Scan, Exploit, Report, Repeat
Pentest-Tools.com is a powerful alternative to multiple security testing tools like Nessus, Qualys, Acunetix, Nexpose or Invicti. No install required, automatically updated, get started in minutes.
Also available in AWS Marketplace Free
Up to 2 parallel scans
What's included
- Small business scope
Small business scope
Up to 5 editable assets and 2 parallel scans.
- Light tools exclusively
Light tools exclusively
Use the same free tools you can find on our public website, but without the scan frequency limitations.
- 30 days access to reports
30 days access to reports
Export PDF vulnerability reports and use your findings for 30 days after scanning.
- Two-Factor Authentication
Two-Factor Authentication
Better security for your account.
Basic
Up to 2 parallel scans
What's included
- All tools included
All tools included
Scan for Website vulnerabilities, assess Network security, discover Attack Surface and create proof-of-concept Exploits.
- Light, Deep and Custom modes for all tools
Light, Deep and Custom modes for all tools
Discover and catalog all the vulnerabilities our platform can root out.
- Simple reporting
Simple reporting
Export individual reports of each tool as PDF, HTML, JSON, CSV or XLSX.
- Automation capabilities
Automation capabilities
Use Pentest Robots and predefined Scan Templates to automate your testing.
- Multiple workspaces
Multiple workspaces
Organize your work into engagements for better visibility of vulnerabilities.
- Manual findings
Manual findings
Add, edit or delete findings manually, besides the ones found by our scanning tools.
- Continuous security monitoring
Continuous security monitoring
Schedule periodic scans and receive reports by email.
Advanced
Up to 5 parallel scans
What's included
Everything in Basic, plus:
- Medium business scope
Medium business scope
Up to 50 assets.
- Scan behind login
Scan behind login
Website scanning as an authenticated user.
- Scan internal networks
Scan internal networks
Scanning through VPN to reach internal hosts.
- Advanced reporting
Advanced reporting
Generate editable (.docx) pentest reports, ready to be delivered.
Teams
Up to 10 parallel scans
What's included
Everything in Advanced, plus:
- Large business scope
Large business scope
Up to 500 assets.
- API access
API access
Integrate our scanners into your internal processes and tools.
- White label reports
White label reports
Export reports branded with your logo.
- Multi-user access
Multi-user access
Create up to 5 users to share your plan.
- Integrations
Integrations
Easily integrate with JIRA, webhooks, Slack, email and more.
- Premium support
Premium support
Get answers within 48 hours.
- Additional payment methods
Additional payment methods
Pay by wire transfer or pro forma invoice (for 1-year licenses).
Enterprise / On Premise
More than 500 assets
More than 10 parallel scans
On demand
Talk to salesMore assets
More parallel scans
More users
Specific functionality
Multi-year subscriptions
Airgapped scanning & vuln storage
Compare plans
| Feature byPlans | BasicUp to 2 parallel scans | AdvancedUp to 5 parallel scans | Up to 2 parallel scans | ||
|---|---|---|---|---|---|
Recon tools 8 | |||||
Light scans for quick exposure discovery (open ports, virtual hosts, subdomains, and more) | Included in Free | Included in Basic | Included in Advanced | Included in Teams | Included in Free |
Deep scans for in-depth attack surface mapping (hidden files, port lists, reverse DNS, WAF, and more) | Not included in Free | Included in Basic | Included in Advanced | Included in Teams | Not included in Free |
Vulnerability scanners (Web, Network & Cloud) 11 | |||||
Light scans for quick vulnerability and misconfiguration detection in your webapps and networks | Included in Free | Included in Basic | Included in Advanced | Included in Teams | Included in Free |
Deep scans for more in-depth findings with all detection options enabled | Not included in Free | Included in Basic | Included in Advanced | Included in Teams | Not included in Free |
Exploit tools 5 | |||||
Safe and controlled remote attack simulations | Not included in Free | Included in Basic | Included in Advanced | Included in Teams | Not included in Free |
Automatic capture for cookies, keystrokes, HTML content, source IP, and more with our proprietary Handlers | Not included in Free | Included in Basic | Included in Advanced | Included in Teams | Not included in Free |
Asset & scan limits | |||||
Scanned Assets per scan cycle | Up to 5 | Up to 5 | Up to 50 | Up to 500 | Up to 5 |
Added Assets | Up to 100 | Up to 100 | Up to 1,000 | Up to 10,000 | Up to 100 |
Parallel scans | Up to 2 | Up to 2 | Up to 5 | Up to 10 | Up to 2 |
Queued scans | Up to 100 | 1,000 | 1,000 | 1,000 | Up to 100 |
Scheduled scans | Up to 0 | Up to 25 | Up to 200 | 1,000 | Up to 0 |
Scan & findings management | |||||
Attack Surface mapping | Included in Free | Included in Basic | Included in Advanced | Included in Teams | Included in Free |
