Features
Vulnerability Scanning API. Ready-to-use scan engines.
Integrate our pentesting and vulnerability scanning tools into your internal security testing flows. Enhance your Continuous Integration (CI) flows or add extra data to your custom applications with our API.
Get up and running in a few minutes
Add automated security scanning to your self-testing builds
Easily integrate it based on the detailed API reference
Getting started
Get up and running in a few minutes
Use our API straight out of the box: set your parameters and save invaluable time with our pre-configured scanners. Launch and delete scans in bulk and focus on interesting findings while we deliver accurate results. It only takes a few lines of code to initiate scans in several workspaces and run the same scan against multiple targets. Check out our sample API client to see for yourself!
{
"op": "start_scan",
"tool_id": 170,
"target": "http://demo.pentest-tools.com/webapp/",
"tool_params": {
"scan_type": "full_new",
"follow_redirects": true
}
}Full-featured
An API built for security and IT experts
Using the Pentest-Tools.com API offers you more time to do what you love the most.
More control
Use the vulnerability ID to filter and zoom in on interesting findings or edit them.
More accuracy
Automatically map and scan redirects with zero impact to your initial setup.
More reliability
Get instant feedback on potential errors before the scan starts.
More flexibility
Merge, modify, and customize output from multiple scanners or 3rd party tools.
Easily integrate it using the detailed API reference
It’s really easy to scan multiple targets simultaneously using the API with minimal input from your side. Plus, you can instantly see if scans are running properly, eliminating errors and duplicate work. With the Pentest-Tools.com API, you can always start, stop, and query scans against up to 1000 targets with multiple pentesting tools - in a machine-friendly format (JSON).
“The schedule function of Pentest-Tools.com is step one and our next move is to automate scans using the API.”
Trusted by experts at
Improve self-testing builds with security scanning
Make your releases less risky and your security issues easier to fix - proactively. Establish continuous security testing and automate it for maximum efficiency with the Pentest-Tools.com API. Deploy safe, resilient code by running security assessments with our ready-to-use scanners. Enhance your CI/CD process with built-in vulnerability testing to remove unintended backdoors and misconfigurations that endanger performance.
Use cases
4 ways to use the Pentest-Tools.com API
Ship safer deployments with less bugs and no major vulnerabilities
Capture security issues early by integrating our API into your automated tests. Reduce your attack surface based on accurate, prioritized findings: troubleshoot misconfigurations, identify and close open ports, limit outsiders’ access to internal network services, and more! Make delivering secure code your competitive advantage.
Scan new infrastructure while deploying it
Add the Pentest-Tools.com API to your deployment pipeline and discover vulnerabilities as they emerge. Use it to find issues such as outdated server software, SQL injection, XSS risks, security gaps in network services, and more. Our API is well-suited for complex deployment scripts. Run authenticated security tests and scan internal networks through VPN to get results for a broad range of apps and network components.
Reduce your testing costs (time & money)
Merge our API into your CI/CD server and run 11 security tools in a matter of seconds! Replace manual work with scheduled scans and free up internal resources. Set your scripts to run during the night and get more out of your workday. Spend more time on strategic tasks such as updating workflows for a boost in productivity.
Integrate our tools into your web app, dashboard, or network
Prefer things done your way? We get it! Incorporate data from our API into your UI. Get reliable, consistent scan results from up to date scans engines we maintain. Choose the features you want to use and set it up to get crucial findings - filtered and organized just how you like it.
Developed for
Pentesters
Who lack the time to develop their own discovery modules
Network security specialists
In charge of security risk assessments
DevOps teams
Tasked with preventing security gaps in web apps
Developers
Who understand and manage application security risks
Pentesters
Looking to preview the scope and work for their future engagements
Business owners
With a knack for security as a core performance metric
Everything you need
All-in-one platform
Become a Teams customer and get access to the Pentest-Tools.com API plus everything else our platform has to offer.
Authenticated website scans
Scan websites that require authentication as a logged-in user.
Internal network scanning
Scan targets from your internal/private network over VPN.
Multi-user access
Add multiple users to share your plan resources with.
JIRA integration
Create JIRA issues directly from the scan findings.
White label reports
Customize the branding of the reports with your own logo.
Access to all 20+ tools
Get access to all the tools on our platform and more.
Start using the platform today.
Unlock the full power and features of our platfom!
Compare pricing plans and discover more tools and features.
FAQ
Common questions
Currently, the following tools can be used through our API: Website Scan, Subdomain Finder, Find Virtual Hosts, Port Scanner, UDP Port Scan, Network Vulnerability Scanner, URL Fuzzer, SQLi Scan, XSS Scan, WordPress Scan, Drupal Scan.
We plan to add support for other tools and scanners at Pentest-Tools.com in future iterations. Keep an eye on our changelog, blog, and on our LinkedIn page to be the first to know when we do! You can also explore more details in the Support Center.
Reviews & Testimonials
What our customers say about Pentest-Tools.com
90% of the early recon work is done for us
Flexibility
Very simple to use
Extensive suite of tools
Fast and accurate
Imagine a world where all your "onsite" testing was performed offsite. Where your only choice is to send an appliance to a client site. That would never happen right? Well it did in February 2020. We started looking at this puzzle in August of 2019 to answer a problem for a very specific group group of clients and Pentest-Tools.com had a suite of tools that would work for us. And they had an API!
Fast forward to May of 2020. Thanks to the flexibility of Pentest-Tools.com, and the responsiveness of their support and development teams, we are shipping bespoke appliances to clients to use as drop boxes. But rather than just spin up a VPN, we gave the client a simple portal to log into and click "start" on their test. Using the full extensive suite of tools through the API, 90% of the early recon work is done for us with a simple PHP and Python script. Even the report is partially completed.
If you are a solo pentester, or a small testing house, then I would heartily recommend Pentest-Tools.com. The platform is very simple to use, fast and accurate.
Peter Bassill
The go-to platform for automated web vulnerability assessments
Ease of use
Great reporting capabilities
"Pentest-Tools.com is my team's first go-to solution.
Anytime we are preparing to deploy a new version of our software, we run many tools to monitor and secure our environment, but the simplicity and ease we have with Pentest-Tools.com to run network and web server scans to highlight issues is unmatched."
Ioan Constantin