The free Pentest-Tools.com edition

Get quick vulnerability discovery, basic monitoring and attack surface mapping, plus easy reporting, without setup or a credit card. The Free Edition gives you enough to get started, and real results to prove it.

  • Quick asset mapping with exportable exposure results

  • Basic network, web, cloud & API scanning

  • 90 days historical data storage

Flaming head hero image

Real tools. Real scans. Real results.

Use fully functional tools, not limited demos. Run asset mapping and monitoring, scan websites and networks for critical vulnerabilities, and export actionable results. Perfect for trying out free pentest tools that do more than just the basics.
  • Attack surface mapping and recon

    Side by side illustration
  • Free vulnerability assessment

    • Spot the most common risks on your websites, APIs, servers, and cloud infrastructure

      Use basic vulnerability scans to detect misconfigurations, exposed services, and known CVEs. Ideal for an initial risk snapshot and compliance prep, even on a free plan.

      Capabilities:

      • Web vulnerability scanning (limited)

      • Network vulnerability scanning (limited)

      • API vulnerability scanning (limited)

      • Cloud vulnerability scanning (full)

    Side by side illustration
  • Scan management & results visibility

    • Track findings, schedule scans, and export results from a single workspace

      Organize your attack surface by assets, automate scans, and export results in various formats. Even with scan limits, you get full visibility into your findings.

      Included in The Free Edition:

      • 5 assets per month

      • 2 parallel scans

      • 100 queued scans

      • 25 scheduled scans

      • Scan exports (CSV, JSON)

      • Results for vulnerabilities, subdomains, open ports

      • Partial access to scan customization (specific checks only)

      • Default wordlists

    Side by side illustration
  • Continuous monitoring & alerting

    • Stay informed about changes in your attack surface

      Monitor selected assets for new vulnerabilities, open ports, or subdomain changes. Set up email notifications and weekly or monthly scheduled scans to stay one step ahead. Yup, for free.

      Included in The Free Edition:

      • Partial continuous attack surface monitoring

      • Partial access to scheduled scans

      • Alerts for key events: vulnerabilities, subdomains, port exposure

      • Email-based notifications

    Side by side illustration
  • Basic reporting & collaboration

    • Turn your scan results into actionable reports

      Export findings in multiple formats and share them with clients, collaborators, or stakeholders. Stay organized with one workspace and centralized visibility.

      Included in The Free Edition:

      • Scan results exports (PDF, HTML, CSV, XLSX)

      • Aggregated exports across scans

    Side by side illustration
  • User & data management

    • Secure your data and manage access, even on the free tier

      Keep your scan data protected with 2FA and access history, and store it for 90 days. You’ve got plenty of time to act or follow up.

      Included in The Free Edition:

      • 90-day data retention

      • Two-factor authentication (2FA)

      • Login history

      • Email workflow integrations

    Side by side illustration

Ready when you are.

Scale up to advanced vulnerability management, deeper scans, and multi-sequence automation at any time.

Character with goggles that can see vulnerabilities

What you can discover for free

Even with limited scans, the Free Edition gives you proof-backed results you can act on. Here’s what you can discover

Is the Free Edition right for you?

Security practitioners evaluating new tools

Get a hands-on look at what Pentest-Tools.com can do, without needing a demo or sales call. Use the Free Edition to explore our workflows, see how scans work, and understand how we validate results. It’s the easiest way to try the platform in real-world conditions.

  • Security consultants and freelancers

    Run quick reconnaissance and attack surface mapping to show early value to clients, but without upfront costs. The Free Edition helps you gather real results for initial reports, POCs, or sales conversations, with zero setup and no credit card.

  • Internal security engineers and analysts

    Quickly scan new assets or external services to validate what’s exposed. The Free Edition helps you prioritize next steps by showing validated findings that support fast triage and deeper testing where needed.

  • MSPs and MSSPs

    Use the Free Edition as a quick first step to evaluate external assets during onboarding or presales. Map exposed services across multiple domains, find easy wins, and export clean results for client-ready reporting

  • Hobbyists and personal website owners

    Keep an eye on your own small-scale projects or learning environments. The Free Edition is great for scanning personal websites, trying out tools, or staying sharp with passive reconnaissance and basic scans.

Free vs paid

The Free Edition offers safe, surface-level discovery that is perfect for initial assessments. But to reveal complex vulnerabilities and simulate real-world attacks, you’ll need the full power of a paid plan.

Here’s what changes when you upgrade:

Coverage

Scan more thoroughly with full subdomain enumeration, directory brute-force, authenticated scans, and ML-powered URL fuzzing.

Findings

Detect weak authentication, exposed admin panels, vulnerable tech stacks, and validated CVEs with real impact.