Exportable attack surface results (CSV, JSON) | Included in Free | Included in Basic | Included in Advanced | Included in Teams | Included in Free |
Scan automation flows with Pentest Robots | Not included in Free | Included in Basic | Included in Advanced | Included in Teams | Not included in Free |
Custom scanning & exploitation (specific checks only) | partial availability | Included in Basic | Included in Advanced | Included in Teams | partial availability |
Findings management (edit, add, use templates) | Not included in Free | Included in Basic | Included in Advanced | Included in Teams | Not included in Free |
Internal/private network scanning (VPN agents) | Not included in Free | Not included in Basic | Included in Advanced | Included in Teams | Not included in Free |
Authenticated web app scanning | Not included in Free | Not included in Basic | Included in Advanced | Included in Teams | Not included in Free |
Wordlists (defaults & custom) | Not included in Free | Included in Basic | Included in Advanced | Included in Teams | Not included in Free |
Continuous monitoring | |||||
Scheduled scans | partial availability | Included in Basic | Included in Advanced | Included in Teams | partial availability |
Scan diff alerts [vulnerabilities, port scanning, subdomains] | Included in Free | Included in Basic | Included in Advanced | Included in Teams | Included in Free |
Custom notifications | Included in Free | Included in Basic | Included in Advanced | Included in Teams | Included in Free |
Monitoring | partial availability | Included in Basic | Included in Advanced | Included in Teams | partial availability |
Reporting capabilities | |||||
Scan results exports (PDF, HTML, CSV, XLSX) | Included in Free | Included in Basic | Included in Advanced | Included in Teams | Included in Free |
Editable Report templates (DOCX) | Not included in Free | Not included in Basic | Included in Advanced | Included in Teams | Not included in Free |
Aggregated Reports from multiple scans | Included in Free | Included in Basic | Included in Advanced | Included in Teams | Included in Free |
White label reporting - add your own branding | Not included in Free | Not included in Basic | Not included in Advanced | Included in Teams | Not included in Free |
Integrations | |||||
API access | Not included in Free | Not included in Basic | Not included in Advanced | Included in Teams | Not included in Free |
Workflow integrations (email, Jira, Microsoft Teams, Slack, Discord, webhooks, etc.) | Email only | Email only | Email only | Included in Teams | Email only |
Cloud integrations (import targets from AWS) | Not included in Free | Not included in Basic | Not included in Advanced | Included in Teams | Not included in Free |
Compliance & risk management integrations (Vanta, Nucleus Security) | Not included in Free | Not included in Basic | Not included in Advanced | Included in Teams | Not included in Free |
Team management capabilities | |||||
Workspaces | Not included in Free | Included in Basic | Included in Advanced | Included in Teams | Not included in Free |
Multi-user access (up to 6 users in a plan) | Not included in Free | Not included in Basic | Not included in Advanced | Included in Teams | Not included in Free |
Data management | |||||
Historical data storage period | 30 days | unlimited | unlimited | unlimited | 30 days |
Account security | |||||
Two-factor authentication (2FA) | Included in Free | Included in Basic | Included in Advanced | Included in Teams | Included in Free |
User login history | Included in Free | Included in Basic | Included in Advanced | Included in Teams | Included in Free |
Dedicated support | |||||
Premium support with max. 48 hours SLA | Not included in Free | Not included in Basic | Not included in Advanced | Included in Teams | Not included in Free |
Additional payment options | |||||
Wire transfer or pro-forma invoice (for min. 1-year subscriptions) | Not included in Free | Not included in Basic | Not included in Advanced | Included in Teams | Not included in Free |
How security & tech pros use the platform
Pentest-Tools.com is the Swiss army knife for anyone performing black-box external network security assessments and an all-in-one comprehensive toolset for external red team/asset mapping engagements. I used to rely on a wide range of tools when mapping and scanning external organization assets, but since I found this comprehensive solution, I rarely need to use more than one.
Shay Chen
CEO at Effective Security Ltd.
Israel 🇮🇱
Go beyond automated scans with professional services
True penetration testing involves human analysis and expertize. Our team of ethical hackers offer specialized offensive security services to manually assess the security of your web applications, network environments, and cloud infrastructures.
Common questions
Data privacy is one of our utmost concerns. We keep your data encrypted into our database and we have multiple defense-in-depth mechanisms to protect it. Furthermore, the security is also strengthened by our hosting provider's measures. Please see Linode security.