Transparent pricing

Pay for scans,
not subscriptions

No monthly fees. No contracts. Buy credits once and use them whenever you need them. Credits never expire.

$1
per credit
~25 min
avg. scan time
7
scanners per run
credit validity
Pricing

Pay only for what you scan

Credit-based pricing with no subscriptions, no monthly fees, and no hidden costs. Buy credits when you need them.

Basic
$ 10
10 credits · ~3–5 full scans
All 7 scanner types
Full vulnerability reports
Asset discovery
Trust certificates
Get started
Standard
$ 30
30 credits · ~8–12 full scans
Everything in Basic
Priority scan queue
Team collaboration
Audit logs
Get started
Most popular
Premium
$ 70
70 credits · ~20–28 full scans · 20% off
Everything in Standard
20% volume discount
Advanced reporting
Multiple targets
Get started
Enterprise
$ 150
150 credits · ~50–60 full scans · 25% off
Everything in Premium
25% volume discount
Dedicated email support
MSSP & multi-org
Contact us

Need a custom amount? Purchase any quantity from $10 at $1 per credit. See full pricing details →

Included with every credit pack

Full platform access, always

Every credit pack unlocks the complete PenScan platform. No feature tiers, no upsells.

All 7 scanner types
Combined vulnerability report
Cross-scanner deduplication
Subdomain & asset discovery
DNS ownership verification
Trust certificates & widgets
Vulnerability management dashboard
Team RBAC (Owner/Analyst/Viewer)
Remediation progress tracking
Audit & action logs
Severity-ranked findings
Unlimited report exports
Flexible

Need a specific amount?

Purchase any custom credit amount starting from $10. Every dollar is one credit.

Custom credit amount
$ 10+

Minimum $10 · 1 credit per $1 · No expiry · Secure checkout via Razorpay

Purchase credits
FAQ

Common questions

Everything you need to know about PenScan.

Yes — PenScan enforces ownership verification via DNS TXT records before any scan begins. You can only scan domains you demonstrably control. Additionally, users must accept a legal disclaimer confirming they have authorization to test the target. This makes PenScan both legally sound and ethically responsible.
A full combined scan typically completes in 15–30 minutes, depending on the size and complexity of your target. All seven scanners run concurrently — ZAP accounts for 35% of the scan weight and usually takes the longest. You'll receive a notification when results are ready.
One credit is worth $1 and powers approximately one full combined scan of a single target. A "full scan" runs all seven scanners simultaneously. Passive asset discovery (subdomain enumeration) on target creation is free and doesn't consume credits.
No. Credits never expire. Buy what you need now and use them at your own pace — whether that's tomorrow or six months from now.
Yes. PenScan supports team collaboration with role-based access control. Invite team members as Owners (full access), Analysts (can run and review scans), or Viewers (read-only access to reports). All roles operate within your organization's isolated workspace.
PenScan orchestrates seven industry-standard tools: OWASP ZAP (web app scanning), Nuclei (CVE & misconfiguration templates), Wapiti (SQLi, XSS, CSRF), Nikto (web server fingerprinting), SSLyze (TLS/SSL analysis), Nmap (port & service discovery), and Dalfox (advanced XSS fuzzing). Results from all tools are merged and deduplicated into a single report.
Absolutely. Each organization's data is isolated in a multi-tenant architecture — no other user or organization can access your targets, scans, or vulnerability reports. Data is encrypted in transit (TLS 1.3) and at rest.
Get started today

Your next scan is
minutes away

Add a target, verify ownership with a DNS record, and run your first full security scan. No setup, no infrastructure, no waiting.

Start scanning free Talk to our team

No credit card required  ·  Credits never expire  ·  Cancel any time