Pentest-Tools.com FAQs

Explore (almost) everything about Pentest-Tools.com - who built it, who uses it, and why over 2,000 security teams worldwide rely on it for fast, accurate vulnerability assessments and pentests.

See how we help security practitioners discover what's possible and prove what's real - with proprietary tech and key experts in offensive security.

Explore our toolkit

Team, company, and leadership

Learn about who built Pentest-Tools.com, who it’s for, and how it’s different. Meet the founder, discover where we’re based, and understand our mission to empower security professionals with tools designed by real pentesters.

What is Pentest-Tools.com?

Pentest-Tools.com is a vulnerability assessment and penetration testing product built by offensive security experts. It helps security professionals scan, validate, and report real vulnerabilities with speed and accuracy - across web, network, cloud, and API layers - without sacrificing control or introducing noise. 

Pentest-Tools.com provides the coverage, consolidation, and automation cybersecurity teams need to optimize vulnerability assessment workflows. And it also ensures the depth, control, and customization on which professional pentesters count to increase engagement quality and profitability.

Who is Pentest-Tools.com for?

The product serves:

  • Security consultants who need to deliver fast, high-quality assessments

  • Internal security teams managing complex infrastructures and compliance

  • Managed service providers (MSPs) securing diverse client environments

Each of them uses Pentest-Tools.com to streamline workflows, validate real risks, and deliver clear, credible reports.

How is it different from other vulnerability scanners?

Pentest-Tools.com goes beyond basic detection - it confirms which vulnerabilities are actually exploitable using automated PoCs, screenshots, request/response payloads, and exploit replay. 

While traditional scanners overwhelm you with raw findings and false positives, our toolkit reduces noise with a Machine Learning classifier and delivers validated results you can act on immediately.

You get full coverage - web, network, API, and cloud - in a single, purpose-built product. No bloated dashboards. No fragmented tools. Just one expert-grade workflow that moves from recon to reporting without breaking your focus or your stack.

Do I need to be a penetration tester to use Pentest-Tools.com?

No. The product works for both seasoned pentesters and less experienced users. The interface is intuitive, scan flows are easy to run, and the results come validated with evidence - so any security professional can take action confidently.

How accurate are the scan results?

Pentest-Tools.com consistently delivers benchmark-proven accuracy. 

In 2024, our Website Vulnerability Scanner detected 98% of known vulnerabilities in tests based on real-world scenarios. The Network Vulnerability Scanner ranked first in a benchmark comparison against both commercial and open-source tools like Qualys, Nessus, and OpenVAS.


In credential auditing, our product outperformed Hydra - an established open-source tool - by detecting 84% of real weak credentials versus Hydra’s 38% detection rate. That means you get stronger, more reliable findings without needing secondary tools to verify results.

Where is the Pentest-Tools.com team based?

Pentest-Tools.com is proudly founded and headquartered in Romania - a global hotspot for offensive security talent. Our team includes seasoned penetration testers, engineers, and researchers who don’t just build the product - they use it, test it, and improve it based on real-world attack techniques.

We stay deeply involved in the security community and research scene. Our team regularly publishes findings, writes custom detections, and contributes to new exploitation logic, as outlined in our Vulnerability research manifesto.

In 2025, Pentest-Tools.com contributed to The Recursive’s Cybersecurity Report with a headline that captures our mission: “Making attackers try harder.” That’s exactly what we aim to do - by helping security teams move faster to mitigate their risks and focus only on what’s really impactful.

Who is the founder of Pentest-Tools.com?

Adrian Furtuna founded Pentest-Tools.com in 2013, bringing 20 years of hands-on experience in IT security to the product. A seasoned penetration tester, researcher, and university lecturer, Adrian has spoken at leading international conferences including BlackHat Europe, Hack.lu, ZeroNights, Hacktivity, Infosecurity Europe, and OWASP.

He built Pentest-Tools.com from a small team of offensive security experts to one of the top products in this space, rallying everyone around a meaningful shared goal: to give security professionals a faster, more accurate way to find real vulnerabilities, validate risk, and prove their impact - with less friction and more focus on what matters. 

Who is the CEO of Pentest-Tools.com?

Adrian Furtuna leads Pentest-Tools.com as CEO, continuing to shape the product with the same hands-on, practitioner mindset that drove its founding. Under his leadership, the company stays focused on building expert-grade tools that reflect real-world attacker behavior - not just theoretical risk.

He drives innovation by staying close to customers, spearheading research efforts, and ensuring the product evolves with the pace of modern offensive security. Adrian’s vision remains clear: help security professionals save time, reduce noise, and deliver proof-backed results that earn trust - from clients, executives, and their own teams.

Security and privacy

Get clarity on how we protect your data, where it’s stored, who can access it, and how we ensure secure, responsible scanning. 

