Skip to content

Pricing

Pricing that scales with your evidence cadence.

Free for one verified target. Move to Starter or Growth as your scan frequency grows. Add a Verified report when you need a human-reviewed deliverable.

90-second product demo - coming this week

While we finish the screencast, take the same tour in 60 seconds via the sample report - same data, paginated across the four auditor-ready PDFs.

See a sample PDF
14-day free trial

Start any paid plan with a 14-day free trial — no charge until it ends. Cancel any time before day 14 and you owe nothing.

A card is collected at checkout so the plan continues automatically after the trial. Manage or cancel from the billing portal.

Free

Kick the tires on a single verified target.

$0/ month
Start free
  • 1 verified target
  • 1 scan / month
  • DNS, TLS, security headers
  • No PDF export

Starter

Basic automated checks for solo founders.

$31/ month

Billed annually · save 20%

Starts with a 14-day free trial

Start free trial
  • 3 verified targets (web, API, repo)
  • 10 scans / month
  • Weekly evidence snapshots
  • Executive + Developer PDF reports
  • Compliance evidence rows (ISO / SOC2 / OWASP)
  • Retest workflow
Most popular

Growth

Full multi-surface coverage: web, API, repo, mobile, cloud, K8s.

$63/ month

Billed annually · save 20%

Starts with a 14-day free trial

Start free trial
  • 15 verified targets (any surface)
  • 100 scans / month
  • Mobile binary scan (APK / IPA)
  • Cloud audit (AWS / Azure / GCP via Prowler)
  • Kubernetes manifests (Kubescape NSA)
  • Advanced API testing (BOLA / BFLA / mass-assignment)
  • Repo scan: osv-scanner + gitleaks + Trivy + Semgrep
  • All 4 PDF reports (Executive / Developer / Compliance / Trend)
  • KEV + EPSS prioritization
For agencies

Agency

Repeatable multi-client coverage with branded reports.

$159/ month

Billed annually · save 20%

Starts with a 14-day free trial

Start free trial
  • 50 verified targets across 25 client workspaces
  • 15 team members
  • Branded PDF reports (Executive / Developer / Compliance / Trend)
  • Per-client Compliance dashboard
  • Multi-client dashboard with cross-workspace rollup

Enterprise

Custom limits, SSO, regulated environments.

Custom
Contact sales
  • Custom targets and scan volume
  • SSO / SAML
  • Advanced RBAC + audit logs
  • Internal scanner agent
  • Priority support
Optional add-on

Web3 / smart contract scanning

Layered on Growth or Agency. Token contracts, public wallet exposure, sanctions signals, liquidity risk, honeypot detection.

  • EVM (7 chains): Ethereum, Polygon, BSC, Arbitrum, Optimism, Base, Avalanche
  • Sui Move (Beta) - 19 static detectors + UpgradeCap owner classification
  • Solana (Beta) - verified-build + upgrade authority + Anchor IDL + SPL authority
  • Slither + Mythril + Echidna analysis (EVM)
  • Honeypot + fee-on-transfer detection
  • Owner classification (EOA / Safe / Timelock)
  • OFAC SDN compliance lookup
  • Web3 risk score on every target
$299per month
Optional add-on

Invasive testing (active attack payloads)

Layered on Growth or Agency. The active checks that send real attack payloads - safely, only on targets you explicitly authorize (staging recommended).

  • Active web scanner (OWASP ZAP): SQLi / XSS / CSRF / SSRF / path traversal / cmd injection / SSTI
  • OpenAPI contract fuzz (Schemathesis): generated POST / PUT / DELETE
  • Mass-assignment probe: privileged-field PATCH (confirmed CWE-915)
  • Host-header injection: password-reset + cache-poisoning primitive
  • Two-gate safety: add-on + explicit per-target authorization
  • Per-tool opt-out, staging-first, no DoS / brute-force
Read the invasive testing guide
$299per month

Verified Security Report - currently unavailable. Automated evidence reports remain available across Starter, Growth, and Agency.

All plans require verified target ownership for full scans. NANOTESTING is not a certified penetration test or a compliance attestation.

Questions

Straight answers about what NANOTESTING does and doesn't do.

If you don't see your question, contact the team. We try to be specific about scope so you can evaluate fit.

Ready when you are

Stop sending screenshots. Start sending reports.

Create an account, verify your target, and run a safe automated assessment in minutes.