AI-powered pentest assistant

Recon, exploit, report. Faster.

Define your scope, then let h4ckbot enumerate attack surface, trace lateral movement chains, surface CVE context, and draft PoC scaffolds — all within your declared engagement boundaries.

Try Free — No Credit Card

See pricing

Prompts are never used to train AI models. Data policy

pentest-ai — bash

~/recon $nmap -sV -sC -p- --open 192.168.1.0/24▋

Capabilities

Built for real pentest work

External Recon

Enumerate subdomains, parse certificate transparency logs, and build an OSINT target map before the engagement kicks off.

Vulnerability Chaining

Walk through multi-step exploitation paths (SSRF → IMDS → IAM key theft) and get PoC skeleton code within your declared scope.

Lateral Movement

Model pass-the-hash, Kerberoasting, and GPO abuse chains against Active Directory environments with step-by-step guidance.

Report Writing

Draft finding narratives, CVSS rationale, and executive summaries. h4ckbot speaks both C-suite and NIST.

CTF / Lab Assistance

Unstick yourself during HackTheBox or OSCP lab boxes with targeted hints — you control depth.

Tooling & Payloads

Get help with custom Burp extensions, Nuclei templates, or Python exploit scripting without starting from scratch.

Trust & Safety

Powerful tooling — controlled access

Offensive AI capability carries real risk. We take that seriously. Access is gated, sessions are guarded, and full power is reserved for people we can identify.

Verified identities only

Full access requires professional verification — a real name, a demonstrable security background, and a manual review. No anonymous accounts get elevated capability.

Guardrails on every conversation

The AI operates within scope-aware constraints. It understands authorized engagement context and will not produce attack content without a professional framing.

Every session is logged

Conversations are stored and tied to a verified account. There is no anonymous mode. Abusive sessions are reviewed and actioned — and serious violations are escalated.

Read our full abuse prevention policy →

Pricing

Transparent pricing

A genuine free tier with a hard spend cap — no credit card, no time limit. Verified professionals can apply for a higher cap billed at actual cost.

Free tier

Free

$1/week

Up to $1 of LLM spend per week. Shared daily pool of 20 requests across all users.

No credit card required.

Get started free

Pay-as-you-go

Verified Pros

Usage-based

Verified professional pentesters can request a higher spend cap. Billed by actual token spend at cost.

Requires professional verification.

Apply for access

Questions? Email us at the address in the footer.