Business impact
Full data exfiltration
PentX runs the whole engagement for you — recon, exploitation, evidence, and the report you'd rather not write — across external, internal, cloud and web. Autonomous, scoped, non-destructive. You review the findings, ship the report under your own brand, and keep the margin. The craft stays yours. The grunt work doesn't.
Every engagement is the same tax: recon, port and service enumeration, chasing low-hanging fruit, screenshotting evidence, and the soul-draining hours of report writing. It's most of the clock and none of the fun — and it's exactly what caps how many clients you can take.
PentX absorbs all of it:
What stays yours: the creative exploitation, the judgement calls, the scoping conversations, the client trust — and 100% of the invoice. PentX makes one of you deliver like a team.
No platform to master, no playbooks to script. You stay in control of scope and sign-off; PentX does the work in between.
Buy a credit, create your account, and define an authorized scope — external IPs/domains, an internal range, a cloud account, or a web app. Black box or white box.
The multi-agent engine reconnoiters, plans, exploits and validates — running 50+ real tools in a live sandbox. You watch every command and decision stream in real time.
Findings arrive proven, with evidence and repro steps. Export a client-ready report with your logo and colors — PDF, DOCX or JSON. Free retest to verify the fix.
Scanners list maybes. PentX reasons like a tester: it explores, exploits, and proves — then only ships what it can demonstrate. Here's what's actually running.
Findings ship only with a working exploit, request/response captures, screenshots and reproduction steps. Unvalidated noise is filtered before it ever reaches you.
Every command, decision and reasoning step streams live. Audit the agent's logic in real time — full transparency, not a black box that hands you a PDF.
Non-destructive by default: a hard ban-list blocks dangerous commands, scope is enforced, tools are rate-limited, jobs are process-isolated and timed out, everything is logged.
A fine-tuned model grounded (via RAG) in a curated command knowledge base, expert attack scenarios and a CVE-enriched vuln dataset — drawn from 500+ real pentest reports.
Reinforcement-learned to explore unconventional paths and recover from dead ends — instead of looping or quitting early like rule-based automation.
Schedule recurring scans against a scope and turn one-off tests into a continuous-testing retainer — recurring revenue, no extra hours from you.
Black box or white box. Take the engagement even when it's outside your comfort zone — PentX has the coverage.
Internet-facing attack surface, run entirely from the cloud — nothing to install.
A single outbound-only container in the client network. No inbound firewall rules.
Cloud-facing posture and exposure across your client's footprint.
Crawling, fuzzing and injection testing with proof, not just signatures.
A freelancer's reputation is the report. So PentX makes it client-ready and unmistakably yours — every finding demonstrated, mapped to impact, with the fix spelled out.
Your output is capped by delivery time. Hand the repeatable 80% to PentX and the same hours cover far more engagements — at a delivery cost from €250 against the €1,500–€4,000 a pentest typically bills.
Drag the sliders. See what your calendar is actually worth.
Illustrative: assumes PentX absorbs ~70% of delivery time (weeks→hours) so the same hours cover up to ~3× the engagements, at €250/pentest on the 10-pack. Your numbers will vary.
The questions every serious operator asks before trusting automation with their name. Straight answers.
"We started onboarding PentX to replace our external infrastructure audits. Same team, a fraction of the hours, and the ROI was obvious almost immediately."
An offensive team cut report production from ~25 hours of manual writing to ~4 hours of senior review — freeing engineers for billable exploitation and advisory work.
A provider went from 8–12 outsourced engagements a year to 125 delivered in-house, cutting cost per pentest ~70% — without growing the team.
PentX-powered reports submitted to Big Four auditors for a full year. Every report accepted. Zero revisions requested.
1 credit = 1 full engagement on a target scope (external, internal, cloud or web) + a free retest. No subscription, no lock-in.
ROOT99 at checkout · ongoing €350/creditMoney-back guarantee. If your first report doesn't meet your standard, we refund it — you judge the quality before your name ever depends on it. Transparent per-credit pricing, every credit includes a free retest, and scope is confirmed before launch.
No. PentX runs real commands in a live sandboxed environment and proves exploitability before anything reaches the report. A finding only ships with a working exploit, request/response captures, screenshots and reproduction steps. Unvalidated noise is filtered out before you ever see it.
It replaces your grunt work, not your judgement. The repeatable 80% — recon, enumeration, evidence capture and report writing — runs autonomously. The creative exploitation, the scoping calls, the client relationship and the final sign-off stay yours. PentX lets one operator deliver like a team.
External, internal, cloud and web application testing — black box and white box. Internal engagements run from a single outbound-only container inside the client network (Active Directory enumeration, lateral-movement path discovery, internal service exploitation) with no inbound firewall rules required.
PentX is non-destructive by default. A hard command ban-list blocks destructive actions, scope is enforced, resource-intensive tools are rate-limited, every job is process-isolated with enforced timeouts, and the full command log is auditable. Nothing runs against assets you didn't authorize.
They already do. PentX-powered reports have cleared Big Four audits for 12 months with zero revisions, map to ISO 27001, SOC 2, PCI DSS and GDPR, and ship under your brand — not ours. Add a named CREST-certified co-sign when an insurer or regulator requires it.
Completely. Your logo, your colors, your cover — across all four report types (full technical, executive summary, public compliance, single-vulnerability) and all three formats (PDF, DOCX, JSON). PentX never appears to your client.
You buy pentest credits. One credit = one full engagement on a target scope, plus a free retest to verify the fix. Packs start from €250 per pentest. No subscription, no lock-in, and a money-back guarantee on your first report.
Buy a credit and create your account at app.pentx.ai/join, define your authorized scope and launch. The engagement runs in hours, not weeks. Prefer to talk first? Book a 15-minute call and we'll walk you through a live run.
Autonomous AI pentesting across external, internal, cloud and web — white-label under your brand, non-destructive, money-back guaranteed. Take on more clients without adding hours.