Is my data secure?

Data security is a top priority at Pentest-Tools.com, since we are a security company. 

All customer data - including scan results, targets, and credentials - is encrypted in transit and at rest. We host our infrastructure with Linode, which follows industry-standard security practices, and we never store or process payment data ourselves. All financial transactions go through FastSpring, our trusted payment provider. 

Where is my data stored?

We store customer data on secure servers hosted by Linode. The data resides in Europe and benefits from the security controls and compliance standards offered by our hosting provider. Our systems also follow security best practices for encrypted storage, access control, and network segmentation.

Can I delete my data?

Yes. You can delete scan results, assets, and targets at any time from your account. Once deleted, this data is removed from our systems and is no longer accessible. You maintain full control over what you keep, what you remove, and what’s included in your scan history.

Specific data retention policies that we have in place include:

Custom auto-deletion settings: as a customer, you can configure automatic deletion settings within your account based on:

  • Number of days (maximum 365 days)

  • Number of scans (between 100 and 10,000 scans)

 

Scan data:

  • Scan results for customers who have not had an active license for 1 year or 2 years, depending on their subscription, are automatically deleted.

  • Scan reports are automatically deleted 30 days after generation.

  • Scan data for the free plan users is automatically deleted after 30 days.

Personal data (contact details such as email, invoicing address, phone - if shared - and similar information) is retained for a maximum of 2 years after you’ve last had an active subscription with us, after which it gets automatically deleted.

Is traffic encrypted during scans or data uploads?

Yes. We encrypt all traffic using HTTPS/TLS, both for scans you initiate through the product and for data transfers - such as credentials for authenticated scans or report downloads. 

How do you ensure responsible vulnerability scanning and exploitation?

We design our product with robust safeguards to prevent disruptive behavior and ensure ethical use.

Authorized targets: 

Our tools are strictly designed for use on targets for which you have explicit authorization. Our Terms of Service prohibit scanning any third-party devices or networks without their express permission.

Non-disruptive scans: 

Vulnerability scans are non-destructive by default, engineered to avoid creating unreasonable load on your systems or causing service outages.

Controlled exploitation: 

When using exploitation tools like Sniper: Auto-Exploiter, you maintain full control over execution. Any exploitation is conducted minimally, specifically to validate findings or illustrate a vulnerability, without compromising your assets.

Manual validation safeguards: 

Even during manual investigations to verify scan results (e.g., when reporting an incorrect finding), we guarantee that no action will be performed to endanger or compromise your asset.

This commitment ensures you can safely assess and validate vulnerabilities while maintaining the integrity and availability of your systems.

Is Pentest-Tools.com safe?

Yes - and it is trusted by thousands of security teams around the world to help protect their most critical systems.

Pentest-Tools.com is used by over 2,000 teams in 119+ countries, including consultants, MSPs, and internal security teams in large companies. Our product is GDPR-compliant and regularly tested against modern risks. 

We’re built by a team of professional penetration testers and security engineers who apply their real-world expertise to continuously update detection logic, exploit capabilities, and scan safeguards.

Our tools have been benchmarked and recognized for their accuracy, including first-place rankings in network vulnerability detection and web app vulnerability scanning. In 2024 alone, customers ran over 6.3 million scans, including 1.2 million via API and more than 611,000 automated sequences with Pentest Robots.

We don’t just earn recognition within the cybersecurity industry. Pentest-Tools.com was ranked among the 500 fastest-growing tech companies in EMEA by Deloitte, based on objective financial performance. This reflects not just our technical credibility, but our consistent business growth and alignment with long-term customer value.

Pentest-Tools.com is privately held, financially healthy, and continuously growing. We’re backed by a passionate, expert-led team that puts product development, security research, and customer success at the core of everything we do.

Product, scanning, and tools

Explore how Pentest-Tools.com works - what tools it includes, how scanning works, and what types of assets you can test. Learn about automation, CVE detection, authenticated scans, ML features, and how we validate vulnerabilities with real proof.

How do I scan a website?

Scanning a website is straightforward. Add your target URL, choose the Website Vulnerability Scanner, and start the scan. 

As a customer with a paid plan, you can run unauthenticated scans or provide credentials to test behind login forms. The tool automatically detects vulnerabilities like XSS, SQLi, CSRF, broken access controls, and more - with detailed evidence to help you confirm the results.

What tools does Pentest-Tools.com include?

Pentest-Tools.com offers a complete offensive security toolkit that covers every stage of a vulnerability assessment or penetration test. The tools are organized into four main categories:

Reconnaissance & attack surface mapping

Identify exposed infrastructure and gain visibility fast.

