Pricing and plans
Pentest-Tools.com is a powerful cloud-native alternative to multiple security testing tools like Nessus, Qualys, Acunetix, Nexpose or Invicti.
Choose what best fits your security mission
NetSec
for network vulnerability assessment
starting from5 assets includedWhat's included:
- Network vulnerability scanning tools, including password auditing and cloud scanning
- Network attack surface mapping & monitoring
- Automated, customizable security testing workflows that chain multiple network security tools
WebNetSec
for web app, network & API vulnerability assessment
starting from5 assets includedEverything in NetSec, plus:
- Web vulnerability scanning tools with proprietary technology, including CMS and API scanning
- Web app attack surface mapping & monitoring
- Authenticated web app scanning across multiple types of authentication flows
Pentest Suite
for human-led penetration testing
starting from5 assets includedEverything in WebNetSec, plus:
- Vulnerability exploitation tools for extracting proof for validation and PoCs with custom exploitation modules
- Advanced pentest reporting - editable report and engagement templates + multiple formats (incl. customizable DOCX)
- Findings management, including templates and imports from Burp & Nessus
Included in all plans:
- API access
- Unlimited rescans for your asset inventory
- Continuous security monitoring & alerts for assets across your inventory
- Unlimited team members
- Integrations for security operations workflows, including AWS, Vanta, Nucleus Security, Jira, Microsoft Teams, webhooks & more
Optional add-ons
Internal network scanningBranded reports & emails
Built by pentesters.Trusted by 2000+ security teams in 119+ countries
Custom plans
For organizations with enterprise-level security needs.
A detailed view of our plans
Let's make it easy for you to choose the best plan for your security workflow
| Feature byPlans | NetSec | WebNetSec | |||
|---|---|---|---|---|---|
Attack surface mapping & recon tools 8 | |||||
Quick exposure discovery (open ports, virtual hosts, subdomains, and more) | Included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Included in Free |
In-depth attack surface discovery (hidden files, port lists, reverse DNS, WAF, and more) | Not included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Not included in Free |
Vulnerability scanning tools 11 | |||||
Network vulnerability scanning | limited | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | limited |
Web vulnerability scanning (including authenticated scans) | limited | limited | Included in WebNetSec | Included in Pentest Suite | limited |
Cloud vulnerability scanning | Included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Included in Free |
API vulnerability scanning | limited | limited | Included in WebNetSec | Included in Pentest Suite | limited |
Vulnerability exploitation tools 5 | |||||
Safe and controlled vulnerability detection and exploitation (based on our research team's custom exploits) | Not included in Free | Not included in NetSec | Not included in WebNetSec | Included in Pentest Suite | Not included in Free |
Vulnerability validation with proof of exploitation (user lists, screenshots, interesting files, etc.) | Not included in Free | Not included in NetSec | Not included in WebNetSec | Included in Pentest Suite | Not included in Free |
In-depth data extraction with proprietary Handlers (cookies, keystrokes, HTML content, source IPs, etc.) | Not included in Free | Not included in NetSec | Not included in WebNetSec | Included in Pentest Suite | Not included in Free |
Asset & scan limits | |||||
Scanned Assets per scan cycle | Up to 5 | based on usage | based on usage | based on usage | Up to 5 |
Parallel scans | 2 | based on usage | based on usage | based on usage | 2 |
Queued scans | Up to 100 | based on usage | based on usage | based on usage | Up to 100 |
Scheduled scans | 25 | based on usage | based on usage | based on usage | 25 |
Scan & findings management | |||||
Unified Attack Surface mapping with exportable results (CSV, JSON) | Included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Included in Free |
Scan automation flows with Pentest Robots (tool chaining for vulnerability assessment and pentesting sequences) | Not included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Not included in Free |
Custom scanning & exploitation parameters (specific checks only) | partial availability | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | partial availability |
Findings management: add manual findings, use predefined templates, modify findings | Not included in Free | Not included in NetSec | Not included in WebNetSec | Included in Pentest Suite | Not included in Free |
Wordlists (defaults & custom) | partial availability | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | partial availability |
Import scan results & findings from other security tools (Burp Suite) | Not included in Free | Not included in NetSec | Not included in WebNetSec | Included in Pentest Suite | Not included in Free |
Continuous vulnerability monitoring | |||||
Scheduled scans | partial availability | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | partial availability |
Scan diff alerts (vulnerabilities, port scanning, subdomains) | Included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Included in Free |
Custom notifications | Included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Included in Free |
Continuous attack surface monitoring for specific assets | partial availability | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | partial availability |
Reporting & Engagement capabilities | |||||
Scan results exports (PDF, HTML, CSV, XLSX) | Included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Included in Free |
Aggregated exports from multiple scans | Included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Included in Free |
Pentest report generation with editable templates (DOCX) | Not included in Free | Not included in NetSec | Not included in WebNetSec | Included in Pentest Suite | Not included in Free |
Integrations | |||||
API access | Not included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Not included in Free |
Workflow integrations (email, Jira, Microsoft Teams, Slack, Discord, webhooks, etc.) | Email only | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Email only |
Cloud integrations (import targets from AWS) | Not included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Not included in Free |
Compliance & risk management integrations (Vanta, Nucleus Security) | Not included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Not included in Free |
Team management & sharing capabilities | |||||
Workspaces | 1 | Unlimited | Unlimited | Unlimited | 1 |
Unlimited team members | Not included in Free | Unlimited | Unlimited | Unlimited | Not included in Free |
Data management | |||||
Historical data storage period | 90 days | 1-year | 1-year | 2-years | 90 days |
Account security | |||||
Two-factor authentication (2FA) | Included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Included in Free |
User login history | Included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Included in Free |
Dedicated support | |||||
Premium support with max. 48 hours SLA | Not included in Free | Not included in NetSec | Not included in WebNetSec | Included in Pentest Suite | Not included in Free |
Additional payment options | |||||
Wire transfer or pro-forma invoice (for min. 1-year subscriptions) | Not included in Free | Included in NetSec | Included in WebNetSec | Included in Pentest Suite | Not included in Free |
Expert security testing services
For organizations looking for meticulous, managed penetration tests and red team engagements that surface real risks for business continuity.
Join our exclusive Partner Network
Expand your offering with a proprietary product for security and IT teams in large organizations. Help them align and streamline vulnerability assessments and penetration testing activities ranging from attack surface mapping to precise, proof-based reporting.
How security pros use our products
Pentest-Tools.com is the Swiss army knife for anyone performing black-box external network security assessments and an all-in-one comprehensive toolset for external red team/asset mapping engagements. I used to rely on a wide range of tools when mapping and scanning external organization assets, but since I found this comprehensive solution, I rarely need to use more than one.
Shay Chen Linkedin profile
Shay Chen
CEO at Effective Security Ltd.
Israel 🇮🇱
FAQ(s)
You have questions, we're here to clarify