External Recon
Enumerate subdomains, parse certificate transparency logs, and build an OSINT target map before the engagement kicks off.
Your AI assistant for recon, exploitation, and professional pentest reporting
Define your scope constraints, then let PentestAI help you enumerate attack surface, trace lateral movement chains, surface CVE context, and generate PoC scaffolds — all within your declared engagement boundaries.
Your prompts are never used to train AI models. Data handling policy
Built for real pentest work
Vulnerability Chaining
Walk through multi-step exploitation paths (SSRF → IMDS → IAM key theft) and get PoC skeleton code within your declared scope.
Lateral Movement
Model pass-the-hash, Kerberoasting, and GPO abuse chains against Active Directory environments with step-by-step guidance.
Report Writing
Draft finding narratives, CVSS rationale, and executive summaries. PentestAI speaks both C-suite and NIST.
CTF / Lab Assistance
Unstick yourself during HackTheBox or OSCP lab boxes with targeted hints — you control depth.
Tooling & Payloads
Get help with custom Burp extensions, Nuclei templates, or Python exploit scripting without starting from scratch.
Transparent pricing
A genuine free tier with a hard spend cap — no credit card, no time limit. Verified professionals can apply for a higher cap billed at actual cost.
Free tier
Free
$1/week
Up to $1 of LLM spend per week. Shared daily pool of 20 requests across all users.
No credit card required.
Get started freePay-as-you-go
Verified Pros
Usage-based
Verified professional pentesters can request a higher spend cap. Billed by actual token spend at cost.
Requires professional verification.
Apply for accessQuestions? Email us at the address in the footer.