One-time payment per site. Unlimited rescans.
Start with a free 1-page audit, no card. Upgrade when you want a full multi-page pentest.
Free Trial
Full pentest, 1 page
- 1 single-page audit (homepage)
- All 47+ web scanners (ZAP, Nuclei, sqlmap, BOLA-style)
- AI Agent / chatbot prompt-injection testing
- WordPress / WooCommerce specific checks
- Business logic (price/quantity tampering)
- SEO Audit (60+ checks) + AI-Readiness Score
- Security headers, SSL/TLS, sensitive files
- Email results delivery · no credit card required
No card · results in 2 min
Starter
For blogs & small SaaS
One-time · unlimited rescans
- Up to 25 pages crawled
- Email Security (SPF/DKIM/DMARC)
- SSL/TLS Analysis
- Security Headers + Cookies
- CORS + CSRF checks
- SEO Audit (60+ checks)
- AI-Readiness Score
- Sensitive files detection
- PDF Report
- Unlimited rescans of this site
Growth
For e-commerce & SaaS
One-time · unlimited rescans
- Everything in Starter
- Up to 100 pages crawled
- OWASP ZAP Active Scanner
- Nuclei (8000+ CVE templates)
- Subdomain Discovery
- JWT + OAuth + Session testing
- Business Logic flaws
- AI Fix Generator (50/day)
- Scheduled rescans (weekly/monthly)
- Detailed PDF Report
Business
For large platforms
One-time · unlimited rescans
- Everything in Growth
- Up to 500 pages crawled
- Multi-Role Auth Testing (BOLA/BFLA)
- SQL Injection Deep Scan
- SSRF + GraphQL + HTTP Smuggling
- Race Condition Testing
- AI Prompt Injection (LLM apps)
- Mobile App Analysis (APK/IPA)
- AI Fix Generator (UNLIMITED)
- White-label PDF Report
- Priority queue + email support
Need 1000+ pages, custom integrations, or SLA? Contact us for a custom plan.
Frequently asked questions
Do I pay monthly or once?+
AuditCore is a one-time payment per site. You pay once for a tier (Starter $29, Growth $99, or Business $299) and rescan that site as often as you want — there's no subscription. Higher tiers always cover lower-tier rescans.
Is there a free scan?+
Yes. The Free Trial gives you a single-page audit with the full security stack (47+ scanners), SEO Audit (60+ checks), AI-Readiness Score, security headers and SSL — no credit card required.
What is a 'page'?+
A page is one URL crawled by our Playwright crawler. Starter covers 25 pages, Growth 100 pages, Business 500 pages. The crawler follows internal links from your homepage. You can also exclude specific paths.
Can I rescan after fixing issues?+
Yes — rescans are unlimited and free for every site you've paid for, forever. We diff results between scans so you can verify which findings are fixed and which are new.
What's included in the Growth tier vs Starter?+
Growth ($99) adds OWASP ZAP active scanning, Nuclei (8000+ CVE templates), subdomain discovery, JWT/OAuth/session testing, AI prompt-injection testing, and 50/day AI Fix Generator quota. Starter ($29) is surface checks only — headers, SSL, SEO, sensitive files.
Do you offer a money-back guarantee?+
Yes — 7-day money-back guarantee, no questions asked. If you're not satisfied with the report, email [email protected] for a full refund.
Do you scan mobile apps?+
Yes. The Business tier ($299) includes APK and IPA static analysis — manifest, permissions, secret detection in binary, certificate pinning, native binary protections (PIE, NX, RELRO), and 14 tracker SDK detection.
Is the scan safe to run on production?+
Yes — by default we run safe scanners. Active scanning (ZAP, sqlmap) uses --batch and --technique=BEU profile that avoids destructive payloads. You can also restrict scope to specific paths if needed.
Do I need to verify domain ownership?+
For sites you don't own, no — but the report is shorter (we skip authenticated and active scans). For full results, add a TXT record or upload a verification file.
Can I integrate AuditCore into my CI/CD?+
Yes — there's a free GitHub Action (auditcore/scan-action), Slack slash command (/auditcore), webhook events with HMAC signatures, and a programmatic REST API with API keys (ac_live_*).