Pricing · AUD

Plans that scale with you

Free forever for individual researchers. Upgrade when your scale demands automation and team features.

Free

for individual researchers getting started

Free
  • manual finding submission
  • 100 findings
  • basic public profile + badges
  • AI chat (20 messages/day)
  • 2 API tokens
  • 5 monitored assets
  • 2 alert rules
  • breach check
  • community stats
Most popular

Pro

for active researchers and bug hunters

A$12/month
  • everything in Free
  • unlimited findings
  • automated repo scanning
  • GitHub code search
  • paste site monitoring (20 keywords)
  • bulk import/export
  • unlimited AI chat
  • 20 API tokens
  • 50 monitored assets
  • 25 alert rules
  • Slack & Discord webhooks
  • finding templates
  • key activity checker
  • security tools (10 runs/day)
  • CORS scanner
  • header analyzer
  • subdomain enumeration
  • 1,000 API requests/hour

Enterprise

for security teams and organizations

A$39/month
  • everything in Pro
  • unlimited everything
  • dark web monitoring (unlimited keywords)
  • team accounts (up to 50 members)
  • finding assignment & priority
  • custom secret patterns
  • scheduled cron scans
  • generic webhook + Jira/PagerDuty
  • all security tools (unlimited)
  • IDOR tester
  • open redirect checker
  • API endpoint fuzzer
  • vulnerability scanner
  • 10,000 API requests/hour
  • priority support

Feature comparison

What's included in each plan.

FeatureFreeProEnterprise
Manual finding submission
Public researcher profile
AI chat20/dayUnlimitedUnlimited
Total findings100UnlimitedUnlimited
Automated repo scanning
GitHub code search
Paste site monitoring
Bulk import / export
Slack / Discord webhooks
Finding templates
Monitored assets550Unlimited
Alert rules225Unlimited
API tokens220Unlimited
API requests / hour1001,00010,000
Security tools10 runs/dayUnlimited
Pay-as-you-go credits
Dark web monitoringUnlimited keywords
Team accountsUp to 50
Finding assignment + priority
Custom secret patterns
Scheduled cron scans
Generic webhooks (Jira, PagerDuty)
Priority support
Pay-as-you-go

Credits for overages

Don't need a plan? Buy credits and pay per use. Works alongside any plan for overages.

api2

API Request

any API call beyond plan limit

A$0.001/request

Burst API (1000)

1000 API requests burst

A$0.50/bundle

scan4

Repo Scan

scan a repo for all secret patterns

A$0.05/scan

GitHub Code Search

search GitHub for a pattern

A$0.03/search

Paste Site Scan

scan paste sites for one keyword

A$0.02/keyword

Dark Web Scan

search darkweb for one keyword

A$0.05/keyword

tool7

CORS Scanner

test domain for CORS misconfig

A$0.10/domain

Header Analyzer

check security headers

A$0.05/url

Subdomain Enum

discover subdomains via CT logs

A$0.08/domain

IDOR Tester

test endpoint for IDOR

A$0.15/endpoint

Open Redirect Check

test for open redirects

A$0.08/url

API Fuzzer

fuzz endpoint with payloads

A$0.20/endpoint

Vulnerability Scan

comprehensive analysis

A$0.25/target

AI1

AI Chat Message

AI message beyond plan limit

A$0.01/message

notification2

GitHub Issue

create disclosure issue

A$0.03/issue

Bulk Export

CSV or JSON export

A$0.02/export
34 SecOps + 35 InfoSec tools

Security testing tools

Live tools are available now, and the broader catalog is visible across SecOps and InfoSec so buyers can see where the platform is headed.

SecOps

34

Exposure monitoring, asset inventory, cloud posture, identity, and operational audits.

InfoSec

35

Web app, API, auth, and offensive security checks spanning the full SecOps and InfoSec tool catalog.

CORS Misconfiguration Scanner

proinfosec

test for dangerous CORS configs — origin reflection, null origin, wildcard + credentials

Configurationor A$0.10 /use

Security Header Analyzer

prosecops

check for missing or misconfigured headers — CSP, HSTS, X-Frame-Options, and more

Configurationor A$0.05 /use

Subdomain Enumeration

prosecops

discover subdomains via certificate transparency logs and surface interesting prefixes

Attack Surfaceor A$0.08 /use

IDOR Endpoint Tester

enterpriseinfosec

test API endpoints for insecure direct object references

Access Controlor A$0.15 /use

Open Redirect Checker

enterpriseinfosec

test URL parameters for open redirect vulnerabilities

Web Appor A$0.08 /use

API Endpoint Fuzzer

enterpriseinfosec

fuzz endpoints with SQL injection, XSS, path traversal, and command injection payloads

API Securityor A$0.20 /use

Vulnerability Scanner

enterprisesecops

comprehensive checks for headers, CORS, TLS, tech fingerprinting, and exposed paths

Exposureor A$0.25 /use

Attack Surface Monitor

prosecops

track newly exposed hosts, apps, and services over time

Attack Surfaceor A$0.00 /use

Certificate Expiry Watch

prosecops

watch TLS certificates and alert before they age out

TLSor A$0.00 /use

Domain Takeover Watch

enterprisesecops

watch for dangling DNS and subdomain takeover conditions

Attack Surfaceor A$0.00 /use

SSRF Probe

enterpriseinfosec

probe server-side fetch flows for SSRF behavior and metadata access

Web Appor A$0.00 /use

Rate Limit Auditor

proinfosec

verify rate limiting, burst handling, and account lockout behavior

Abuseor A$0.00 /use

Cache Poisoning Probe

enterpriseinfosec

probe shared caches for poisonable keys and host confusion

Infrastructureor A$0.00 /use
FAQ

Pricing questions