Pentest-Tools.com FAQ - what it is, how it works & more

Pentest-Tools.com FAQs

Explore (almost) everything about Pentest-Tools.com - who built it, who uses it, and why over 2,000 security teams worldwide rely on it for fast, accurate vulnerability assessments and pentests.

See how we help security practitioners discover what's possible and prove what's real - with proprietary tech and key experts in offensive security.

Explore our toolkit

Company Security & privacy Product Pricing Account management Reporting & integrations Customer support Trivia

Team, company, and leadership

Learn about who built Pentest-Tools.com, who it’s for, and how it’s different. Meet the founder, discover where we’re based, and understand our mission to empower security professionals with tools designed by real pentesters.

What is Pentest-Tools.com?

Who is Pentest-Tools.com for?

The product serves:

Security consultants who need to deliver fast, high-quality assessments
Internal security teams managing complex infrastructures and compliance
Managed service providers (MSPs) securing diverse client environments

Each of them uses Pentest-Tools.com to streamline workflows, validate real risks, and deliver clear, credible reports.

How is it different from other vulnerability scanners?

Do I need to be a penetration tester to use Pentest-Tools.com?

How accurate are the scan results?

Where is the Pentest-Tools.com team based?

Who is the founder of Pentest-Tools.com?

Who is the CEO of Pentest-Tools.com?

Security and privacy

Get clarity on how we protect your data, where it’s stored, who can access it, and how we ensure secure, responsible scanning.

Is my data secure?

Where is my data stored?

We store customer data on secure servers hosted by Linode. The data resides in Europe and benefits from the security controls and compliance standards offered by our hosting provider. Our systems also follow security best practices for encrypted storage, access control, and network segmentation.

Can I delete my data?

Is traffic encrypted during scans or data uploads?

How do you ensure responsible vulnerability scanning and exploitation?

Is Pentest-Tools.com safe?

Product, scanning, and tools

Explore how Pentest-Tools.com works - what tools it includes, how scanning works, and what types of assets you can test. Learn about automation, CVE detection, authenticated scans, ML features, and how we validate vulnerabilities with real proof.

How do I scan a website?

What tools does Pentest-Tools.com include?

Pentest-Tools.com offers a complete offensive security toolkit that covers every stage of a vulnerability assessment or penetration test. The tools are organized into four main categories:

Reconnaissance & attack surface mapping

Identify exposed infrastructure and gain visibility fast.

Popular tools:

Subdomain Finder – discover subdomains linked to a domain
Port Scanner – detect open TCP ports and services
Website Recon – fingerprint web apps and identify web server tech
URL Fuzzer
WAF Detector and many more

Vulnerability scanners

Find and prioritize real weaknesses across websites, APIs, networks, and cloud.

Popular tools:

Website Vulnerability Scanner – our proprietary scanner for deep, unauth and authenticated scans
Network Vulnerability Scanner – covers cloud, and external infrastructure, as well as internal networks (though VPN)
CMS Vulnerability Scanners – quickly identify risks in popular platforms
API Scanner – detects issues in RESTful APIs with custom tokens and headers

Exploitation & validation

Prove risk with safe, controlled exploitation.

Top tool: Sniper: Auto Exploiter – automatically exploits and validates vulnerabilities (e.g. XSS, SQLi, RCE), providing screenshots, payloads, and execution traces

Automation & reporting

Accelerate and scale your testing without sacrificing control.

Core capabilities:

Pentest Robots – chain tools into custom, reusable workflows
Advanced Reporting Engine – export findings as DOCX, HTML, CSV, XLSX, JSON
Manual Findings Manager – add and manage human-discovered issues
Integrations – connect findings to Jira, Slack, Vanta, webhooks, and more

You get full-stack coverage across web, network, cloud, and API - designed for speed, clarity, and validation at every step.

You can always browse all our tools to see which combination fits your needs.

Is Pentest-Tools.com a wrapper over a collection of open-source tools?

Can I scan internal infrastructure or only public assets?

What IPs do I need to whitelist for scanning?

Can I use credentials for authenticated scans?

Will scanning overload or crash my server?

How do I validate that a vulnerability is real?

Can I create automated sequences or custom scan workflows?

Do you support CVE scanning?

Can I scan APIs or just websites and networks?

Can I scan continuously for changes or regressions?

What is Pentest-Tools.com used for?

