Request a Penetration Testing Quote
Get a penetration testing quote tailored to your business
We work with organisations across the UK, with all testing delivered remotely or on-site. Tell us what you need tested and we'll respond with a fixed-price proposal within one business day.
External network and infrastructure testing projects starting from £1,800, with web application testing from £2,700. Prefer to talk it through first? Book a 20-minute scoping call and we'll be happy to help.

Request a Custom Penetration Testing Quote Today
The questions below cover what our consultants typically need to prepare an accurate, fixed-price proposal.
You can use our cost calculator to get an instant indicative range before submitting, or view the full pricing guide for worked examples. If you have an urgent requirement or would prefer to discuss your needs directly, please book a 20-minute scoping call with our team.
What information should I provide when requesting a pentest quote?
To provide an accurate and contextual quote for testing we'll need to understand more about your environment. Schedule a call with us for quick and easy scoping experience, where we can give you indicative costs directly on the call.
Business Context:
- What is the driving decision to procure a penetration test?
- Has a penetration test been conducted previously? If so, when was the last engagement and were there any significant findings?
- Is there a preferred timeframe or hard deadline for the engagement?
External Network Pentest:
- How many IP addresses or ranges are in scope?
- Are there specific services or hosts of particular concern?
- Is cloud infrastructure included, and if so, which provider?
Internal Network Pentest:
- How can access to the network be provided: on-site, VPN, or jump box?
- How many workstations and servers are in scope?
- Is there any specific testing required for compliance purposes, such as testing the CDE for PCI DSS?
- Are there any sensitive systems that require additional care during testing?
- Do you require a build review of a sample workstation and/or server during the assessment?
Web Application Testing:
- How many applications will be in scope for testing?
- What is the complexity and/or functionality of the application(s)?
- Will testing be performed against the production, staging, or other environment?
- Will authenticated testing be required? If so, how many user roles/permission levels will be included?
- Is authentication handled by a third-party or in-house?
- Is there any functionality that is particularly sensitive or business-critical that warrants specific focus?
API Pentesting:
- Approximately how many API endpoints are in scope?
- Is the API RESTful, GraphQL, or another format?
- Is API documentation available, for example a Swagger or Postman collection?
- Does the API share authentication with the web application or does it have its own?
Our Process
What happens after you request a quote
Submit your requirements
Receive a fixed-price proposal
Schedule your testing
Testing, reporting & debrief
Why Exploitr
Why Choose Exploitr
Consultant-led, never outsourced
Fixed price, agreed up front
A quote within one business day
Direct access throughout
Scoped to your environment
Common Questions
Pentest quote - frequently asked questions
Everything you need to know about how penetration testing is priced, scoped, and delivered before you request a quote.
Your quote will include: proposed methodology, scope of work, estimated testing duration, the testing deliverables (for example an executive report, vulnerability/technical report, retesting), and a fixed cost. There are no hidden fees.
For a full breakdown of how we approach every engagement, see our penetration testing methodology page.
Use the form above to request an external penetration testing quote. Include your IP ranges or subnet size, whether cloud infrastructure is in scope, and your preferred testing window.
We respond with a fixed-price proposal within one business day. External network testing starts from £1,800.
Yes, we can provide a scope for testing both internal and external network penetration testing bundled together.
The typical time required for external network pentests is around 2-7 days, and internal network pentests are between 3-10 days. Your custom scope may vary depending upon your environment and architecture.
Yes, we scope engagements for ISO 27001, SOC 2, and PCI DSS requirements. Let us know your compliance context in the form and we'll scope accordingly.
None whatsoever. All enquiries are treated confidentially and you're under no obligation to proceed.
We aim to respond to all quotation requests within one business day. If you have an urgent requirement, please book a scoping call and we can provide indicative costs directly on the call.
That's absolutely fine. If you're not sure what type of testing you need, or if you have a unique environment that doesn't fit neatly into a standard category, just provide as much information as you can about your requirements and concerns.
We can work with you to understand your needs and recommend the most appropriate testing scope for your business.
Yes. We work with organisations across the US and Europe. All testing is delivered remotely or on-site, and we can provide a fixed-price proposal for your environment regardless of location.
Prefer to talk it through first?
Book a free 20-minute scoping call and we'll help you figure out what testing you need, what's in scope, and what a fixed-price engagement would look like for your environment.
