Scan Tiers
Understanding Scan Tiers
Every pentest on TurboPentest consumes one credit, but not all credits are equal. Credits come in four tiers that determine how long P4L4D1N's AI agents work on your target and how many agents are deployed. The tier you choose directly affects the depth, breadth, and thoroughness of the pentest.
Think of tiers as the difference between a quick security check and a full-scale penetration test. Each tier is designed for specific use cases, and choosing the right one depends on your goals, timeline, and budget.
The Four Tiers
Recon ($49 / 1 Agent Hour)
Recon is the entry-level tier designed for quick surface-level assessments. It runs all Phase 1 tools for comprehensive reconnaissance and provides a brief AI analysis of the findings. Agent hours are limited to 1 hour, which means P4L4D1N performs a rapid triage of the reconnaissance data rather than deep exploit validation.
Best for:
- Quick checks after minor deployments
- Initial assessment of a new target before committing to deeper testing
- Verifying that a specific fix was deployed correctly
- Budget-conscious monitoring of low-risk applications
What you get: Full Phase 1 tool output, basic AI-analyzed findings with severity ratings, and a summary report. Agent validation is limited — findings are assessed but not all are exploit-validated.
Standard ($99 / 4 Agent Hours)
Standard is the recommended tier for most external pentests. With 4 agent hours, P4L4D1N deploys 4 specialist agents (covering Web, API, and Infrastructure domains) that have enough time to validate findings, test exploit scenarios, and document proof-of-concept attacks.
Best for:
- Regular scheduled pentests of production applications
- Full external penetration testing
- Teams that need validated findings with PoC exploits
- The core of most organizations' pentest programs
What you get: Full Phase 1 reconnaissance, 4 specialist agents with validated findings, proof-of-concept exploits for confirmed vulnerabilities, Docker retest commands, and a comprehensive report with attestation letter.
Deep ($299 / 8 Agent Hours)
Deep tier doubles the agent time to 8 hours and deploys all 8 specialist agents. This means broader domain coverage (adding Authentication, Cryptography, Cloud, and Code Analysis specialists beyond Standard's Web, API, and Infrastructure) and more time for each agent to investigate complex attack paths.
Best for:
- Applications handling sensitive data (financial, healthcare, PII)
- Pre-audit pentests where thoroughness is critical
- Complex applications with multiple authentication flows
- Targets where you suspect deep or chained vulnerabilities
What you get: Everything in Standard plus the full 8-agent specialist lineup, deeper investigation of complex findings, more thorough exploit chain discovery, and extended coverage of authentication, cryptographic, and cloud-specific vulnerability domains.
Blitz ($699 / 16 Agent Hours)
Blitz is the maximum-depth tier. It deploys all 8 specialist agents plus depth agents (which perform a second, deeper pass on breadth-phase findings), an Exploit Chain Agent (which specifically hunts for multi-step attack paths), and a Verification Agent (which confirms severity ratings and PoC reproducibility). With 16 agent hours, this tier approaches the thoroughness of a manual penetration test.
Best for:
- Mission-critical applications where security is paramount
- Compliance pentests requiring maximum coverage evidence
- Applications preparing for third-party security audits
- When you need the closest thing to a manual pentest with automated speed
What you get: Everything in Deep plus depth agents for second-pass analysis, an Exploit Chain Agent for multi-step attack paths, a Verification Agent for quality control, and the most comprehensive report and attestation available.
Agent Hours Explained
Agent hours represent the total compute time allocated to P4L4D1N's AI agents during Phase 2. This is separate from Phase 1 tool execution, which runs regardless of tier. Agent hours are distributed across all deployed agents — so a Standard pentest with 4 agents and 4 hours gives roughly 1 hour per agent, while Blitz with its larger agent pool distributes 16 hours across a larger team.
More agent hours means each agent can investigate more leads, test more exploit variations, and follow more complex attack paths. It is the difference between an agent that tests the three most obvious SQL injection payloads and one that crafts twenty custom payloads targeting the specific database engine and WAF configuration it has detected.
Credit Costs and Planning
| Tier | Price | Agent Hours | Agents | Best Use Case |
|---|---|---|---|---|
| Recon | $49 | 1 hour | Limited | Quick checks, monitoring |
| Standard | $99 | 4 hours | 4 specialists | Regular pentesting |
| Deep | $299 | 8 hours | 8 specialists | Sensitive apps, pre-audit |
| Blitz | $699 | 16 hours | 8+ specialists, depth, chain, verification | Mission-critical, compliance |
For organizations with multiple targets and recurring schedules, subscription plans offer 10-30% volume discounts. The Growth subscription at $79.20 per credit (20% off Standard's $99) is the recommended tier for most teams maintaining continuous coverage.
Choosing the Right Tier
Start with Standard for your primary application. If the results reveal complex findings that warrant deeper investigation, upgrade to Deep or Blitz for the next run. Use Recon for quick post-deployment checks and low-risk applications. Reserve Blitz for your most critical assets or pre-audit preparation.
Many organizations use a mixed approach: weekly Standard pentests for ongoing coverage, monthly Deep pentests for thorough analysis, and quarterly Blitz pentests as the comprehensive security baseline. This strategy balances cost, coverage, and depth across the year.
The tier does not affect Phase 1 tool execution — all 11 (black-box) or 14 (white-box) tools run at every tier. The difference is entirely in Phase 2: how many agents are deployed, how long they work, and whether specialized agents like the Exploit Chain Agent and Verification Agent are included.