TestMyStack
Get Started

How TestMyStack Works

TestMyStack combines professional pentesting tools with AI orchestration to deliver enterprise-grade security assessments at small business prices. Here's what happens behind the scenes when you order a scan.

1

Scope Authorization

Before any scanning begins, you define exactly what we're allowed to test. Our authorization form captures target domains, IP ranges, and test types. You e-sign the form, and we generate a legally binding PDF. This protects both parties and ensures we only scan what you own and authorize.

2

AI-Orchestrated Scanning

Our scan engine uses specialized AI agents that coordinate professional security tools: nmap for port scanning, Gobuster for directory enumeration, Nessus for vulnerability assessment, and custom scripts for web application testing. Every command is validated against your authorization scope before execution.

3

Vulnerability Analysis

Raw scan results are analyzed by AI to deduplicate findings, assess exploitability, calculate CVSS scores, and generate actionable remediation steps. Our knowledge base of vulnerability patterns — built from real pentesting engagements — helps prioritize what matters most.

4

Professional Reporting

You receive a detailed PDF report modeled after real penetration test deliverables: executive summary, attack surface analysis, vulnerability findings with CVSS scores and proof-of-concept evidence, and a prioritized remediation plan. Reports are stored securely and auto-expire after 90 days.

5

Remediation Tracking

After fixing vulnerabilities, order a retest for just $29. We automatically compare new findings against your previous scan — showing you exactly what's been fixed, what's still open, and any new issues. Track your security posture improvement over time.

Safety & Compliance

  • Scope enforcement — Every scan command is validated against your authorized scope. We never test anything you haven't explicitly approved.
  • No destructive operations — Our agents are explicitly blocked from running destructive commands, DoS attacks, or data exfiltration.
  • Full audit trail — Every action is logged with timestamps for complete accountability and transparency.
  • Data encryption — All sensitive data is encrypted at rest with AES-256-GCM. Reports auto-expire and are permanently deleted after 90 days.

Internal Network Scans

Need to scan internal infrastructure? Install our lightweight Cloudflare Tunnel agent on any machine inside your network. It creates a secure, encrypted connection from your LAN to our scan engine — no firewall changes or VPN required. The tunnel agent is a single binary with zero dependencies, available for Windows, macOS, and Linux.