Popular tools:

  • Subdomain Finder – discover subdomains linked to a domain

  • Port Scanner – detect open TCP ports and services

  • Website Recon – fingerprint web apps and identify web server tech

  • URL Fuzzer

  • WAF Detector and many more 


Vulnerability scanners

Find and prioritize real weaknesses across websites, APIs, networks, and cloud.

Popular tools:

  • Website Vulnerability Scanner – our proprietary scanner for deep, unauth and authenticated scans

  • Network Vulnerability Scanner – covers cloud, and external infrastructure, as well as internal networks (though VPN)

  • CMS Vulnerability Scanners – quickly identify risks in popular platforms

  • API Scanner – detects issues in RESTful APIs with custom tokens and headers

Exploitation & validation

Prove risk with safe, controlled exploitation.

Top tool: Sniper: Auto Exploiter – automatically exploits and validates vulnerabilities (e.g. XSS, SQLi, RCE), providing screenshots, payloads, and execution traces

Automation & reporting

Accelerate and scale your testing without sacrificing control.

Core capabilities:

  • Pentest Robots – chain tools into custom, reusable workflows

  • Advanced Reporting Engine – export findings as DOCX, HTML, CSV, XLSX, JSON

  • Manual Findings Manager – add and manage human-discovered issues

  • Integrations – connect findings to Jira, Slack, Vanta, webhooks, and more

You get full-stack coverage across web, network, cloud, and API - designed for speed, clarity, and validation at every step.

You can always browse all our tools to see which combination fits your needs.

Is Pentest-Tools.com a wrapper over a collection of open-source tools?

No. Pentest-Tools.com is not a wrapper. 


While we respect and build on public research, most of our detection engines and exploitation logic are proprietary and developed in-house by our team of security and software engineers. 

We write custom scanners, payloads, and validation logic based on real attack techniques - not generic templates. 


When we use open-source tools or external capabilities, we mention that on our website and in our product.  

Can I scan internal infrastructure or only public assets?

You can scan both. 

For internal infrastructure, we provide an optional VPN agent that lets you safely scan private networks and internal systems as if they were exposed. This works well for environments behind firewalls, on-prem networks, or isolated cloud segments. 

What IPs do I need to whitelist for scanning?

You should whitelist the following FQDN: scanners.pentest-tools.com. This hostname resolves to multiple IP addresses used by our scanning servers:

