Skip to content

Pricing

What a penetration test actually costs.

Most firms make you sit through a sales call just to learn the price. We would rather tell you up front. Here is what ours start at, and what moves the number. The honest answer to "what will it cost" is "it depends on what we are testing," so think of these as fair starting points, not a final quote.

Small External Pentest

from $4,000

Up to 50 external IPs, or one primary domain

  • Authenticated and unauthenticated testing of public-facing services
  • A written report ranking every finding by exploitability
  • 30-day retest of fixed findings, included

Best for: Single-location SMBs and first-time or compliance-driven tests

Request a quote
Most common

Medium Full Pentest

from $6,500

Up to 100 external IPs and up to 250 internal hosts

  • Everything in Small, plus testing from inside the network
  • Active Directory enumeration and privilege-escalation testing
  • Executive summary, technical findings, and a remediation roadmap
  • 30-day retest of fixed findings, included

Best for: HIPAA or PCI scoped environments and repeat clients

Request a quote

Large Enterprise Pentest

from $10,000

Unlimited external IPs and up to 1,000 internal hosts

  • Web application testing and a 50-user phishing simulation
  • Active Directory enumeration with lateral-movement testing
  • An executive briefing call to walk leadership through the results
  • 60-day retest of fixed findings, included

Best for: Multi-location businesses and SOC 2 audit prep

Request a quote

Every tier includes a retest of your fixed findings. That is built in, not an upsell.

What moves the price

No two networks are the same, so no two quotes are either. A handful of things decide where you land:

  • How big your network is, the number of external IPs and internal hosts we cover.
  • Whether we are testing web applications, not just network services.
  • Whether you want a phishing simulation included.
  • Internal testing, from inside the network, on top of the external view.

Why we charge what we charge

Most teams pay $10,000 or more per test, and a lot of the time that is an automated scan with a logo on the report. Real attackers do not just run a scanner and call it a day, so neither do we. Every engagement is the automated pass plus real hands-on manual testing, the kind that finds the chain of small problems that actually gets someone in.

And the retest is included. Once you have fixed what we found, we check your work. You should not have to pay twice to find out the fix worked.

Not sure which tier fits?

Tell us a little about your network and what is prompting the test. We will figure out the right scope with you and come back with a fair, fixed quote. No pressure, no sales theater.