TestMyStack
← View pricing

Penetration Testing

Our standard service — and the only one you need. Every pentest includes full web scanning, Nessus infrastructure assessment, OSINT collection, safe exploitation, and a professional report. One price, everything included.

Penetration Test

Web scanning + Nessus VA + pentest + OSINT

$30 / scan
Additional hosts: +$5 each Skip Nessus/VA: -$5 Skip OSINT: -$5 Retest: $10

Everything Included

Subdomain & port discovery
Technology stack fingerprinting
OWASP Top 10 vulnerability checks
SSL/TLS configuration review
Nessus Professional infrastructure scan
CVE identification & patch verification
Safe exploitation attempts
Authentication & session testing
Authorization bypass checks
Business logic flaw analysis
Input validation testing (XSS, SQLi)
CVSS-scored findings with PoC evidence
Professional PDF report
Prioritised remediation playbook
Human review of critical findings

How It Works

1

Reconnaissance

Full attack surface mapping — subdomain discovery, port scanning, service fingerprinting, technology stack identification, and DNS enumeration.

2

Vulnerability Assessment

Nessus Professional scans your infrastructure for CVEs and misconfigurations while automated tools check for OWASP Top 10, SSL issues, and security header problems.

3

Safe Exploitation

AI agents attempt controlled exploitation — injection attacks, authentication bypass, authorization flaws, and business logic vulnerabilities. When data exposure is found, we capture redacted proof-of-concept evidence.

4

Reporting & Remediation

Findings are scored with CVSS, documented with evidence, and paired with step-by-step remediation guidance. Human analysts review critical findings to eliminate false positives.

Testing Categories

Injection Testing

SQL injection, command injection, LDAP injection, XPath injection, template injection

Authentication

Brute force protection, session management, password policy, multi-factor bypass, token security

Authorization

IDOR vulnerabilities, privilege escalation, horizontal/vertical access control bypass

Input Handling

Cross-site scripting (XSS), CSRF, file upload vulnerabilities, header injection

Business Logic

Workflow bypass, rate limiting, price manipulation, race conditions, state tampering

Infrastructure

CVE detection, patch verification, configuration auditing, TLS/SSH analysis, CIS benchmarks

Safety Guarantees

  • All exploitation attempts are non-destructive — no data is deleted, modified, or corrupted
  • Every command is validated against your authorised scope before execution
  • Agents are blocked from running DoS attacks or destructive operations
  • Experienced security engineers oversee AI agents and verify critical findings
  • Full audit trail of every action taken during the assessment

After the Pentest

Fixed the issues? Order a Retest for $10 to verify your remediation. We automatically compare new findings against your previous scan, showing exactly what's been fixed, what's still open, and any new issues. If too much has changed (new hosts, major infrastructure changes), a new full scan ($30) is needed instead.

Multiple Hosts

Scanning more than one target? Your first host is $30, and each additional host, domain, or IP range in the same engagement is just +$5. All targets receive the full pentest treatment and appear in a unified report.

Start a Pentest View Pricing