  • 109.237.27.198

  • 109.237.27.200

  • 109.237.27.225

  • 109.74.202.94

  • 139.162.201.126

  • 139.162.205.176

  • 139.162.208.130

  • 139.162.208.170

  • 139.162.208.214

  • 139.162.208.53

  • 139.162.220.62

  • 139.162.221.245

  • 151.236.222.150

  • 151.236.222.152

  • 151.236.222.77

  • 178.79.157.160

  • 178.79.184.136

  • 178.79.184.180

  • 212.71.238.216

  • 213.168.248.194

  • 213.168.248.234

  • 213.168.248.235

  • 213.168.248.246

  • 213.168.248.37

  • 213.168.248.6

  • 213.219.38.115

  • 213.52.129.191

  • 213.52.129.206

  • 213.52.129.242

  • 213.52.129.60

  • 213.52.129.76

  • 213.52.129.8

  • 109.74.196.90

  • 139.162.210.74

  • 139.162.215.18

  • 139.162.215.86

  • 178.79.150.252

  • 212.71.238.154

  • 212.71.238.156

  • 88.80.191.195

  • 88.80.191.24

  • 88.80.191.50

  • 172.237.96.47

  • 172.236.8.82

  • 172.237.96.65

  • 172.236.8.215

  • 172.236.8.150

  • 172.236.8.253

  • 172.236.8.93

  • 172.237.96.70

  • 172.237.96.61

  • 172.236.8.250

  • 172.236.8.62

  • 172.236.8.234

  • 172.236.8.233

  • 172.236.8.54

  • 172.236.8.224

  • 172.236.8.249

  • 172.236.8.192

  • 172.236.8.118

  • 172.237.96.56

  • 172.237.96.71

  • 172.237.96.54

  • 172.236.8.10

  • 172.237.96.58

  • 172.236.8.137

  • 172.237.96.52

  • 172.237.96.49

  • 172.237.96.57

  • 172.236.8.92

  • 172.236.8.164

  • 172.236.8.127

  • 172.236.8.80

  • 172.236.8.139

  • 172.236.8.202

  • 172.236.8.135

  • 172.236.8.106

  • 172.236.8.208

  • 172.236.8.34

  • 172.236.8.219

  • 172.237.96.53

  • 172.236.8.232

  • 172.236.221.159

  • 172.236.221.164

  • 172.236.221.178

  • 172.236.221.162

  • 172.236.221.171

  • 172.236.221.166

  • 172.236.221.168

  • 172.236.221.157

  • 172.236.221.177

  • 172.236.221.160

  • 172.236.221.161

  • 172.236.221.174

  • 172.236.221.169

  • 172.236.221.170

  • 172.236.221.163

  • 172.236.211.30

  • 172.236.221.175

  • 172.236.221.181

  • 172.236.221.182

  • 172.232.193.133

  • 172.232.193.182

  • 172.232.216.237

  • 172.232.209.8

  • 172.232.209.71

  • 172.232.216.83

  • 172.232.209.138

  • 172.232.216.208

  • 172.232.209.15

  • 172.232.216.216

  • 172.232.203.179

  • 172.232.216.242

  • 172.232.216.201

  • 172.232.209.175

  • 172.232.209.157

  • 172.232.203.201

  • 172.232.209.23

  • 172.232.203.204

  • 172.232.209.68

  • 172.232.193.47

  • 172.236.213.119

  • 172.237.108.186

  • 172.236.14.110

  • 172.236.3.74

  • 172.236.8.227

  • 172.237.108.9

  • vpn2.pentest-tools.com

  • 109.74.200.91

  • 172.237.109.43

  • 172.236.13.243

  • 172.236.30.132

  • 172.237.100.185

  • 172.236.15.114

  • 172.238.101.45

  • 172.238.96.196

  • 172.238.101.155

  • 172.238.101.153

  • 172.238.101.12

  • 172.238.101.48

  • 172.238.101.150

  • 172.238.101.24

  • 172.238.101.49

This is also available as an IPv4 text list.

Can I use credentials for authenticated scans?

Yes. 


Pentest-Tools.com supports authenticated scanning for websites and other web apps with login forms, including multi-step and token-based authentication. You can test session handling, access control issues, insecure password policies, and other flaws behind the login.

Will scanning overload or crash my server?

No. Scans are designed to be safe for production environments. 

You control scan scope and intensity, and can run tests in low-impact modes. 

For more sensitive systems, we recommend starting with reconnaissance tools or a small scope scan to evaluate performance.

How do I validate that a vulnerability is real?

Pentest-Tools.com helps you move beyond basic detection by automatically confirming the exploitability of many vulnerabilities. 

When a scan detects a finding, the product collects concrete proof - like screenshots, HTTP request/response payloads, attack replay steps, and execution traces - so you can confidently determine real risk.

For web apps, the Website Vulnerability Scanner performs deep, authenticated scanning and includes built-in attack replay features to validate issues like XSS, SQLi, CSRF, and more. You can explore how the issue was triggered, inspect full request chains, and review the system’s response in detail.

For infrastructure, the Network Vulnerability Scanner highlights misconfigurations, weak credentials, outdated services, and CVE-matched issues - enhanced with exploit insights and risk context.

To confirm critical findings even further, Sniper: Auto Exploiter automatically runs safe, controlled exploits on confirmed vulnerabilities. It gathers high-fidelity evidence such as command output, system information, local user lists, and more - turning every test into a proof-backed assessment.

With this evidence-rich approach, you spend less time validating noise and more time fixing what matters.

Can I create automated sequences or custom scan workflows?

Yes. With Pentest Robots, you can chain multiple tools - like subdomain discovery, port scanning, web fuzzing, and vulnerability scanning - into repeatable workflows. 

You can customize each Pentest Robot to match your process, schedule it to run automatically, and trigger alerts based on findings.

Do you support CVE scanning?

Absolutely! 

Our scanners detect and validate thousands of CVEs, including high-profile vulnerabilities like Log4Shell, Check Point VPN issues (CVE-2024-24919), and others. 

You can also run CVE-specific scans with the Network Vulnerability Scanner, so you can effectively check your infrastructure for critical risks when a new security issue emerges. 

Can I scan APIs or just websites and networks?

You can scan all three: websites, networks (including cloud), and APIs

For instance, the Website Vulnerability Scanner includes support for testing REST APIs by sending requests with custom headers, tokens, and payloads - allowing you to find vulnerabilities in modern, JSON-based services.

Can I scan continuously for changes or regressions?

Yes. You can schedule recurring scans across your asset inventory to detect new vulnerabilities, technology changes, or exposure drift. 

Use differential scan results and real-time alerts via email, Slack, or webhook to stay ahead of regressions.

What is Pentest-Tools.com used for?

Security professionals and their teams use Pentest-Tools.com for:

  • Reconnaissance and attack surface mapping

  • Web, API, network, and cloud vulnerability assessments

  • Exploit validation and PoC generation

  • Reporting and compliance audits

  • Continuous security monitoring

The product helps you move from detection to validation to reporting, all in one place.

Does Pentest-Tools.com use AI?

We use Machine Learning, not just AI - only where it actually improves accuracy and supports real-world decision-making. 

