// services

What our agents test.
What they find.

Three tiers of AI-driven testing. All include written reports with severity ratings and remediation steps. You pick the depth, our agents do the work.

Tier 1

Recon

Passive and semi-active surface mapping. We find everything exposed to the public internet — before attackers do.

$49
~24–48h turnaround
Get This Test

In Scope

  • Subdomain enumeration
  • DNS record analysis
  • Open port & service scan
  • HTTP header audit
  • SSL/TLS configuration
  • Exposed file/directory listing
  • OSINT / public data exposure
  • Technology fingerprinting

Not Included

  • Active exploitation
  • Authenticated testing
  • API endpoint testing
  • Business logic testing
  • Social engineering

// example findings

CriticalExposed admin panelNo authentication on /admin subdomain
HighOutdated server softwarenginx/1.14.0 with known CVEs
MediumMissing security headersNo CSP, X-Frame-Options, or HSTS
LowOpen DNS zone transferInternal hostnames exposed
Tier 2

Probe

Active web application testing. We go beyond scanning and actually try to exploit common vulnerabilities in your app.

$199
~48–72h turnaround
Get This Test

In Scope

  • Everything in Recon
  • SQL injection (manual + automated)
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Broken authentication & session mgmt
  • Insecure direct object references (IDOR)
  • API endpoint enumeration
  • File upload vulnerabilities
  • Sensitive data exposure

Not Included

  • Chained attack scenarios
  • Business logic deep-dive
  • Social engineering
  • Debrief call

// example findings

CriticalSQL Injection in searchBlind SQLi via search param, full DB read possible
HighStored XSS in commentsUnsanitized input stored and rendered to all users
HighIDOR on /api/user/{id}Accessing other users' data by changing ID
MediumWeak session tokensPredictable token entropy, brute-forceable
Tier 3

Breach

Full engagement. We think like a real attacker — chaining vulnerabilities, testing business logic, and going as deep as your authorization allows.

$499
~72–96h turnaround
Get This Test

In Scope

  • Everything in Probe
  • Business logic flaw testing
  • Full API security audit
  • Auth flow exploitation
  • Chained / multi-step attack scenarios
  • Remote code execution attempts
  • Privilege escalation testing
  • Third-party integration risks
  • 30-minute debrief call

Not Included

  • Physical security testing
  • Employee phishing / social engineering
  • Infrastructure beyond defined scope
  • Anything outside written authorization
Add-on

Re-test

After you patch, we'll verify your fixes actually worked. Flat rate, same scope as your original test.

$50
Add Re-test