Request a Quote

Get a penetration testing quote today

Looking for external network or web application testing, but not sure where to start? You don’t need to have everything figured out before you reach out.

Give us a rough idea of what you need: the type of testing, your environment, any deadlines and we’ll scope it for you. No obligation, no pressure.

CREST Pathway Cyber Essentials certified UK Cyber Security Council member OSCE Certified Consultants OSCP Certified Consultants

Get a Custom Testing Scope

Request a pentest quote in minutes. Whether you need an external penetration testing quote, a network pen test quote, or pricing for web application testing, we’ll respond within one business day and scope your requirements.

If you are seeking an independent and professional assessment of your organisation’s security posture, please use this form to request a tailored quotation for our cyber security testing services.

Select one or more

Our Process

What happens after you request a quote

Once your request has been submitted, it will be reviewed by a member of our technical team. You will receive a written proposal outlining the approach, deliverables, and costs. There is no obligation to proceed.

01

Submit your requirements

Use the quote form or book a scoping call. Tell us what you need tested, any compliance requirements, and your preferred timeframe. The more context you can provide, the more accurate your quote will be.

02

Receive a fixed-price proposal

Our team will review your requirements, typically within one business day, and provide a written, fixed-price proposal. No obligation to proceed.

03

Schedule your testing

Once you're happy with the proposal, we'll schedule a call to discuss the rules of engagement and any access requirements, and plan a testing window that fits your schedule.

04

Testing, reporting & debrief

Testing is conducted by an experienced consultant with direct communication throughout. Your report is delivered within 2 business days of testing completion, followed by a debrief call with your team.

Key deliverables

Why Choose Exploitr

When you choose to work with us at Exploitr, you’re partnering with a security consultancy focused on delivering practical, high-quality penetration testing that’s tailored to your environment and business goals. We combine thorough consultant-led testing with open communication, actionable reporting, and responsive support throughout the engagement.

Executive Report

A concise, senior-level summary of key risks, business impact, and prioritised remediation actions.

Technical Report

A detailed breakdown of all identified vulnerabilities, including reproduction steps, severity scoring, and remediation guidance, mapped to CVE, CVSS, and MITRE ATT&CK.

Debrief

A structured walkthrough of findings with your team, covering remediation strategy, prioritisation, and technical Q&A.

Retesting

Complimentary validation of remediated findings for externally facing assessments across web applications, APIs, and external networks.

Attack Surface Center Access

Clients receive access to our attack surface management platform to review, track, and manage findings collaboratively with their team.

Consultant-led Engagements

Every engagement is delivered end-to-end by an experienced security consultant, from scoping through to reporting and debrief.

Common Questions

Pentest quote - frequently asked questions

Everything you need to know about how penetration testing is priced, scoped, and delivered before you request a quote.

Most engagements run between 2-5 days of active testing, but depending on the scope this could take longer. We’ll confirm timelines as part of your written proposal.

Your quote will include: proposed methodology, scope of work, estimated testing duration, the testing deliverables (for example an executive report, vulnerability/technical report, retesting), and a fixed cost. There are no hidden fees.

Exploitr is a UK-based penetration testing company offering manual, consultant-led security assessments with fixed pricing agreed before testing begins. Every engagement is delivered in-house by an experienced consultant, and nothing is outsourced.

Clients have direct access to the tester throughout the engagement, with critical findings communicated immediately rather than held until the final report.

All engagements include access to the Attack Surface Center platform for ongoing vulnerability management and report delivery. See our pricing page for internal and external network testing, simple brochureware websites, more complex SaaS and enterprise web application testing. Contact us for a custom quote today.

Yes, we can provide a scope for testing both internal and external network penetration testing bundled together.

The typical time required for external network pentests is around 2-7 days, and internal network pentests are between 3-10 days. Your custom scope may vary depending upon your environment and architecture.

To provide an accurate and contextual quote for testing we’ll need to understand more about your environment. Schedule a call with us for quick and easy scoping experience, where we can give you indicative costs directly on the call.

Business Context:

  • What is the driving decision to procure a penetration test?
  • Has a penetration test been conducted previously? If so, when was the last engagement and were there any significant findings?
  • Is there a preferred timeframe or hard deadline for the engagement?

Web Application Testing:

  • How many applications will be in scope for testing?
  • What is the complexity and/or functionality of the application(s)?
  • Will testing be performed against the production, staging, or other environment?
  • Will authenticated testing be required? If so, how many user roles/permission levels will be included?
  • Is authentication handled by a third-party or in-house?
  • Is there any functionality that is particularly sensitive or business-critical that warrants specific focus?

API Pentesting:

  • Approximately how many API endpoints are in scope?
  • Is the API RESTful, GraphQL, or another format?
  • Is API documentation available, for example a Swagger or Postman collection?
  • Does the API share authentication with the web application or does it have its own?

External Network Pentest:

  • How many IP addresses or ranges are in scope?
  • Are there specific services or hosts of particular concern?
  • Is cloud infrastructure included, and if so, which provider?

Internal Network Pentest:

  • How can access to the network be provided: on-site, VPN, or jump box?
  • How many workstations and servers are in scope?
  • Is there any specific testing required for compliance purposes, such as testing the CDE for PCI DSS?
  • Are there any sensitive systems that require additional care during testing?
  • Do you require a build review of a sample workstation and/or server during the assessment?

Yes, we scope engagements for ISO 27001, SOC 2, and PCI DSS requirements. Let us know your compliance context in the form and we’ll scope accordingly.

None whatsoever. All enquiries are treated confidentially and you’re under no obligation to proceed.

We aim to respond to all quotation requests within one business day. If you have an urgent requirement, please book a scoping call and we can provide indicative costs directly on the call.

That’s absolutely fine. If you’re not sure what type of testing you need, or if you have a unique environment that doesn’t fit neatly into a standard category, just provide as much information as you can about your requirements and concerns. We can work with you to understand your needs and recommend the most appropriate testing scope for your business.

Not sure what you need?

Explore the different services we offer or reach out and contact our team. Our team are on hand to discuss your security requirements and provide a recommended assessment scope that suits your business.

Explore our services Speak with our team