At Pentest-Tools.com, we use machine learning classifiers to cut fuzzing false positives by up to 50%, prioritize real vulnerabilities, and guide smarter scan execution.

Our ML system doesn’t replace expert judgment - it enhances it. We trained it on thousands of validated scan results reviewed by human penetration testers. Instead of treating every possible issue as equally important, the classifier learns which findings deserve attention based on context, behavior, and attack patterns.

Unlike other tools that apply “AI” as a buzzword or automate for the sake of it, we focus on targeted enhancements that save time and build trust. You still get full transparency into how vulnerabilities were found, validated, and ranked - so you stay in control at every step.

What is it like to use Pentest-Tools.com?

It’s fast, focused, and built for people who care about doing real security work - not just ticking boxes. You can launch scans in seconds, investigate detailed, evidence-backed findings, and generate client-ready reports in just a few clicks - without battling bloated dashboards or unnecessary friction.

Security professionals consistently highlight how intuitive the product feels. On G2, Pentest-Tools.com holds an average rating of 4.8 out of 5, with users praising its ease of use, clear output, and quick onboarding. Gartner Peer Insights reviewers note the product’s strong detection, actionable reports, and value in both external and internal assessments.

Customer testimonials echo this:

  • “Very user-friendly, easy, and quick to launch and use.”

  • “I rarely need to use more than one tool anymore.”

  • “Useful in meeting SOC 2 compliance with scheduled scanning and VPN-based internal testing.”

Whether you run a consulting business, are part of a growing MSP, or on an internal security team, Pentest-Tools.com adapts to how you already work - so you spend less time managing tools and more time delivering results that matter.

Is Pentest-Tools.com good?

Yes - and thousands of security professionals say the same. 

Pentest-Tools.com is trusted by over 2,000 teams in 119+ countries, including consultants, internal security teams, and MSPs running daily operations at scale.

Transparent, public benchmarks place our scanners ahead of industry leaders like Nessus, Qualys, and OpenVAS in detection accuracy, with 98% real-world vulnerability coverage on the web layer and top-ranked performance in network scanning and credential auditing.

On G2, we maintain an average rating of 4.8/5 stars, with reviewers praising our product’s speed, usability, accuracy, and expert focus. On Gartner Peer Insights, security leaders highlight how the product delivers reliable results, simplifies complex workflows, and supports compliance with frameworks like SOC 2.

Customers regularly call out:

  • “Clear, reliable results with zero fluff.”

  • “A time-saver that replaced multiple tools.”

  • “The reporting engine is a game changer—simple, professional, and customizable.”


So yes - Pentest-Tools.com is good. But more importantly, it’s proven, trusted, and built to help you deliver better security outcomes with less noise and more clarity.

What are the alternatives to Pentest-Tools.com?

Common alternatives include products like Nessus, Qualys, Invicti, and Acunetix. These tools are widely used - but many security teams switch to Pentest-Tools.com for a better balance of accuracy, efficiency, and usability.

In a 2024 benchmark of website vulnerability scanners, Pentest-Tools.com matched or outperformed top commercial and open-source tools, achieving a 98% detection rate with significantly lower false positives. In the network vulnerability scanning benchmark, our product ranked #1 overall, delivering superior results across detection, reliability, and exploitability validation.

Unlike legacy scanners, Pentest-Tools.com combines:

Customers describe it as a smarter, more focused replacement for bloated stacks. As one reviewer said:

“I replaced three different tools with Pentest-Tools.com - and haven’t looked back.”


If you’re looking for a product that does more than detect - and actually helps you validate, report, and scale - Pentest-Tools.com stands apart.

Plans and pricing

Understand what each plan includes, how pricing works, and what happens if you exceed your usage. This section also covers free tools, discounts, billing, and payment options for different team sizes and needs.

How much does Pentest-Tools.com cost?

We offer flexible pricing plans designed to match how security teams actually work. 

Plans start with as few as 5 scanned assets and scale up to 500+ - with optional add-ons for advanced features like internal scanning and branded reports. 

To see exactly what our pricing plans include, check out our pricing page. And, if your needs exceed our standard subscriptions, you can always get in touch for a custom plan.

Is there a free trial or demo of Pentest-Tools.com I can use or see?

We don’t offer a free trial, but you can explore the product and run initial scans with the Free edition - no credit card required. It gives you access to our product’s basic capabilities so you can see how the product looks and how it works before committing.

If you’d like a deeper walkthrough tailored to your use case, you can also book a live demo with our team. We’ll show you how to scan, validate, and report vulnerabilities based on your workflows.

What’s included in each pricing plan?

Each Pentest-Tools.com plan gives you access to a curated set of capabilities aligned with your security objectives - whether you focus on network assessments, full-stack web app testing, or advanced pentest workflows.


