The self-serve agentic pentester
Pwnkemon runs an LLM agent that recons your network, exercises your authenticated app endpoints, and reviews your source code, then writes one polished report. The stack you'd normally buy as Snyk + Intruder + an annual Cobalt engagement, in one tool with a transparent price.
faster than a human pentest engagement
known CVEs cross-referenced live during every scan
typical consultancy engagement replaced
How it works
Prove ownership via DNS TXT record or a short HTTP file challenge. Only verified domains (and their subdomains) can be scanned.
Quick, Standard or Deep. Pick the depth of assessment you need.
An autonomous agent composes thirteen tool primitives (port discovery, banner grabbing, NSE scripts, CVE lookups, raw HTTP probes) into a coherent assessment.
Independent probes run in parallel. Findings are recorded, deduplicated, and ranked by exploitability in the target's context.
On Deep scans, the agent re-examines findings to confirm severities, surface attack chains across findings, and produce compliance-grade depth.
Export to Markdown, HTML, PDF, or CSV. Webhook callbacks fire on completion. Full audit trail of every agent decision.
Parallel tool execution and aggressive result compaction keep scans fast.
No scanning targets you don't own. Cryptographic challenge protects you legally.
Set a per-scan budget. Cumulative usage is tracked in real time; runaway scans abort cleanly.
Every agent step, tool call, and finding is persisted. Replayable post-hoc.
Dogfooding
Every day before the team wakes up, Pwnkemon runs a full code & container scan against its own repo: deps, SAST, IaC, Dockerfile base images, and the full git history for leaked secrets. New high or critical findings page us in Sentry.
The morning after we shipped GitHub App support, the self‑scan caught 17 CVEs we'd picked up overnight from upstream, including a cryptography library advisory published less than twelve hours earlier. We had patches in flight before the first user logged in.
That same scan path now ships as the Pwnkemon Scan GitHub Action: one workflow file in any repo, scans run on our isolated infrastructure (not your CI runner), findings posted as a PR comment, build fails on high+ findings.
If we wouldn't run it against our own production code, we wouldn't ask you to run it against yours.
CI/CD
The Pwnkemon Scan GitHub Action runs on every pull request, but the scanners don't. They run on our isolated infrastructure, in an ephemeral container that's destroyed after every scan. Your GitHub runner only ever holds a Pwnkemon API token and waits for the result.
name: Pwnkemon Security Scan
on:
pull_request:
permissions:
contents: read
pull-requests: write
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: Pwnkemon/pwnkemon-scan@v1
with:
api-token: ${{ secrets.PWNKEMON_API_TOKEN }}That's the whole setup. Mint a token at /dashboard/tokens (GitHub Action tokens are scope-restricted: scan launch + read only), add it as PWNKEMON_API_TOKEN in your repo secrets, commit the file. Next PR gets a findings comment.
Stack replacement
Most teams stitch together a source‑code scanner, a network scanner, and an annual human pentest to satisfy auditors. Pwnkemon does all three from one dashboard at a transparent price: no sales call, no per‑asset surprise bills, and one report your auditor and engineers both read.
| Scanners | Human pentest | Agentic | |||
|---|---|---|---|---|---|
Pwnkemon | Snyk | Intruder | Cobalt | XBOW | |
| Continuous scanning (5 targets, 10 devs / yr) | $2.4k–$11k | ~$13k+ | ~$8–12k | $50k+ | $100k+ |
| One-off SOC 2 pentest report | $1,999–$7,999 | — | — | $8.5k+ | $40k+ |
| Transparent pricing, no sales call | Partial | ||||
| Self-serve onboarding in under 10 minutes | |||||
| Agentic LLM exploit reasoning | Prioritises only | Human pentester | |||
| Authenticated app testing (IDOR, BAC) | Crawls authed URLs | Human pentester | |||
| Network recon (nmap, TLS, CVE chaining) | |||||
| Source code SAST + deps + container + IaC | |||||
| Dependency reachability (only flag CVEs your code touches) | |||||
| Full git-history secret scan | Partial | — | |||
| Auto-scans Dockerfile base images | |||||
| GitHub Action (scan in our infra, not your CI) | Runs in your CI | Runs in your CI | |||
| Per-scan cost ceiling, no surprise bills | |||||
| Publishes their own daily self-scan | |||||
Competitor capabilities and pricing reflect public information at time of writing. Cobalt and XBOW pricing is gated behind sales calls; figures shown are from customer reports and industry sources. Continuous-scanning prices use the cheapest plan that fits the workload (Pwnkemon Starter at $249/mo for 5 targets; Snyk Team at $25/dev/mo × 10; Intruder Essential band). We don't cover internal network or Active Directory testing. If that's your primary need, a traditional engagement firm like Cobalt is still the right call.