Enter a URL and test credentials. An AI engine runs a full, safe, black-box pentest and delivers a report with the results, the methodology, and the exact prompts used.
$ pentient scan https://app.example.com → recon 18 checks · TLS, headers, CSP, cookies ✓ → authz login ok · IDOR + privilege escalation (read) ✓ → injection reflected-input markers (safe payloads) ✓ → report results + methodology + prompts ✓
From URL to signed-off report in four steps.
Enter your URL and optional test credentials.
Fixed price, shown upfront. Pay securely to unlock the scan.
E-sign the rules-of-engagement contract. No scan runs without it.
Findings, methodology, and the exact prompts used — web + PDF.
We log the system prompt, each phase's instructions, and every masked tool call — and put them in your report.
Read-only confirmation, strict scope, SSRF/egress guards, secret masking. A scan only runs once it's paid and you've signed the authorization.
Mapped to a vulnerability knowledge base with CVSS, remediation, and references. Mark a finding fixed to trigger a targeted retest.
Fixed cost. Quoted upfront. No surprises.
Unauthenticated black-box recon.
Recon + authenticated testing + injection.
Deeper, multi-role engagement.
Sign in with your email to register a target and request your first pentest.
Get startedAuthorized testing only. You'll sign a rules-of-engagement contract before any scan runs.