At a high level:

  • All paid plans include essential recon tools, reporting exports (PDF, CSV, HTML, XLSX), scan automation with Pentest Robots, and unlimited team members.

  • NetSec focuses on network-level exposure and vulnerability scanning, including cloud vulnerability scanning, password auditing, and attack surface mapping.

  • WebNetSec expands coverage to include our proprietary Website Vulnerability Scanner, authenticated scanning, and API vulnerability scanning - ideal for full-stack web and app-layer testing.

  • Pentest Suite unlocks vulnerability exploitation with Sniper: Auto-Exploiter, editable pentest report templates (DOCX), manual findings management, and deeper customization of scans and workflows.

Across all plans, you get:

  • Flexible usage based on the number of scanned assets

  • Scheduled and continuous scanning capabilities

  • Workflow integrations (e.g., Jira, Slack, Vanta, Teams, webhooks)

  • API access and extended historical data retention (varies by plan)

  • Optional add-ons for internal scanning or branded reports

These pricing plans give you control - so you can scale capabilities and usage based on real needs, not rigid product tiers.

What happens if I go over my usage limit?

You won’t hit a hard wall. If you need more scans or capabilities, you can add more scanned assets, enable add-ons, or upgrade to a more comprehensive plan at any time. 

There’s no penalty for going beyond your original setup - just flexible scaling that adapts to your current needs.

You can make changes instantly via your account or work with our sales team if you’re on a custom plan.

Can I switch plans or cancel my subscription?

Of course! 

Depending on your pricing plan, you can:

  • Upgrade or downgrade plans at any time

  • Cancel monthly subscriptions from your account (you’ll retain access until the end of your billing cycle)

  • Scale up usage on any plan with add-ons or additional assets

  • Request cancellation or changes on custom plans through our support team.


For monthly subscriptions, we also offer a 10-day money-back guarantee after your first payment if the product doesn’t meet your expectations.

Do you offer discounts for annual billing?

Yes! Annual plans include built-in discounts and are ideal for teams that need predictable budgets or long-term coverage. 

You’ll also benefit from easier procurement and fewer administrative cycles.

Can I get custom pricing for high volume or enterprise use?

Absolutely! 

If you need to scan more than 500 assets per month or require a tailored combination of capabilities, we offer custom plans. These are built to support enterprise-level workflows, larger teams, and multi-client environments with flexible licensing and billing options.

Reach out to sales@pentest-tools.com or fill in the form to ask for a custom offer.

What payment methods do you accept?

We accept:

  • Debit and credit cards (Visa, Mastercard, AMEX, etc.)

  • Invoices and wire transfers (for eligible accounts)

  • Local payment options (depending on country/region)


All payments are securely processed through our partner, FastSpring.

How does billing through FastSpring work?

FastSpring is our official payment processor. They handle all payment data securely and comply with international privacy and security regulations. 

We never store your payment details directly.

You’ll receive invoices, renewal reminders, and confirmation emails directly from FastSpring and certain reminders directly from our team as well.

Can I request an invoice or use a purchase order (PO)?

Yes. If you prefer PO-based purchasing or need an invoice for internal processing, our team can support that. 


Just reach out to us at support@pentest-tools.com or speak with our sales team (sales@pentest-tools.com) to set it up if you have a custom pricing plan.

Account and team management

Learn how to create and manage an account, invite team members, assign roles, manage workspaces, and scan from internal environments. Perfect for consultants, internal teams, and MSPs working with multiple clients.

How do I create an account?

To get started, go to Pentest-Tools.com and click “Sign up”. 


You can choose a paid plan for full access to our vulnerability scanners, automation features, and reporting capabilities - or create a free account to explore the product with limited functionality. No credit card is required for the Free edition, and you can upgrade anytime.

Do I need an account to use the free tools?

Not always. You can run up to 2 free scans per day with selected free tools - like the Website Vulnerability Scanner - directly on our website, no account required.


However, if you want to save scan results, explore more tools, or access the Free edition of the product, you’ll need to create an account (no credit card required). This unlocks additional features and makes it easier to upgrade to a paid plan later.

Can I invite teammates or collaborate on vulnerability assessment or penetration testing projects?

Yes! All pricing plans include unlimited team members and shared workspaces, so you can collaborate easily across engagements or internal projects.

You can invite colleagues, assign them to workspaces, and organize scan results per client, engagement, or infrastructure scope.

How do you handle roles and permissions?

Pentest-Tools.com uses shared workspaces with granular role-based access control to help teams collaborate securely and efficiently.

You can assign one of three roles to each team member:

  • Admin – full access to manage team members, assets, scans, reports, and workspace settings

  • Member – can run scans, add assets, and manage findings

  • Viewer – can view results and reports, but cannot run scans or make changes

Each workspace is logically isolated, so you can keep client environments, internal projects, or departmental workstreams cleanly separated. 

