💳 Transparent Pricing

Start Free. Scale as You Comply.

Every plan runs on EU servers. Every plan includes FusionAuth SSO and cryptographic audit trails. No credit card required to start.

MonthlyAnnualSAVE 20%
PRO I
$4.1K/year

$345/mo · billed annually

Credentials provided — authenticated testing

Get started
  • Target URL + login credentials
  • Authenticated session testing
  • TOTP / 2FA support
  • Human review + validation
  • OWASP + SOC2 compliance tagging
  • PoC reproduction steps
  • Pentest-grade report (PDF)
  • No source code analysis
  • No static code review

Engine: Shannon (phases 2–5, stub repo) via OpenRouter Opus 4.6 — ~2–3 hours

PRO II
$10K/year

$850/mo · billed annually

Source code + credentials — full-depth pentest

Get started
  • Target URL + source code (ZIP)
  • Login credentials + TOTP
  • Full 5-phase Shannon pipeline
  • Static + dynamic correlation
  • Business logic vulnerability testing
  • PoC exploits (where authorized)
  • Human review + validation
  • Full compliance report (all frameworks)
  • Auto-generated Shannon YAML config

Engine: Shannon (full 5 phases) via Anthropic API (Opus 4.8) — ~3–5 hours

FREEMIUM
$0forever

No code, no creds — external view only

Get started
  • Target URL only
  • Automated LLM scan (no human review)
  • OWASP Top 10 surface mapping
  • Up to 2 scans/month
  • No credentials / auth testing
  • No source code analysis
  • No PoC exploits
  • No human validation
  • No compliance reports

Engine: Shannon (recon + vuln phases only) via OpenRouter — lightweight model, 50K token cap, ~20 min

How Each Tier Works

BLACK-BOX

Get your first pentest in 20 minutes.

No setup. No credentials. Just a URL. Shannon maps your attack surface against OWASP Top 10 automatically. Free, with 2 scans per month.

Start free →
GRAY-BOX

Authenticated testing, human-validated results.

Provide test account credentials and let Shannon probe your app from the inside — login flows, authenticated endpoints, session handling, privilege escalation. A Breachr pentester reviews every finding before you see it.

🔒 Credentials encrypted end-to-end. Never stored after the scan.

Get started →
WHITE-BOX

Full source code analysis.

Upload your repo as a ZIP and get the deepest pentest available — static + dynamic correlation, business logic testing, PoC exploits. All compliance frameworks: OWASP, SOC2, PCI-DSS, ISO 27001, NIST CSF.

🔒 Source code encrypted in transit and at rest. Deleted immediately after the scan — deletion timestamp shown in your audit log.

Get started →
RED TEAM — COMING SOON

Full Agentic Red Teaming.

Multi-agent adversarial simulation. Autonomous attack chains, lateral movement, and privilege escalation — all with human-validated results. Enterprise only.

Notify me when available →
📡

Attack Surface Inventory — Device Limits by Plan

Passive sensor discovers every device, port, and CVE on your network. Included in all paid plans.

Learn more →
FREEMIUM
Not included
Upgrade to unlock
STARTER
10 devices
€159/mo
PROFESSIONAL
100 devices
€350/mo
ENTERPRISE
Unlimited
POA
⚔️

DORA Article 26 TLPT Add-On

Full TIBER-EU framework Threat-Led Penetration Testing. Required for "significant entities" every 3 years. Includes CREST-certified red team, threat intelligence provider, BaFin notification support, and management board reporting templates.

€120K–€200K
per engagement · every 3 years

ROI vs Traditional Penetration Testing

Manual pentesting costs €80K–€300K per annual engagement. Breachr Professional costs €4,200/year.

Traditional annual pentest
€120K+
3 × €40K engagements
Breachr Professional annual
€4,200
€350/month × 12
Annual saving
€115K+
Plus continuous vs point-in-time

Pricing FAQs

Q: What's the difference between Annual and Monthly billing?
A: Annual billing locks in the base rate (Starter €159/mo, Professional €350/mo) with no commitment penalty. Monthly billing is available at +25% (Starter ~€199/mo, Professional ~€438/mo) for full flexibility. Both give you the same features.
Q: What's the difference between Starter and Professional?
A: Starter is designed for smaller teams beginning their compliance journey — 5 targets, 20 scans/month, basic compliance reports at €159/mo (€1,908/yr). Professional adds QSA-grade PCI DSS reports, BaFin/NCA-grade DORA and NIS2 reports, 10 targets, 50 scans, and priority support at €350/mo (€4,200/yr). Most teams under active PCI DSS or DORA obligations need Professional.
Q: Can I upgrade between plans mid-month?
A: Yes. We prorate your current subscription and apply the credit to the new plan. Most teams start Starter or Professional, then upgrade to Enterprise when TLPT, CDE scoping, or on-premise deployment becomes required.
Q: What's included in the 14-day free trial?
A: Full Professional tier access — 10 targets, 50 scans, all integrations, PCI DSS, DORA + NIS2 reports. No credit card required. Extends to 30 days if you schedule a demo call.
Q: Do you support on-premise deployment?
A: Yes — Enterprise tier supports air-gapped on-premise installation and customer cloud (AWS/Azure/GCP in your account). This is a hard requirement for many central banks and insurance companies.
Q: What is Breachr Inventory and how does the sensor work?
A: Breachr Inventory is a passive network discovery tool. You run a single Docker container on your network — it passively sniffs ARP and DHCP traffic to discover devices the moment they appear, then runs an active nmap scan every 4 hours to map open ports and services. New devices trigger instant email alerts. No agents on individual machines, no firewall changes, zero network disruption.
Q: What counts as a monitored device?
A: A monitored device is a unique MAC address seen by the sensor within the last 30 days. A device that goes offline still counts toward your limit for 30 days after its last heartbeat. If you hit your limit, new devices will still be detected and alerted — you'll just need to upgrade to monitor more than your plan allows.

No Credit Card. Start in Minutes.

Freemium gets you your first scan today. Upgrade when your obligations grow.

Start Free →Book Enterprise Demo