01
Give us the URL.
Paste the address of the app you want to test. That's it. No agent to install, no firewall changes, no SSH access required.
AI PENTEST FOR SMB AND SAAS TEAMS
Point us at your domain. We try to break in like a real attacker would, then send you a clear report with proof and the exact fixes. Under an hour.
3 free credits to start. No card.
LIVEtty-01
How it works
Built for product teams that ship software but don't have a security engineer in-house.
02
We attack it.
Our AI behaves like a real attacker — maps your app, probes for vulnerabilities, chains them into realistic breach paths. Same playbook as a senior pentester, in under an hour.
03
You get the report.
A clear dossier with every finding, the proof it exists, and the steps to fix it. Hand it to your engineering team — or to us, we'll patch with you.
What's inside
Each module does one thing well. Together they reproduce the work of a senior security expert — automated, around the clock.
Watch us work
The War Room is the screen where you watch the scan happen. Your exposure, the findings with proof, the attack scenarios — everything streams in live as we work.
ENGAGEDscan :: vuln.targetSTAGE :: PROBING IDOR OBJECTSt+ 14m 32s
// intelligence
ASSETS
12
+2 today
ENDPOINTS
87
14 sensitive
IDENTITIES
4
1 admin
CHAINS
3
1 critical
PIPELINE04 / 06
// network map1 anomaly
// findings5
Mass-assignment :: role escalation/api/auth · CONFIRMED
IDOR :: cross-tenant read/api/users/:id · CONFIRMED
JWT :: weak HS256 :: forgeable/api/auth/refresh · CONFIRMED
CORS :: wildcard origin/api/* · PROBABLE
Rate-limit :: credential stuffing/api/login · PROBABLE
$scan executing :: 4 modules active :: streaming evidence
// captured during a live engagement — hover the chamber to inspect
From productionUpdated every 5 min
Lifetime totals from the private beta. Rounded down so the counter never runs ahead of what the engine has actually shipped.
// Scans launched260+Live engagements over the beta
// Vulnerabilities surfaced3,200+Confirmed findings across all targets
// Tool executions16,000+nmap · nuclei · katana · sqlmap · 50+ more
After the scan
Once you have the report, what's next.
You don't need to be a security engineer to act on it. Three paths, depending on who you have in-house.
You have a security team.
Hand them the dossier. Every finding ships with proof, reproduction steps, and the exact fix. No translation needed — engineers can patch straight from the report.
Run a scanYou don't.
We connect you with senior pentesters from our network who patch the findings with you, line by line. Pay-as-you-go, no retainer. You stay in control.
Get help patchingYou want it continuous.
Drop our SDK into your CI/CD. Every push, every release, the scan runs and the dossier lands in the PR. No manual trigger. Coming soon — early access.
Get on the listAudit-ready
A report your auditor recognizes.
The IntrudR dossier serves as technical evidence for SOC 2, ISO 27001, PCI-DSS, GDPR and NIS2 audits. Methodology aligned with industry-recognized standards. Every finding is mapped to CWE, OWASP Top 10 and scored under CVSS.
// EVIDENCE FOR
SOC 2
CC7 · Monitoring
// EVIDENCE FOR
ISO 27001
A.8.8 · A.8.29
// EVIDENCE FOR
PCI-DSS v4
Req. 11.3
// EVIDENCE FOR
GDPR
Article 32
// EVIDENCE FOR
NIS2
Risk measures
// METHODOLOGY ALIGNED WITH
OWASP ASVS v4control verification·
OWASP Top 10 2021category mapping·
NIST SP 800-115testing methodology·
PTESexecution standard·
CWEroot-cause taxonomy·
CVSS v3.1severity scoring
From the field
Verified comments from the public launch — original handles preserved.
// Founder featured in
L'Est ÉclairRegional press · May 2026
“Un étudiant aubois construit ses outils, l'hantavirus tracker d'abord — IntrudR ensuite.”
Read the article →· 10h ago
“honestly one of the sickest saas sites I’ve seen in a long time”
99+Reply
· 11h ago
“thats a great name and a great concept. gl man”
99+Reply
· 10h ago
“The design is great btw, my sideproject has something same, seems we have equal taste”
99+Reply
Pricing
Three tiers. Monthly billing. No setup fee. Cancel any time.
TIER
01 / RECON
Recon
Try us out. See what a real attacker would find.
FIELD STANDARD
02 / HUNTER
Hunter
For one product you want fully secured.
03 / ARSENAL
Arsenal
For several apps and APIs in production.
04 / SENTINEL
Sentinel
Whole organisation? We custom-fit and support you.
MONTHLY
€0
free forever
€49
/mo · €39 annual
€99
/mo · €81 annual
Custom
talk to sales
* All tiers run on isolated docker scanner containers. Replay-triple evidence is non-negotiable across all tiers.
** Credit costs: web 1 · infra/api 2 · full 3 · DEEP 5 · DEEP+WAF 8.
*** Annual billing available on Hunter and Arsenal with -25%.