamic PDF Engine: Automatically generates reports in Folder 05 with “CLASSIFIED” watermarking and professional branding.
Multi-Target Support: Allows for segmented reporting by specific Company or Target profiles.

I. 🛡️ REMEDIATION LIBRARY COVERAGE

The framework includes a 40-Point Golden Library, providing 100% coverage for industry-standard remediation advice:

Category	Coverage Areas
Web App	OWASP Top 10 (A01-A10) Full Coverage.
API Security	OWASP API Top 10 (BOLA, BOPLA, Mass Assignment).
Mobile	OWASP Mobile Top 10 (M1-M10, Keystore, Pinning).
AD & Infra	Kerberoasting, BloodHound Paths, LLMNR, Weak TLS.

II. 🕹 COMMAND REFERENCE (CLI)

Command	Action	Usage Example
`init`	Initializes database and creates the 5-stage folder structure.	`init`
`new`	Launches the interactive wizard for manual finding entry.	`new`
`seed`	Injects 10 industry-standard findings for schema testing.	`seed`
`list`	Displays table of IDs, Severity, and Status for a target.	`list "TargetCorp"`
`library`	View the 40-point Golden Remediation Library by category.	`library "Mobile"`
`status`	Updates the lifecycle state (e.g., “Fixed”) of a finding by ID.	`status 1 "Fixed"`
`delete`	Permanent removal of a specific finding from the database.	`delete 5`
`query`	Executes raw SQL against the findings table.	`query SELECT * FROM findings`
`report_full`	Generates all report modules for a target in Folder 05.	`report_full "TargetCorp"`
`usage`	Displays the help menu with aligned visual boxes.	`usage`
`exit`	Safely closes the database connection and exits the shell.	`exit`

III. 🛠 OPERATIONAL WORKFLOW: TARGETCORP

Standard engagement sequence for high-fidelity delivery:

Setup: init to prepare folders for the target.
Populate: seed or new to enter finding data.
Audit: list "TargetCorp" to verify finding IDs and severities.
Remediate: library "API" to pull standard advice for discovered vulnerabilities.
Update: status <ID> "Fixed" as vulnerabilities are patched.
Deliver: report_full "TargetCorp" to generate the final “CLASSIFIED” PDF.

🔒 RULES OF ENGAGEMENT & SAFETY

Isolation: Keep the vectorvue.db localized to your encrypted assessment machine.
Cleanup: Always use the exit command to safely close database handles.
Data Integrity: Do not manually edit the SQLite database outside of the vv.py interface.

STATUS: OPERATIONAL DOC_ID: VV-TECHNICAL-README-2026