AssurePort
Capabilities Compliance gates Pricing Sign in Start free
⛨ Cloudflare EU edge · D1 weur · R2 EU jurisdiction

AI penetration testing.
Built for the EU.

Three attack surfaces — web, mobile APK, GitHub repo — driven by Claude Sonnet 4.6 agents that exploit, prove, and report. Every scan is gated by Domain Control Verification and an AI-validated Rules of Engagement document. Pay per token through Polar.sh.

Start free with $1 credit → See pricing
Production EU edge
KVKK + GDPR + DORA
No password — magic link
Three attack surfaces · one platform

Web, mobile, and source code — covered.

Every engagement gets the right model stack: Sonnet 4.6 for exploitation and recon, Haiku 4.5 for compliance and reporting, Opus 4.7 as rate-limit fallback. Prompt caching keeps cost-per-scan under your tier's threshold.

🌐

Web pentest pipeline

4-phase OWASP-aligned flow: recon, parallel vulnerability analysis, conditional exploitation with proof-of-concept, post-exploitation, and executive report.

reconinjectionxssauthauthzssrfpost-exploitreport
📱

Mobile APK scan

Static analysis with apktool + jadx. Detects insecure storage, hardcoded secrets, exported components, network plaintext, debug flags. PoC examples per finding.

reconsecretsstoragenetworkcomponentsreport
📦

GitHub repo SAST

Whole-repo audit: secret leaks, dependency CVEs, IaC drift, auth/authz patterns, and policy bypasses across the codebase. Produces remediation tickets ready for issue tracker.

reconsecretssastdependencyiacauthreport
No scan starts without proof

Compliance gates baked into every dispatch.

CLAUDE.md red-line: an AI pentest tool that doesn't gate execution is a legal hazard. AssurePort enforces two hard gates and a credit pre-authorisation before a single byte hits the target.

GATE 1

Domain Control Verification

Three methods: _assureport.<domain> TXT record, <meta name="assureport-verification"> tag, or /.well-known/assureport-challenge.txt. Any one passes. Lookup runs through Cloudflare 1.1.1.1 DoH so it works on the edge.

GATE 2

Rules of Engagement

Upload signed PDF. Claude Haiku 4.5 extracts signing party, in-scope targets, validity window, out-of-scope clause. Score ≥ 0.85 + future expiry → status valid. Otherwise 412.

GATE 3

Credit pre-authorisation

Every scan reserves credits up-front in an immutable, append-only ledger (token_ledger with replay-safe idempotency_key). No credit, no scan. Refund on pipeline error.

KVKK · TR data protection
GDPR · EU regulation
DORA · TLPT-ready
NIS2 · supply-chain audit
ISO 27001 · controls mapping (alpha)
Polar.sh checkout · TR-MoR · KDV/VAT handled

Pay per scan, or subscribe for monthly credit.

1 credit = $0.01 of API spend. Average web scan ~6,000 cr ($60). Mobile ~3,000 cr ($30). GitHub ~2,000 cr ($20). Prompt caching keeps the actual cost-per-scan well below the headline number on most engagements.

Starter
$25USD
2,500 credits
  • ~1 mobile scan
  • Or 12 mid-sized GitHub scans
Sign in to buy
Standard
$50USD
5,000 credits
  • ~2 mobile scans
  • Or 1 web pentest
Sign in to buy
Pro · Most popular
$100USD
10,000 credits
  • ~1.5 web pentests
  • Mixed engine usage
  • Best per-credit value below subscription
Sign in to buy
Team
$250USD
25,000 credits
  • ~4 web pentests
  • Multiple assets
Sign in to buy
Bulk
$500USD
50,000 credits
  • ~8 web pentests
  • Quarterly engagements
Sign in to buy
Team
$49/month
5,000 credits / month
  • 3 users
  • Email support
  • Slack webhook
  • Roll-over up to 2× included
Subscribe
Business · Best value
$299/month
30,000 credits / month
  • 10 users
  • SSO (OIDC)
  • Priority support
  • Jira integration
  • Dedicated EU residency
Subscribe
MSSP Bronze
$399/month
50,000 credits / month
  • White-label sub-domain
  • 40% wholesale on overage
  • Auditor portal
  • Custom report template
Talk to us

Sign in. Verify a domain. Run a scan.

No credit card up-front. We auto-create your tenant and credit $1 of starter balance the moment you click your magic link.

Start with email →