Customization

Use advanced and proprietary payloads, larger and custom wordlists, fine-tuned scan parameters, and request-specific tuning.

Scan depth

Simulate real-world attack techniques using active scanning logic we built from real pentesting scenarios that are designed to replicate attacker behavior and reveal deeper issues.

Enhanced tools

Unlock advanced features that go beyond surface-level probes, for each tool. (e.g. Deep scan modes in Subdomain Finder, API Scanner, and Website Scanner)

Real-world readiness

Go from discovery to remediation with full vulnerability assessment capabilities, internal network scanning via our VPN Agent, custom reports, automation with Pentest Robots, and workflow integrations for your team.

Included in all plans

  • API access
  • Unlimited rescans for your asset inventory
  • Continuous security monitoring & alerts for assets across your inventory
  • Unlimited team members
  • Integrations for security operations workflows, including AWS, Vanta, Nucleus Security, Jira, Microsoft Teams, webhooks & more

Clear boundaries. Ethical scanning only.

The Free Edition is for professionals, pentesting hobbyists, and students who test ethically, whether doing legit discovery work on infrastructure they own or manage, or learning about reconnaissance and vulnerability scanning.

To keep things fair and safe for everyone, there’s only one rule: only scan targets you have permission to test.

We monitor for misuse, block unauthorized activity, and reserve the right to disable accounts we suspect use our product for malicious purposes. It’s not red tape: it’s how we keep the product useful, ethical, and trusted by security teams everywhere.

Trusted by thousands, and counting

The Free Edition isn’t a demo. It’s your entry into real penetration testing workflows that security professionals across the globe use.

  • 160,000+

    Free Edition accounts

  • 1 scan

    every 5s

  • 1.2 million

    API-driven scans

  • 1.6 million

    scheduled scans

Start for free. Upgrade when ready.

The Free Edition gets you started, then grows with you and your specific needs.

Unlock deeper scans, chained automation, and unlimited scans with a single upgrade, without switching anything.

  • Scan automation flows with Pentest Robots

  • Advanced exports, integrations, and reporting tools

  • Access to proprietary exploit tools

  • Full subdomain enumeration

  • Advanced vulnerability scanning

  • Internal network scanning via VPN Agent

  • Custom scan parameters and wordlists

  • Unlimited assets and parallel scans

FAQs

Is this really free?

Yes. The Free Edition gives you functional tools with no time limit, no credit card, and no locked results. It’s not a crippled demo, but keep in mind some of the functionalities are limited.

What’s the difference between free and paid plans?

Free lets you explore key tools. Paid plans unlock all the tools, deeper scanning, internal network assessment, advanced automation with Pentest Robots, full team collaboration and plenty more.

Who is the Free Edition for?

It’s perfect for security consultants, internal security teams, MSPs/MSSPs, educators, and hobbyists. If you're running reconnaissance, validating real risks, or exploring free pentest tools, this edition is built for you.

What can I scan with the Free Edition?

You can run reconnaissance and vulnerability scans on domains, IPs, and URLs you own or are authorized to test. This includes basic, free website vulnerability scanning, free port scanning, basic API vulnerability scanning, and basic network recon.

Are these real tools or limited demos?

The Free Edition includes fully functional pentest tools and it serves as an overview of our product. You’ll be using the same capabilities trusted by professionals, just with limits on the number of assets and scans. You can find subdomains for free, scan for open ports and services, and even find web technologies for free.

How safe are the free scans?

All scans in the Free Edition are non-intrusive and safe-by-default. That means no exploits or payloads. You’ll only run scans that detect exposures passively, like outdated CMS versions, misconfigurations, and vulnerable services based on banners.

Can I monitor web apps and network targets for free?

Yes, up to a point. You can monitor web apps and network targets for free using basic scans and basic attack surface mapping. You can always go to Scheduled scans to check all your recurring scans or even create a new weekly or monthly scan with your tool of choice for your preferred target. Email alerts are already included, so you’ll know when something new pops up on the radar. To unlock full monitoring automation, just upgrade when ready.

Does the Free Edition support WordPress scans?

Absolutely. You can run a free WordPress scan to identify common exposures like outdated plugins, admin panel access, or known vulnerabilities.

Can I export my scan results?

Yes, you can export findings in PDF, HTML, XLSX, CSV, and JSON formats, even in the Free Edition. This makes it easy to share results with clients or integrate them into your documentation or reports.

What’s the upgrade path from Free?

When you’re ready to go deeper, you can upgrade to unlock features like full subdomain enumeration, advanced vulnerability assessment, internal network scanning with the VPN Agent, and powerful, multi-step automation with Pentest Robots. No need to switch tools or migrate data.