Features

Vulnerability Scanning API. Ready-to-use scan engines.

Integrate our pentesting and vulnerability scanning tools into your internal security testing flows. Enhance your Continuous Integration (CI) flows or add extra data to your custom applications with our API.

  • Get up and running in a few minutes

  • Add automated security scanning to your self-testing builds

  • Easily integrate it based on the detailed API reference

Getting started

Get up and running in a few minutes

Use our API straight out of the box: set your parameters and save invaluable time with our pre-configured scanners. Launch and delete scans in bulk and focus on interesting findings while we deliver accurate results. It only takes a few lines of code to initiate scans in several workspaces and run the same scan against multiple targets. Check out our sample API client to see for yourself!

                
                {
  "op": "start_scan",
  "tool_id": 170,
  "target": "http://demo.pentest-tools.com/webapp/",
  "tool_params": {
    "scan_type": "full_new",
    "follow_redirects": true
  }
}
              

Full-featured

An API built for security and IT experts

Using the Pentest-Tools.com API offers you more time to do what you love the most.

  • More control

    Use the vulnerability ID to filter and zoom in on interesting findings or edit them.

  • More accuracy

    Automatically map and scan redirects with zero impact to your initial setup.

  • More reliability

    Get instant feedback on potential errors before the scan starts.

  • More flexibility

    Merge, modify, and customize output from multiple scanners or 3rd party tools.

Easily integrate it using the detailed API reference

It’s really easy to scan multiple targets simultaneously using the API with minimal input from your side. Plus, you can instantly see if scans are running properly, eliminating errors and duplicate work. With the Pentest-Tools.com API, you can always start, stop, and query scans against up to 1000 targets with multiple pentesting tools - in a machine-friendly format (JSON).

“The schedule function of Pentest-Tools.com is step one and our next move is to automate scans using the API.”

Mark Rooijens
Mark Rooijens
CEO @ Cipix Internet
A glimpse of the Pentest-Tools.com API Reference

Trusted by experts at

Vodafone Logo
KPMG Logo
Orange Logo
Deloitte Logo
Accenture Logo
Engie Logo

Improve self-testing builds with security scanning

Make your releases less risky and your security issues easier to fix - proactively. Establish continuous security testing and automate it for maximum efficiency with the Pentest-Tools.com API. Deploy safe, resilient code by running security assessments with our ready-to-use scanners. Enhance your CI/CD process with built-in vulnerability testing to remove unintended backdoors and misconfigurations that endanger performance.

Use cases

4 ways to use the Pentest-Tools.com API

  • Ship safer deployments with less bugs and no major vulnerabilities

    Capture security issues early by integrating our API into your automated tests. Reduce your attack surface based on accurate, prioritized findings: troubleshoot misconfigurations, identify and close open ports, limit outsiders’ access to internal network services, and more! Make delivering secure code your competitive advantage.

  • Scan new infrastructure while deploying it

    Add the Pentest-Tools.com API to your deployment pipeline and discover vulnerabilities as they emerge. Use it to find issues such as outdated server software, SQL injection, XSS risks, security gaps in network services, and more. Our API is well-suited for complex deployment scripts. Run authenticated security tests and scan internal networks through VPN to get results for a broad range of apps and network components.

  • Reduce your testing costs (time & money)

    Merge our API into your CI/CD server and run 11 security tools in a matter of seconds! Replace manual work with scheduled scans and free up internal resources. Set your scripts to run during the night and get more out of your workday. Spend more time on strategic tasks such as updating workflows for a boost in productivity.

  • Integrate our tools into your web app, dashboard, or network

    Prefer things done your way? We get it! Incorporate data from our API into your UI. Get reliable, consistent scan results from up to date scans engines we maintain. Choose the features you want to use and set it up to get crucial findings - filtered and organized just how you like it.

Developed for

  • Pentesters

    Who lack the time to develop their own discovery modules

  • Network security specialists

    In charge of security risk assessments

  • DevOps teams

    Tasked with preventing security gaps in web apps

  • Developers

    Who understand and manage application security risks

  • Pentesters

    Looking to preview the scope and work for their future engagements

  • Business owners

    With a knack for security as a core performance metric

Everything you need

All-in-one platform

Become an Enterprise customer and get access to the Pentest-Tools.com API plus everything else our platform has to offer.

Authenticated website scans

Scan websites that require authentication as a logged-in user.

Internal network scanning

Scan targets from your internal/private network over VPN.

Multi-user access

Add multiple users to share your plan resources with.

JIRA integration

Create JIRA issues directly from the scan findings.

White label reports

Customize the branding of the reports with your own logo.

Access to all 25+ tools

Get access to all the tools on our platform and more.

Start using the platform today.

Unlock the full power and features of our platfom!
Compare pricing plans and discover more tools and features.

FAQ

Common questions

Currently, the following tools can be used through our API: Website Scan, Find Subdomains, Find Virtual Hosts, TCP Port Scan, UDP Port Scan, Network Scan OpenVAS, URL Fuzzer, SQLi Scan, XSS Scan, WordPress Scan, Drupal Scan.

We plan to add support for other tools and scanners at Pentest-Tools.com in future iterations. Keep an eye on our changelog, blog, and on our LinkedIn page to be the first to know when we do! You can also explore more details in the Support Center.

Reviews & Testimonials

What our customers say about Pentest-Tools.com

90% of the early recon work is done for us

  • Flexibility

  • Very simple to use

  • Extensive suite of tools

  • Fast and accurate

Imagine a world where all your "onsite" testing was performed offsite. Where your only choice is to send an appliance to a client site. That would never happen right? Well it did in February 2020. We started looking at this puzzle in August of 2019 to answer a problem for a very specific group group of clients and Pentest-Tools.com had a suite of tools that would work for us. And they had an API!

Fast forward to May of 2020. Thanks to the flexibility of Pentest-Tools.com, and the responsiveness of their support and development teams, we are shipping bespoke appliances to clients to use as drop boxes. But rather than just spin up a VPN, we gave the client a simple portal to log into and click "start" on their test. Using the full extensive suite of tools through the API, 90% of the early recon work is done for us with a simple PHP and Python script. Even the report is partially completed.

If you are a solo pentester, or a small testing house, then I would heartily recommend Pentest-Tools.com. The platform is very simple to use, fast and accurate.

Peter Bassill

Peter Bassill

Pentester, Security Researcher, Bounty Hunter, CISO/CIO with 20+ years of experience, Founder at Hedgehog Security

The go-to platform for automated web vulnerability assessments

  • Ease of use

  • Great reporting capabilities

"Pentest-Tools.com is my team's first go-to solution.

Anytime we are preparing to deploy a new version of our software, we run many tools to monitor and secure our environment, but the simplicity and ease we have with Pentest-Tools.com to run network and web server scans to highlight issues is unmatched."

Ioan Constantin

Ioan Constantin

Cyber Security Expert at Orange Industry: Telecom