Pay for the engagement, not seats. Every tier includes the full 41+‑module pentest, AI chat, compliance‑mapped PDF, and the zero‑FP guarantee. Upgrade for the full 13‑agent orchestrator, internal‑network scanning, and continuous monitoring.
| Feature | Plus | Premium | Enterprise |
|---|---|---|---|
| External pentest | |||
| Full 41+‑module scan | ✓ | ✓ | ✓ |
| Chat‑driven workflow + AI follow‑ups (grounded) | ✓ | ✓ | ✓ |
| Zero‑FP AI validation (Validator agent) | ✓ | ✓ | ✓ |
| Authenticated scans (form‑login, JWT, OAuth) | ✓ | ✓ | ✓ |
| Quick (~10 min) & deep (~20 min) scan modes | ✓ | ✓ | ✓ |
| Risky‑subdomain auto deep‑scan | · | ✓ | ✓ |
| Exploitation & analysis | |||
| Full 13‑agent orchestrator | · | ✓ | ✓ |
| Cross‑user BOLA / IDOR detector (secondary account) | · | ✓ | ✓ |
| WAF detection + 70+ bypass‑payload scoring | · | ✓ | ✓ |
| Attack‑path graph + blast‑radius | · | ✓ | ✓ |
| MITRE ATT&CK mapping | · | ✓ | ✓ |
| Dark‑web / breached‑credential check | · | ✓ | ✓ |
| Internal & continuous | |||
| Internal / network scan (agent‑based) | · | 1 agent | Unlimited |
| Continuous monitoring (1h, 6h, 12h, 24h, 48h, weekly) | · | · | ✓ |
| Diff‑based new‑finding alerts (Slack, webhook, email) | · | · | ✓ |
| Reporting & compliance | |||
| Compliance‑mapped PDF (7 frameworks + CWE / CVSS / MITRE) | ✓ | ✓ | ✓ |
| White‑label reports | · | · | ✓ |
| Free re‑tests after remediation | 1 | 2 | Unlimited |
| Team & integrations | |||
| SSO + RBAC + audit log | · | · | ✓ |
| API access for CI/CD | · | · | ✓ |
| Dedicated CSM, custom SLA, private deploy | · | · | ✓ |
| Reasoning trace per agent | · | · | ✓ |
| Pricing | |||
| Per test | $2,500 | $5,000 | Quote |
Quick mode: about 8 to 12 minutes. Deep mode: about 15 to 25 minutes. The PDF is ready the moment the scan completes; no waiting on a consultant. You can keep working in the dashboard or chat while it runs in the background.
Yes. One target, one full engagement, one report. Add team seats at no extra cost. Pricing scales with engagements, not headcount.
One root domain plus its subdomains. Auto‑discovered subdomains are included; risky‑subdomain auto‑deep‑scan (admin, staging, dev, vpn, api) is bundled in Premium and Enterprise.
Yes. Sign‑up is free, no card required. By default you can scan your own email‑domain and its subdomains, so a user@acme.com can scan acme.com and staging.acme.com without paperwork. Larger or out‑of‑domain engagements move to a paid tier.
Those scanners ship findings. Zeroday IQ ships validated findings. The Validator agent drops anything without raw evidence and a working PoC, so what reaches your inbox is what a human pentester would have written down. Not a queue of "potential" issues.
Plus: 1 retest. Premium: 2. Enterprise: unlimited. We re‑run the same modules against the same target so you get a clean diff of what was fixed.
You install a small Docker‑packaged agent on a host inside your network. It registers with a token issued by your super‑admin, runs the same pipeline against private CIDRs (network discovery, AD checks, lateral‑movement & privesc analysis), and ships findings back over an authenticated channel.
Yes. Enterprise includes a private deployment. We ship the same Flask app + MongoDB + agents, and you keep the keys.