Free pentesting tools you can use right now

Try our suite of penetration testing tools for free (no account required!)

Free to use Reconnaissance tools

Try out the tools our team of penetration testers use to gather information about targets and map their attack surface. Understand the tech stack behind web apps and networks, along with specific characteristics such as subdomains, virtual hosts, open ports, and lots more.

Whether you’re doing asset inventory or a full vulnerability assessment, these penetration testing tools help you go through reconnaissance faster and more comprehensively. They come pre-configured and are ready to use without any additional manual work.

You can use them individually for their specific functionality (e.g. for running port scans or website recon) in the free version or in automated sequences (pentest robots) and access to full features with paid plans.


Google Hacking

Use advanced search operators (Google Dorks) to find juicy information about target websites.


Domain Finder

Discover the domain names owned by a company and map its attack surface.


Subdomain Finder

Find the subdomains of an internet domain and determine the attack surface of an organization.


Find Virtual Hosts

Discover the virtual hosts configured on a given IP address.


Port Scanner

Find open ports and running services (incl. versions), and do OS fingerprinting in a single port check.


UDP Port Scan

Discover open UDP ports, detect service version and operating system.


URL Fuzzer

Discover hidden, sensitive or vulnerable files and routes in web applications and servers.


Website Recon

Find out which web technologies your target website is using.

Run Web Vulnerability Scanners at zero cost

See what it’s like to run a professional web application pentest from home, with cloud-based security tools that perform in-depth, comprehensive scans.

Detect a wide range of critical CVEs and high-risk security issues with powerful vulnerability scanning tools that identify OWASP Top 10 vulnerabilities, misconfigurations, and other problems malicious hackers routinely exploit.

Try out our free scanners that identify SQL injection and cross-site scripting (XSS) security vulnerabilities to see how they might fit into your security audit workflow. And don’t forget to test the powerful Website Scanner thousands of ethical hackers rely on! All without spending a dime.


Website Vulnerability Scanner

Most popular free tool last year

Scan for vulnerabilities in web applications and find SQL Injection, XSS, Server Side-Request Forgery, Directory Traversal, and others, plus web server configuration issues.


XSS Scanner

Test if a web application is vulnerable to Cross-Site Scripting. This tool had previously used OWASP ZAP, but now it uses our own proprietary scanning engine.


SQL Injection Scanner

Discover SQL Injection vulnerabilities in web applications. This tool had previously used OWASP ZAP, but now it uses our own proprietary scanning engine.


WordPress Scanner

Find vulnerabilities and exploits in core WordPress software. Discover interesting headers and find out if your main theme is vulnerable.

See what our Network Vulnerability Scanners can do for free

Test the powerful capabilities of our Network Scanner, uncover SSL and TLS configuration issues and vulnerabilities, and detect Zone Transfer and other vulnerabilities in DNS servers. All without having to log in or pay for anything!

With the findings these network security tools report for free, you can start to reduce your attack surface and limit the exposure of essential assets in your network. For instance, the Network Scanner finds high-risk vulnerabilities such as Log4Shell, ProxyShell, ProxyLogon, and many others, while reducing the number of false positives to a minimum.


Network Vulnerability Scanner

Discover outdated network services, missing security patches, misconfigured servers, and many more critical vulnerabilities.


SSL/TLS Scanner

Discover SSL and TLS configuration issues and vulnerabilities such as POODLE, Heartbleed, DROWN, ROBOT, Ticketbleed, and more.


DNS Server Scanner

Detect Zone Transfer and other vulnerabilities in DNS servers.

Make the most of these Utilities – on the house

Uncover information about a domain name or IP address and detect if a server responds to ICMP requests with the click of a button. No costs involved!

Being able to quickly extract information about your targets for free is very helpful when you have limited time for a security assessment. Plus, the free toolkit on is cloud-based, so you don’t have to worry about specific compatibility requirements with operating systems. Just add your target and scan away for free!



Detect if a server is live and responds to ICMP requests.


Whois Lookup

Find information about an Internet resource (domain name, IP address).

Frequently Asked Questions

Free pentest tools FAQs

We founded to solve the need for a reliable online resource that offensive security specialists can use to run security tests from anywhere in the world.

Giving free access to the light versions of our pentesting tools is our way of supporting those who seek to develop their cybersecurity skills. As a team, we’re big believers in contributing to the information security community that grows and improves through shared knowledge and shared access to technology.

It’s also a way to help those interested in the full-fledged tools and the entire platform to get a taste of what they can do with them.

Need to keep free scan results indefinitely?

Create a free account and get unlimited history for all your light scans and their results. You also get unlimited scans with any of our free tools!

What else is there?