BetaWe're currently in beta. Signing in will place you on our waitlist.
The TurboPentest Ecosystem

Pricing & Credits

The Credit-Based Model

TurboPentest uses a credit-based pricing model rather than a subscription. You purchase credits and spend them on pentests. This pay-as-you-go approach means you only pay for what you use — no monthly fees for months when you are not testing, and no per-seat charges that penalize large teams.

Credits never expire. Once purchased, they remain in your account until used.

Pentest Tier Costs

Each pentest tier consumes a different number of credits, reflecting the depth of analysis and computational resources involved.

Recon (1 credit)

  • Phase 1 only — All 14 reconnaissance tools run in parallel
  • No Phase 2 — No AI agent analysis
  • Use case: Quick surface-level assessment, pre-pentest reconnaissance, CI/CD on every PR
  • Duration: Approximately 5-15 minutes
  • Output: Raw tool results organized by category, no agent-validated findings

Standard (3 credits)

  • Phase 1 + Phase 2 — Full reconnaissance plus 4 specialist AI agents
  • Agents: Web App, API, Infrastructure, and one additional based on target profile
  • Use case: Regular security testing for web applications, CI/CD on merges to main
  • Duration: Approximately 30-60 minutes
  • Output: Agent-validated findings with PoC exploits, severity ratings, and remediation steps

Deep (5 credits)

  • Phase 1 + Extended Phase 2 — Full reconnaissance plus 8 specialist AI agents
  • Agents: All Standard agents plus Auth, Crypto, Cloud, and Business Logic specialists
  • Use case: Thorough testing before major releases, monthly deep dives, compliance assessments
  • Duration: Approximately 60-120 minutes
  • Output: Comprehensive findings including business logic flaws, authentication weaknesses, and cryptographic issues

Blitz (10 credits)

  • Phase 1 + Maximum Phase 2 — Full reconnaissance plus all specialist agents, depth agents, and the Exploit Chain and Verification agents
  • Agents: All Deep agents plus Depth agents for deep-dive exploration, Exploit Chain Agent for multi-step attacks, and Verification Agent for quality assurance
  • Use case: Pre-launch security assessment, post-incident analysis, compliance certification
  • Duration: Approximately 120-240 minutes
  • Output: Maximum-depth findings with validated exploit chains, verification of all severity ratings, and comprehensive attack surface coverage

Credit Packages

Credits are purchased in packages. Larger packages include volume discounts:

PackageCreditsPricePer-Credit CostSavings
Starter5$125$25.00
Professional20$450$22.5010%
Team50$1,000$20.0020%
Enterprise200$3,500$17.5030%
Custom500+ContactNegotiatedUp to 40%

Prices are in USD. Volume discounts are applied automatically at checkout.

Maximizing Credit Value

Choose the Right Tier

Not every target needs a Blitz pentest. Match the tier to the situation:

  • New feature on staging? Recon or Standard
  • Sprint release to production? Standard
  • Major version release? Deep
  • Annual compliance assessment? Blitz
  • Incident response? Blitz

Over-testing with Blitz when Standard would suffice wastes credits. Under-testing with Recon when Deep is warranted misses vulnerabilities.

Use Recon for Triage

Run a Recon pentest first to understand the attack surface. If Phase 1 reveals a complex application with many endpoints, upgrade to Deep or Blitz. If the surface is minimal, Standard may suffice. This triage approach avoids spending Blitz credits on simple targets.

Leverage Scheduling Tiers

For scheduled pentests, use a tiered approach:

  • Weekly: Standard (3 credits/week = ~12/month)
  • Monthly deep dive: Deep (5 credits/month)
  • Total: ~17 credits/month for continuous coverage

This provides ongoing Standard-level monitoring with monthly Deep-level thoroughness.

Earn Credits Through Referrals

The referral program provides up to 200 bonus credits per month. Active referrers can significantly offset their pentesting costs.

Earn Credits Through Bug Bounty

Valid bug bounty submissions earn 5-200 credits depending on severity. Security researchers can fund their pentesting by improving TurboPentest's security.

Credit Management

Balance and History

View your credit balance and transaction history in Settings > Billing. Each transaction shows:

  • Type (purchase, pentest consumption, referral bonus, bug bounty reward)
  • Amount (credits added or consumed)
  • Date and associated pentest ID (for consumption)

Team Credit Sharing

Organization accounts have a shared credit pool. All team members draw from the same balance. Admins can:

  • View credit consumption by team member
  • Set per-member monthly spending limits
  • Receive alerts when the balance falls below a threshold

Auto-Recharge

Enable auto-recharge to automatically purchase credits when your balance drops below a threshold:

{
  "enabled": true,
  "threshold": 5,
  "recharge_package": "professional",
  "payment_method": "card_ending_4242"
}

This ensures scheduled pentests and CI/CD integrations never fail due to insufficient credits.

Refund Policy

Credits are refundable under specific circumstances:

  • Pentest failure — If a pentest fails due to a TurboPentest system error (not a target connectivity issue), credits are automatically refunded
  • Cancellation before Phase 2 — Cancelling a pentest before Phase 2 agents start results in a full credit refund
  • Cancellation during Phase 2 — No refund once agents have begun analysis
  • Unused credit packages — Unused credits from purchased packages can be refunded within 30 days of purchase if no credits from the package have been consumed

Previous

Bug Bounty Program

Next

CAPO Final Exam

On this page