Skip to main content

Pricing and plans

Pentest-Tools.com is a powerful cloud-native alternative to multiple security testing tools like Nessus, Qualys, Acunetix, Nexpose or Invicti.

Choose what best fits your security mission

  • NetSec

    for network vulnerability assessment

    starting from5 assets included

  • WebNetSec

    for web app, network & API vulnerability assessment

    starting from5 assets included

  • Pentest Suite

    for human-led penetration testing

    starting from5 assets included

Included in all plans:

  • API access
  • Unlimited rescans for your asset inventory
  • Continuous security monitoring & alerts for assets across your inventory
  • Unlimited team members
  • Integrations for security operations workflows, including AWS, Vanta, Nucleus Security, Jira, Microsoft Teams, webhooks & more

Optional add-ons

Internal network scanningBranded reports & emails
Continue with the free edition

Built by pentesters.Trusted by 2000+ security teams in 119+ countries

  • Vodafone logo
  • Starbucks logo
  • Orange logo
  • Generali logo
  • Rolex logo
  • Accenture logo

Custom plans

For organizations with enterprise-level security needs.

Ask for a custom offer

A detailed view of our plans

Let's make it easy for you to choose the best plan for your security workflow

Pricing plan comparison
Select Free
Attack surface mapping & recon tools
8
Quick exposure discovery (open ports, virtual hosts, subdomains, and more)
Included in Free
In-depth attack surface discovery (hidden files, port lists, reverse DNS, WAF, and more)
Not included in Free
Vulnerability scanning tools
11
Network vulnerability scanning
limited
Web vulnerability scanning (including authenticated scans)
limited
Cloud vulnerability scanning
Included in Free
API vulnerability scanning
limited
Vulnerability exploitation tools
5
Safe and controlled vulnerability detection and exploitation (based on our research team's custom exploits)
Not included in Free
Vulnerability validation with proof of exploitation (user lists, screenshots, interesting files, etc.)
Not included in Free
In-depth data extraction with proprietary Handlers (cookies, keystrokes, HTML content, source IPs, etc.)
Not included in Free
Asset & scan limits
Scanned Assets per scan cycle
Up to 5
Parallel scans
2
Queued scans
Up to 100
Scheduled scans
25
Scan & findings management
Unified Attack Surface mapping with exportable results (CSV, JSON)
Included in Free
Scan automation flows with Pentest Robots (tool chaining for vulnerability assessment and pentesting sequences)
Not included in Free
Custom scanning & exploitation parameters (specific checks only)
partial availability
Findings management: add manual findings, use predefined templates, modify findings
Not included in Free
Wordlists (defaults & custom)
partial availability
Import scan results & findings from other security tools
Not included in Free
Continuous vulnerability monitoring
Scheduled scans
partial availability
Scan diff alerts (vulnerabilities, port scanning, subdomains)
Included in Free
Custom notifications
Included in Free
Continuous attack surface monitoring for specific assets
partial availability
Reporting & Engagement capabilities
Scan results exports (PDF, HTML, CSV, XLSX)
Included in Free
Aggregated exports from multiple scans
Included in Free
Pentest report generation with editable templates (DOCX)
Not included in Free
Integrations
API access
Not included in Free
Workflow integrations (email, Jira, Microsoft Teams, Slack, Discord, webhooks, etc.)
Email only
Cloud integrations (import targets from AWS)
Not included in Free
Compliance & risk management integrations (Vanta, Nucleus Security)
Not included in Free
Team management & sharing capabilities
Workspaces
1
Unlimited team members
Not included in Free
Data management
Historical data storage period
90 days
Account security
Two-factor authentication (2FA)
Included in Free
User login history
Included in Free
Dedicated support
Premium support with max. 48 hours SLA
Not included in Free
Additional payment options
Wire transfer or pro-forma invoice (for min. 1-year subscriptions)
Not included in Free
Choose a plan

Expert security testing services

For organizations looking for meticulous, managed penetration tests and red team engagements that surface real risks for business continuity.

See what we cover

Join our exclusive Partner Network

Expand your offering with a proprietary product for security and IT teams in large organizations. Help them align and streamline vulnerability assessments and penetration testing activities ranging from attack surface mapping to precise, proof-based reporting.

See how it works

How security pros use our products

Pentest-Tools.com is the Swiss army knife for anyone performing black-box external network security assessments and an all-in-one comprehensive toolset for external red team/asset mapping engagements. I used to rely on a wide range of tools when mapping and scanning external organization assets, but since I found this comprehensive solution, I rarely need to use more than one.

Shay Chen Linkedin profile

Shay Chen

CEO at Effective Security Ltd.

Israel 🇮🇱

Review author: Shay Chen

FAQ(s)

You have questions, we're here to clarify
What is an asset?

An asset in Pentest-Tools.com is a single hostname or IP address that you scan. It's what counts toward your plan limits and billing.

  • One asset can have multiple targets (like different URLs for the same domain).

  • Subdomains (e.g., app.example.com) and individual IPs in a range are counted as separate assets.

  • Scanning an asset once or multiple times still only counts as one scanned asset.

