The free Pentest-Tools.com edition
Get quick vulnerability discovery, basic monitoring and attack surface mapping, plus easy reporting, without setup or a credit card. The Free Edition gives you enough to get started, and real results to prove it.
Quick asset mapping with exportable exposure results
Basic network, web, cloud & API scanning
90 days historical data storage
Real tools. Real scans. Real results.
Attack surface mapping and recon
The faster you see it, the quicker the fix
Quickly map your external attack surface with tools that uncover domains, subdomains, open ports, firewalls, and web app entry points. Start identifying potential targets for deeper investigation, with zero setup.
Free vulnerability assessment
Spot the most common risks on your websites, APIs, servers, and cloud infrastructure
Use basic vulnerability scans to detect misconfigurations, exposed services, and known CVEs. Ideal for an initial risk snapshot and compliance prep, even on a free plan.
Capabilities:
Web vulnerability scanning (limited)
Network vulnerability scanning (limited)
API vulnerability scanning (limited)
Cloud vulnerability scanning (full)
Scan management & results visibility
Track findings, schedule scans, and export results from a single workspace
Organize your attack surface by assets, automate scans, and export results in various formats. Even with scan limits, you get full visibility into your findings.
Included in The Free Edition:
5 assets per month
2 parallel scans
100 queued scans
25 scheduled scans
Scan exports (CSV, JSON)
Results for vulnerabilities, subdomains, open ports
Partial access to scan customization (specific checks only)
Default wordlists
Continuous monitoring & alerting
Stay informed about changes in your attack surface
Monitor selected assets for new vulnerabilities, open ports, or subdomain changes. Set up email notifications and weekly or monthly scheduled scans to stay one step ahead. Yup, for free.
Included in The Free Edition:
Partial continuous attack surface monitoring
Partial access to scheduled scans
Alerts for key events: vulnerabilities, subdomains, port exposure
Email-based notifications
Basic reporting & collaboration
Turn your scan results into actionable reports
Export findings in multiple formats and share them with clients, collaborators, or stakeholders. Stay organized with one workspace and centralized visibility.
Included in The Free Edition:
Scan results exports (PDF, HTML, CSV, XLSX)
Aggregated exports across scans
User & data management
Secure your data and manage access, even on the free tier
Keep your scan data protected with 2FA and access history, and store it for 90 days. You’ve got plenty of time to act or follow up.
Included in The Free Edition:
90-day data retention
Two-factor authentication (2FA)
Login history
Email workflow integrations
Ready when you are.
Scale up to advanced vulnerability management, deeper scans, and multi-sequence automation at any time.
What you can discover for free
Even with limited scans, the Free Edition gives you proof-backed results you can act on. Here’s what you can discover
Outdated CMS versions and exposed admin panels
Open ports and services vulnerable to known CVEs
Shadow subdomains, unlinked directories, or forgotten virtual hosts
Web technologies and common misconfigurations
Free vulnerability assessment that won’t disrupt your systems
The Free Edition only runs non-intrusive, passive, or safe-by-default tests. This gives you data and insights that help you investigate safely, without risky payloads or exploits.
URL Fuzzer
discovers unlinked files, directories, or endpoints through smart path fuzzing
Subdomain Finder
finds known and hidden subdomains to expand your target’s surface
Port Scanner
detects open TCP ports and services to help uncover exposed entry points
Website Scanner
detects tech stacks, outdated components, admin panels
Network Scanner
identifies open ports, protocol banners, and known CVEs
Is the Free Edition right for you?
Security practitioners evaluating new tools
Get a hands-on look at what Pentest-Tools.com can do, without needing a demo or sales call. Use the Free Edition to explore our workflows, see how scans work, and understand how we validate results. It’s the easiest way to try the platform in real-world conditions.
Security consultants and freelancers
Run quick reconnaissance and attack surface mapping to show early value to clients, but without upfront costs. The Free Edition helps you gather real results for initial reports, POCs, or sales conversations, with zero setup and no credit card.
Internal security engineers and analysts
Quickly scan new assets or external services to validate what’s exposed. The Free Edition helps you prioritize next steps by showing validated findings that support fast triage and deeper testing where needed.
MSPs and MSSPs
Use the Free Edition as a quick first step to evaluate external assets during onboarding or presales. Map exposed services across multiple domains, find easy wins, and export clean results for client-ready reporting
Hobbyists and personal website owners
Keep an eye on your own small-scale projects or learning environments. The Free Edition is great for scanning personal websites, trying out tools, or staying sharp with passive reconnaissance and basic scans.
