AI pentest results in under 10 minutes — no credit card

AI pentesting.
Actionable in minutes.

Pentry scans your site the same way hackers would, then hands you a plain-English report with exact step-by-step fixes. Safe, non-destructive, and ready in under 10 minutes.

Start free scanSee a sample report

Free forever for passive scans · No credit card

https://

No exploitation. No changes to your site. Your users won’t notice anything.

What we’re running against your site

8,000+
Vulnerability templates
Nuclei community + ours
200K+
CVEs cross-referenced
From the NIST NVD catalog
50+
Tech fingerprints
Next.js, Rails, Django, WordPress…

Made for vibe coders · indie devs · founders shipping fast — the same battle-tested engines pros pentest with, in a workflow you’ll actually use.

How it works

Three steps. Twenty minutes.

No agents to install. No code to add. Just plug in your domain and let Pentry do the work.

01
1–2 min

Add & verify your domain

Paste your hostname, then prove ownership with a single DNS TXT record, HTML file, or meta tag — whichever's easiest. Takes a minute.

02
3–10 min

Run a scan

Pentry crawls your site like an attacker would, fingerprints every endpoint, and tests for 8,000+ known issues.

03
Instant

Get the report

Severity-graded findings with evidence, plain-English fixes, and copy-paste AI prompts you can drop into Cursor or Claude.

The report

A report you can read — or paste straight into Cursor.

Every scan ships you a clean PDF and a shareable dashboard with severity counts, evidence, and plain-English explanations. For each finding we also include a ready-to-paste AI prompt and a suggested code patch — drop it into Cursor, Claude Code, or Copilot and ship the fix in minutes.

Executive summary with severity counts
Findings grouped by severity (Critical → Info)
Raw request/response evidence for every issue
Plain-English remediation steps
Copy-paste AI prompts for Cursor / Claude / Copilot
Suggested code patches for common fixes
Downloadable PDF + shareable dashboard link
Methodology and glossary appendix
View a sample reportGenerate yours

Coverage

What Pentry looks for

We test for the same classes of vulnerabilities a manual pentester would — using 8,000+ templates plus an AI agent for deep analysis.

Exposed secrets & files

Leaked .env files, .git directories, backup files, configuration dumps, source-code disclosure.

Injection & XSS

SQL injection, command injection, server-side template injection, reflected and stored XSS.

Auth & session flaws

Default credentials, weak password policies, missing MFA, session fixation, broken access control, IDOR.

Misconfigurations

Missing security headers, CORS wildcards, open S3 buckets, exposed admin panels, directory listing.

Known CVEs

Outdated software with known vulnerabilities — frameworks, CMS plugins, dependencies, server versions.

SSRF, RCE, IDOR

Server-side request forgery, remote code execution, insecure direct object references, path traversal.

Pricing

Start free. Scale when you need to.

Free shows you if you're vulnerable. Pro shows you what and how to fix it.

Free

$0

Kick the tires. 1 scan, locked findings.

  • 1 target
  • 1 AI scan per month
  • Severity + count summary
  • Finding titles & details locked 🔒
  • Remediation guidance locked 🔒
Start free
Indie dev

Solo

$19/ month

Full findings + remediation on one site. Monthly cadence.

  • 1 target
  • 3 AI scans per month
  • Full finding details + evidence
  • Plain-English remediation + code
  • PDF reports
  • Email notifications
Start Solo
Most popular

Pro

$49/ month

Up to 5 targets, daily monitoring + 10 AI scans/month. Roughly 1/400th the cost of one traditional pentest.

  • Up to 5 targets
  • 10 AI scans per month
  • Daily auto passive rescans
  • Full finding details + evidence
  • Plain-English remediation + code
  • Slack / Discord / webhook
  • API access for CI/CD
Start Pro
For teams

Pro Max

$149/ month

Up to 20 targets and 50 AI scans/month — everything in Pro, scaled.

  • Up to 20 targets
  • 50 AI scans per month
  • Daily auto rescans on every target
  • Priority scan queue
  • GitHub + Jira issue creation
  • Audit log + CSV exports
Start Pro Max

14-day money-back guarantee on paid plans · Unlimited passive scans · No credit card for Free

Running 20+ sites or need SSO / DPA? See the Fleet tier →

Who it's for

Built for teams without a pentester on staff

Solo founders & indie hackers

You shipped fast. Now check for the easy wins attackers look for first — exposed files, default creds, missing headers.

Growing SaaS teams

Run continuous Pro scans before every release. Share PDFs with auditors, customers, and SOC 2 reviewers.

Agencies & freelancers

Add a security checkup to every client delivery. White-label reports from one dashboard.

Non-destructive by design

Pentry only looks for vulnerabilities — it doesn't exploit them, won't write to your database, won't make any state changes, and won't trip any tripwires. Your users won't notice anything. Scope is enforced to your verified domain only.

FAQ

Questions, answered

Is the scan safe?
Yes. Pentry only looks for vulnerabilities — it never exploits them, never writes to your database, and never makes state changes. Your users won't notice anything. We never run destructive or DoS-style payloads.
How long does a scan take?
Free passive scans typically finish in 1–3 minutes. Pro AI-driven scans take 3–10 minutes — discovery, fingerprinting, vulnerability matching, and the two-pass AI review all happen in parallel. You'll get an email when results are ready.
What's actually in the Free tier?
You get 1 target and 1 AI scan per month, with the severity counts and CWE classes visible — so you can see if you have problems. The finding titles, evidence, and remediation are locked behind Pro. Free is a real preview, not a demo.
What does Pro add?
Pro unlocks full finding details (titles, evidence, remediation, code snippets), adds daily automatic passive rescans (so you catch new regressions), gives you 10 AI scans per month, and sends you email notifications when something new is found.
When should I upgrade to Pro Max?
If you have more than one site, or you need more than 10 AI scans per month. Pro Max gives you up to 10 targets, 30 AI scans/month, and priority queueing — built for small teams or agencies running scans for multiple clients.
Works with my stack?
Yes. Pentry is HTTP-based and stack-agnostic — works with Next.js, Rails, Django, Laravel, WordPress, Shopify, Webflow, custom apps, no-code, low-code, anything that speaks HTTP.
Is my data secure?
Reports and raw artifacts live in encrypted object storage. Access is gated through short-lived signed URLs. We never share or sell scan data.

Find what attackers will — first.

Free, no credit card. First scan in under 10 minutes.

Start scanning now