You have full visibility into your scanned assets (including deleted items) and scan history (including deleted items), and we make sure your usage is clear and fair.

What payment methods do you accept?

We accept debit and credit cards, as well as invoices, wire transfers, and other local payments (terms and conditions apply in accordance with our payment processor).

All payments are processed via FastSpring , which is under contract with PentestTools SA (our legal company name) to process orders and collect payments worldwide.

Can I scale my usage up or down whenever I need to?

Yes - flexibility is a core part of our plans.

You can scale your usage in three ways:

  • Change how many assets you scan (up to 500): Add or remove assets anytime. Adding assets apply immediately and you can choose whether the adjustment is for the current billing cycle or ongoing. Removing assets takes effect starting your next billing cycle.

  • Adjust your add-ons: Turn specific capabilities (like branded reports & emails or internal assessments) on or off as needed. Changes take effect just as with assets: if you add an add-on, the change applies instantly; if you remove an add-on, the change applies at the start of your next billing cycle.

  • Switch plans (monthly or yearly): You can upgrade or downgrade your plan at any time. Upgrades apply immediately and downgrades apply starting with your next billing cycle.

If you need 500+ assets, then please contact our sales team for a custom plan.

Keep in mind: there are no penalties for scaling down, and expanding your usage — even mid-month — is straightforward. Whether your scope is expanding or you're tightening your focus, the pricing adapts with you.

Can I cancel or modify my plan at any time?

You can adjust your plan as your needs evolve - with a few details depending on your billing setup:

  • Monthly plans can be canceled or changed anytime, with upgrades taking effect immediately, and downgrades applying at the end of your current billing cycle.

  • Annual plans have a fixed term, but you can still scale up your usage (like adding assets or features) at any point. Full plan changes can be made when your renewal comes up.

If you're on an invoice-based or custom plan, just contact our team - we'll walk you through your options and help ensure your setup fits your current scope and workflow.

In case you are not 100% satisfied with the service, there is a 10 day money-back guarantee since your first payment. However, if you decide to continue using the subscription, no further refunds will be granted.

What if I forget to cancel the plan before the renewal?

We do not provide refunds for renewals, but you can cancel your subscriptionc at any time from your My account section and you'll still enjoy the full features of the product until the end of the billing period. After your plan expires, you'll still have access to past results and the Free edition of our product.

Is there a limit on the number of scans I can run?

No. You can run as many scans as you want against the number of scanned assets included in your plan and their targets. Only parallel scans are limited based on the number of scanned assets included in your plan.

Important to know:

  • each of the scanned assets can have multiple targets, but we charge by scanned assets

  • you can rescan each asset multiple times, we only count it once as a scanned asset

  • the number of scanned assets resets monthly in accordance with your plan limit

However, if you want to perform multiple scans in parallel, you can buy more scanned assets for your plan which also increases your parallel scan limit.

What happens if I reach my plan's limits?

Our plan structure is designed to reduce hard limits and give you more control.

You'll only need to switch to a different plan if you want to unlock additional capabilities (like vulnerability exploitation or advanced reporting).

But, for most teams, growing usage just means adding more assets or turning on an add-on - not replacing your plan entirely:

  • You can scale asset usage instantly via the dashboard or via Sales for invoiced accounts. You can choose between 5 and 500 asset intervals or request a custom offer for 500+ assets.

  • Adding or removing add-ons is just as simple. If you want to add a new add-on, the change takes effect immediately and if you want to remove add-ons, the change applies starting with your next billing cycle.

This gives you more breathing room to test, expand, and adapt without running into frustrating caps or hidden upgrade triggers.

How does usage reset?

Your scanned asset limit resets automatically at the start of each scan cycle. We remind you that Pentest-Tools.com defines a scan cycle as a monthly period for your scanned asset limit, no matter if you're on a monthly or annual plan.

At the beginning of each new scan cycle, your scanned asset count returns to zero, and you'll have access to your full allocation again.

If you upgrade mid-cycle (for example, to add more assets), the changes apply right away, and your new limits will reset again according to the scan cycle.

What is a scan cycle?

Pentest-Tools.com defines a scan cycle as a monthly period for your scanned asset limit, depending on your plan.

For instance, if your plan allows up to 5 scanned assets, we'll count those 5 scanned assets within a month's timeframe and then reset it the following month.

How many assets can I add?

We make a distinction between added assets and scanned assets.

The maximum number of added assets is calculated as a lifetime number in your account. Also, you can always delete old/unused assets to make space for new ones.

The maximum number of scanned assets is the one you chose when you created your account. We define a scanned asset as such if at least a scan started successfully (no connection error / no VPN error / no failed to start issues). Scanned asset limits reset every month.

How do you keep my data secure?

Data privacy is one of our top priorities.

Our infrastructure is hosted by Linode, whose security practices further strengthen our product — see Linode security.

All payment data is securely handled by our trusted payment processor, FastSpring. We never store or process your payment details directly. Read all about FastSpring's privacy policy.

Plus. we're fully GDPR compliant and committed to protecting your personal data accordingly.