Does Pentest-Tools.com use AI?

What is it like to use Pentest-Tools.com?

Is Pentest-Tools.com good?

What are the alternatives to Pentest-Tools.com?

Plans and pricing

Understand what each plan includes, how pricing works, and what happens if you exceed your usage. This section also covers free tools, discounts, billing, and payment options for different team sizes and needs.

How much does Pentest-Tools.com cost?

Is there a free trial or demo of Pentest-Tools.com I can use or see?

We don’t offer a free trial, but you can explore the product and run initial scans with the Free edition - no credit card required. It gives you access to our product’s basic capabilities so you can see how the product looks and how it works before committing.

If you’d like a deeper walkthrough tailored to your use case, you can also book a live demo with our team. We’ll show you how to scan, validate, and report vulnerabilities based on your workflows.

What’s included in each pricing plan?

What happens if I go over my usage limit?

Can I switch plans or cancel my subscription?

Do you offer discounts for annual billing?

Can I get custom pricing for high volume or enterprise use?

What payment methods do you accept?

How does billing through FastSpring work?

Can I request an invoice or use a purchase order (PO)?

Account and team management

Learn how to create and manage an account, invite team members, assign roles, manage workspaces, and scan from internal environments. Perfect for consultants, internal teams, and MSPs working with multiple clients.

How do I create an account?

Do I need an account to use the free tools?

Not always. You can run up to 2 free scans per day with selected free tools - like the Website Vulnerability Scanner - directly on our website, no account required.

However, if you want to save scan results, explore more tools, or access the Free edition of the product, you’ll need to create an account (no credit card required). This unlocks additional features and makes it easier to upgrade to a paid plan later.

Can I invite teammates or collaborate on vulnerability assessment or penetration testing projects?

How do you handle roles and permissions?

Can I manage multiple clients or assets separately?

Can I run scans from a self-hosted agent or proxy?

Reporting and integrations

Learn how to generate customizable reports, export data, add manual findings, and integrate scan results into your workflow with tools like Jira, Slack, and CI/CD pipelines. Discover how our reporting generator makes evidence easy to present and act on.

What types of reports can I generate?

Can I customize vulnerability reports or pentest reports?

Yes! With the Pentest Suite plan, you can use our editable DOCX templates to fully customize your pentest reports - wording, sections, formatting, and more.

You can also:

Include or exclude specific findings
Reorder sections
Add manual findings directly into reports
Use multiple templates across clients or engagement types

This gives you flexibility to match your reporting to your organization’s reporting style, compliance requirements, or client expectations.

Do reports include validated evidence?

What integrations do you support?

Can I export findings as JSON or CSV?

Is there an API to automate scans and fetch results?

Do you support integration into CI/CD pipelines?

Can I add manual findings to the reports?

Customer support and success

Get help when you need it! Find answers about onboarding, support response times, training, and how to submit feedback. We also share links to public reviews so you can hear directly from other security practitioners using the product.

Where can I get help or support for Pentest-Tools.com?

Do you offer onboarding or training?

Yes. All customers - especially those on WebNetSec, Pentest Suite, or custom plans - can request onboarding sessions to help their teams hit the ground running.

We’ll walk you through:

Scanning workflows based on your use case
Reporting and automation setup
Role-based access and workspace organization
API and integration options

If you’d like a deeper training session or a demo tailored to your team’s structure, just let us know. We’re happy to help you integrate the product into your process with confidence.

Can I speak to someone before buying?

Is support included in all plans?

How fast is your response time?

Where can I find documentation?

Can I suggest a feature or tool improvement?

Where can I find Pentest-Tools.com reviews?

Did you know that…?

Enjoy some trivia and behind-the-scenes facts about Pentest-Tools.com - from our one-server startup days to our global footprint and hand-crafted payloads written by real pentesters. A lighter look at what makes us different.

Did you know that Pentest-Tools.com started with a single, self-hosted server in our founder’s one-bedroom rental?

Did you know we have customers in over 119 countries - including Iceland, Kenya, and the Maldives?

Security teams across the globe trust Pentest-Tools.com - from MSPs in Germany to consultants in Brazil, tech companies in Japan, and even boutique security firms in places like Iceland, Kenya, and the Maldives.

Wherever there’s an internet connection and a security challenge, there’s a good chance someone’s running a scan with us.

Did you know that real pentesters write our payloads?