PentestPad is a penetration testing reporting platform used by offensive security consultancies, managed security service providers, and in-house red teams to manage engagements end-to-end and deliver client-ready reports. Testers create projects, capture findings with evidence and CVSS scoring, and collaborate in a shared editor where an AI assistant drafts finding descriptions, impact statements, and remediation guidance based on the vulnerability context already entered. Existing DOCX report templates can be imported and rebuilt inside PentestPad at no additional cost, so consultancies retain their established report style rather than adopt a vendor template. Scanner output from Nessus, Burp Suite, Nuclei, and custom feeds can be imported directly into a project, and finished reports export to DOCX, PDF, and XLSX. It consolidates project planning, collaborative finding management, AI-assisted report writing, and client delivery into a single web application. PentestPad is available as a managed EU-hosted cloud service and as a fully self-hosted installation for air-gapped and regulated environments. The AI assistant can be configured to use a self-hosted language model so client data never leaves the customer's infrastructure. PentestPad is ISO 27001 certified, GDPR compliant, EU-hosted by default, and priced publicly per seat.