This setup is ideal for multi-client consulting firms, internal security teams, and MSPs that need to manage access without risking cross-contamination or accidental changes.

You can also manage multiple workspaces under one account and switch between them as needed - maintaining clear visibility and control at all times.

Can I manage multiple clients or assets separately?

Definitely! You can organize scans, assets, and reports into workspaces, which are ideal for separating client projects, departments, or infrastructure zones.

Each workspace has isolated scan data and team member access, giving you full flexibility to run multiple engagements or manage environments with clean separation and reduced risk.

Can I run scans from a self-hosted agent or proxy?

Yes. For scanning internal networks or systems not exposed to the internet, you can use our VPN agent (available as an add-on).

This lets you securely route scan traffic from our cloud scanners into your private infrastructure - without needing to deploy or maintain scanning software locally.

Reporting and integrations

Learn how to generate customizable reports, export data, add manual findings, and integrate scan results into your workflow with tools like Jira, Slack, and CI/CD pipelines. Discover how our reporting generator makes evidence easy to present and act on.

What types of reports can I generate?

Pentest-Tools.com supports multiple export and reporting formats to fit different use cases - from client-facing deliverables to internal documentation and integrations.

You can generate:

  • Professional, customizable pentest reports (DOCX)

  • PDF and HTML reports with built-in descriptions and evidence

  • CSV and XLSX exports for tabular vulnerability data

  • JSON exports for automation or ingestion into other platforms


All reports include risk description, validated findings, and replicable steps to support remediation.

Can I customize vulnerability reports or pentest reports?

Yes! With the Pentest Suite plan, you can use our editable DOCX templates to fully customize your pentest reports - wording, sections, formatting, and more.

You can also:

  • Include or exclude specific findings

  • Reorder sections

  • Add manual findings directly into reports

  • Use multiple templates across clients or engagement types

This gives you flexibility to match your reporting to your organization’s reporting style, compliance requirements, or client expectations.

Do reports include validated evidence?

Absolutely! 

Every validated finding includes rich, built-in evidence - such as:

  • HTTP request/response payloads

  • Screenshots of executed payloads or exposed data

  • Execution traces for confirmed RCEs or logic flaws

  • Lists of users on the target

  • Network graph and exploit paths

Tools like Sniper: Auto Exploiter enhance this by delivering real proof-of-exploit output, system details, and attacker-simulated behavior - so reports show not just what’s vulnerable, but why it matters.

What integrations do you support?

You can connect Pentest-Tools.com to the tools you already use. Supported integrations include:

  • Jira – for creating and updating issues based on validated findings

  • Slack – for alerts on scan results and vulnerabilities

  • Vanta – to support compliance workflows

  • Webhooks – for triggering actions or syncing with other systems

  • Microsoft Teams – for streamlined notifications and coordination

and others you can always see on our dedicated Integrations page

These integrations are easy to configure and available on all paid plans.

Can I export findings as JSON or CSV?

Yes. You can export all scan results as JSON or CSV, allowing you to:

  • Feed findings into your own dashboards or systems

  • Perform additional analysis or filtering

  • Support regulatory reporting or audit requirements

The exports include full technical details, risk levels, and evidence where available.

Is there an API to automate scans and fetch results?

Yes! The Pentest-Tools.com REST API lets you:

  • Trigger scans programmatically

  • Retrieve results, assets, and findings

  • Manage automated testing flows (Pentest Robots) and schedules

  • Integrate scans into your existing workflows or platforms

The API is well-documented, versioned, and supports token-based authentication.


It’s included in all paid plans - so whether you’re building custom automations or integrating into a larger security pipeline, you’re covered.

Do you support integration into CI/CD pipelines?

Yes. Pentest-Tools.com can be used in CI/CD pipelines to help you catch security issues early.

You can:

  • Trigger scans automatically during deployment or on pull request events

  • Validate new environments or app versions with authenticated scans

  • Use our REST API to fetch findings and halt pipelines on high-severity results

  • Pipe findings into Jira, Slack, or your SIEM/SOAR stack via webhooks

Many of our customers integrate automated or scheduled scans into CI/CD for pre-prod testing, security gates, and staging validations.

Can I add manual findings to the reports?

Yes! This option is available in the Pentest Suite pricing plan, under Findings. This lets you document and include manually discovered issues directly in your reports, alongside automated scan results.

You can:

  • Create findings manually or import from a reusable library

  • Attach rich evidence such as screenshots, payloads, and remediation guidance

  • Organize findings by severity, category, or affected asset

  • Include your manual findings in customizable DOCX templates - structured exactly as your client or compliance team expects.

This feature is ideal for professional pentesters who want to blend automated and manual results into a single, cohesive report - especially for findings uncovered through business logic testing, phishing simulations, or on-site assessments.