Free vs paid
The Free Edition offers safe, surface-level discovery that is perfect for initial assessments. But to reveal complex vulnerabilities and simulate real-world attacks, you’ll need the full power of a paid plan.
Here’s what changes when you upgrade:
Coverage
Findings
Customization
Scan depth
Enhanced tools
Real-world readiness
Included in all plans
- API access
- Unlimited rescans for your asset inventory
- Continuous security monitoring & alerts for assets across your inventory
- Unlimited team members
- Integrations for security operations workflows, including AWS, Vanta, Nucleus Security, Jira, Microsoft Teams, webhooks & more
Clear boundaries. Ethical scanning only.
The Free Edition is for professionals, pentesting hobbyists, and students who test ethically, whether doing legit discovery work on infrastructure they own or manage, or learning about reconnaissance and vulnerability scanning.
To keep things fair and safe for everyone, there’s only one rule: only scan targets you have permission to test.
We monitor for misuse, block unauthorized activity, and reserve the right to disable accounts we suspect use our product for malicious purposes. It’s not red tape: it’s how we keep the product useful, ethical, and trusted by security teams everywhere.
Trusted by thousands, and counting
The Free Edition isn’t a demo. It’s your entry into real penetration testing workflows that security professionals across the globe use.
160,000+
Free Edition accounts
1 scan
every 5s
1.2 million
API-driven scans
1.6 million
scheduled scans
Start for free. Upgrade when ready.
The Free Edition gets you started, then grows with you and your specific needs.
Unlock deeper scans, chained automation, and unlimited scans with a single upgrade, without switching anything.
Scan automation flows with Pentest Robots
Advanced exports, integrations, and reporting tools
Access to proprietary exploit tools
Full subdomain enumeration
Advanced vulnerability scanning
Internal network scanning via VPN Agent
Custom scan parameters and wordlists
Unlimited assets and parallel scans
FAQs
Is this really free?
Yes. The Free Edition gives you functional tools with no time limit, no credit card, and no locked results. It’s not a crippled demo, but keep in mind some of the functionalities are limited.
What’s the difference between free and paid plans?
Free lets you explore key tools. Paid plans unlock all the tools, deeper scanning, internal network assessment, advanced automation with Pentest Robots, full team collaboration and plenty more.
Who is the Free Edition for?
It’s perfect for security consultants, internal security teams, MSPs/MSSPs, educators, and hobbyists. If you're running reconnaissance, validating real risks, or exploring free pentest tools, this edition is built for you.
What can I scan with the Free Edition?
You can run reconnaissance and vulnerability scans on domains, IPs, and URLs you own or are authorized to test. This includes basic, free website vulnerability scanning, free port scanning, basic API vulnerability scanning, and basic network recon.
Are these real tools or limited demos?
The Free Edition includes fully functional pentest tools and it serves as an overview of our product. You’ll be using the same capabilities trusted by professionals, just with limits on the number of assets and scans. You can find subdomains for free, scan for open ports and services, and even find web technologies for free.
How safe are the free scans?
All scans in the Free Edition are non-intrusive and safe-by-default. That means no exploits or payloads. You’ll only run scans that detect exposures passively, like outdated CMS versions, misconfigurations, and vulnerable services based on banners.
Can I monitor web apps and network targets for free?
Yes, up to a point. You can monitor web apps and network targets for free using basic scans and basic attack surface mapping. You can always go to Scheduled scans to check all your recurring scans or even create a new weekly or monthly scan with your tool of choice for your preferred target. Email alerts are already included, so you’ll know when something new pops up on the radar. To unlock full monitoring automation, just upgrade when ready.
Does the Free Edition support WordPress scans?
Absolutely. You can run a free WordPress scan to identify common exposures like outdated plugins, admin panel access, or known vulnerabilities.
Can I export my scan results?
Yes, you can export findings in PDF, HTML, XLSX, CSV, and JSON formats, even in the Free Edition. This makes it easy to share results with clients or integrate them into your documentation or reports.
What’s the upgrade path from Free?
When you’re ready to go deeper, you can upgrade to unlock features like full subdomain enumeration, advanced vulnerability assessment, internal network scanning with the VPN Agent, and powerful, multi-step automation with Pentest Robots. No need to switch tools or migrate data.