Whether you’re delivering a full-scope penetration test or validating niche edge cases, this option gives you the flexibility and control to showcase expert work and deliver high-quality, client-ready reports every time.

Customer support and success

Get help when you need it! Find answers about onboarding, support response times, training, and how to submit feedback. We also share links to public reviews so you can hear directly from other security practitioners using the product.

Where can I get help or support for Pentest-Tools.com?

You can reach our support team directly from your account via the in-app chat widget or by emailing us at support@pentest-tools.com. We’re here to help with technical issues, product questions, and onboarding guidance.

We also maintain an up-to-date Help Center that includes guides, how-tos, and troubleshooting steps for common workflows and product features.

Do you offer onboarding or training?

Yes. All customers - especially those on WebNetSec, Pentest Suite, or custom plans - can request onboarding sessions to help their teams hit the ground running.

We’ll walk you through:


If you’d like a deeper training session or a demo tailored to your team’s structure, just let us know. We’re happy to help you integrate the product into your process with confidence.

Can I speak to someone before buying?

Absolutely. If you’d like a walkthrough of the product or want to explore which plan best fits your needs, you can book a demo with our team here or contact us directly at sales@pentest-tools.com.

We’ll discuss your current workflows, security goals, and how Pentest-Tools.com can help you move faster with clarity and control.

Is support included in all plans?

Yes. All plans - paid, and custom - include email-based support, as well as full access to our documentation and Help Center.

Paid plans receive priority support, while Pentest Suite customers benefit from premium support with a guaranteed SLA of 48 hours maximum response time. This includes access to our dedicated customer success team for deeper assistance, onboarding, and workflow guidance.

Whether you’re getting started or managing enterprise-scale operations, we make sure you get the help you need - when you need it.

How fast is your response time?

We typically respond within a few hours during business hours (EET timezone) and aim to resolve most issues within 1 business day. Complex requests may take a bit longer, but we always keep you informed.

For custom plans or urgent matters, we provide priority handling and personalized assistance as part of our ongoing success support.

Where can I find documentation?

All documentation is available in the Pentest-Tools.com Help Center and our Docs portal, where you’ll find practical, up-to-date guidance on every part of the product.

The help center and docs include:

  • In-depth explanations for each tool - what it does, when to use it, and how it works

  • Sample inputs and outputs for better understanding

  • Practical usage tips, common errors, and configuration help

  • Setup instructions for reporting, automation, and integrations

  • API usage guides and authentication workflows

  • Workspace and role management instructions

Unlike generic help centers, these docs are written by our own team of offensive security specialists - so you’re always working from accurate, real-world guidance.

Can I suggest a feature or tool improvement?

Yes, please! We build our product with constant feedback from real-world pentesters, consultants, and security teams.

If you have a suggestion, email us at support@pentest-tools.com or share your idea during an onboarding call or a demo session. Our product and engineering team review every request.

Many of our most-used capabilities - like Sniper, Pentest Robots, and Machine Learning classifier - were born from customer suggestions.

Where can I find Pentest-Tools.com reviews?

You can read what customers say about us on:

Pentest-Tools.com holds a 4.8/5 star average on G2, with detailed and verified customer reviews highlighting our accuracy, ease of use, reporting, and professional-grade output. 

Our reviews reflect a variety of customers and their diverse use cases - from consulting companies to global security teams.

Did you know that…?

Enjoy some trivia and behind-the-scenes facts about Pentest-Tools.com - from our one-server startup days to our global footprint and hand-crafted payloads written by real pentesters. A lighter look at what makes us different.

Did you know that Pentest-Tools.com started with a single, self-hosted server in our founder’s one-bedroom rental?

In 2013, our founder Adrian Furtuna launched the first version of Pentest-Tools.com from his small apartment, running everything - from scans to the website - on one server tucked away in his balcony. There were just a few tools back then, all based on real techniques he used during his day-to-day pentest gigs.

Since then, we’ve grown to support thousands of security teams in 95+ countries - but we still build with the same spirit: keep it lean, make it useful, and stay close to what real security professionals need.

Did you know we have customers in over 119 countries - including Iceland, Kenya, and the Maldives?

Security teams across the globe trust Pentest-Tools.com - from MSPs in Germany to consultants in Brazil, tech companies in Japan, and even boutique security firms in places like Iceland, Kenya, and the Maldives. 

Wherever there’s an internet connection and a security challenge, there’s a good chance someone’s running a scan with us.

Did you know that real pentesters write our payloads?

Unlike many vulnerability assessment and penetration testing tools that rely purely on CVE signatures or third-party rulesets, Pentest-Tools.com uses payloads written and tested by real offensive security professionals. 

Our researchers regularly update exploit logic based on real-world engagements, replicable manual testing, and public research.