For SMBs, agencies & GovCon

External security monitoring for owners and consultants.

Safe domain checks for SSL, email, DNS, and public exposure — with plain-English findings and client-ready PDF reports. Built for small businesses, agencies, and GovCon teams — not enterprise pentest platforms.

Scan Your Domain Free View Sample Report

What iPentesting checks

Safe, non-invasive public-facing checks — no exploits, no aggressive scanning.

SSL & TLS

Certificate status, expiration, and configuration

Security Headers

HSTS, CSP, X-Frame-Options, and more

DNS Security

Records, redirects, and misconfigurations

Email Security

SPF, DKIM, and DMARC validation

Subdomains

Public subdomain discovery

Public Exposure

Safe signals of exposed systems

Sample Finding

Plain-English risks your team can act on

We translate technical signals into business impact and practical fix steps — not scary jargon.

Missing DMARC Record

Medium

Your domain does not have a DMARC record. Attackers may spoof your domain in phishing emails.

No DMARC TXT record found at _dmarc.example.com

Recommended fix: Add a DMARC TXT record and start with p=none before moving to quarantine or reject.

How it works

Enter Your Domain

Start with your business website or client domain.

Run a Safe Security Check

Non-invasive checks of website, SSL, DNS, email, and exposure signals.

Review Your Risk Score

See your overall score and the issues that matter most.

Fix What Matters

Plain-English remediation steps your team can act on.

Monitor Over Time

Paid plans watch your domain and alert you when risks change.

Security Report

example.com

Medium Risk

Website Security68%

SSL/TLS85%

Email Security54%

DNS Security78%

Download a report your team can act on

Executive summary, categorized findings, remediation roadmap, and next-scan recommendations — ready for developers, IT providers, or clients.

View Sample Report

Built for business owners and client-facing consultants

iPentesting is for small businesses, agencies, MSPs, and government contractors who need clear external security visibility — not for security teams shopping for deep penetration testing platforms.

Small business owners

You run the company and need to know if SSL, email, and website basics are solid — without reading a Nessus export.

Small business plans →

Agencies & MSPs

You deliver monthly value to clients and want branded PDF reports, multi-client dashboards, and language stakeholders understand.

Agency & white-label →

Government contractors

You need to organize readiness evidence — scans, checklists, IR templates — before a formal assessor or prime reviews your posture.

GovCon readiness →

Clear scope, honest limits

Know exactly what you are buying — external hygiene monitoring and client-ready reports, not a replacement for enterprise scanners or certified pentests.

What iPentesting does

Safe, recurring checks on domains you own or are authorized to test — with plain-English findings and reports your team or clients can act on.

Scans HTTPS, TLS/SSL certificates, and HTTP security headers
Validates DNS records and common misconfiguration patterns
Checks SPF, DKIM, and DMARC for outbound email authentication
Discovers publicly known subdomains and safe exposure signals
Scores risk (0–100) with business impact and remediation steps
Delivers PDF reports, scan history, email alerts, and weekly monitoring (paid plans)
Supports agencies with white-label reports, client dashboards, and team seats (Premium)
Helps GovCon teams organize readiness checklists and templates (Premium)

What iPentesting does not do

We are honest about limits so you pick the right tool — and so auditors know what this evidence represents.

Exploit vulnerabilities, brute-force credentials, or run aggressive load tests
Replace a certified penetration test, red team engagement, or legal advice
Certify CMMC, NIST 800-171, SOC 2, HIPAA, or any compliance framework
Scan behind login walls without your separate authorization process
Guarantee discovery of every vulnerability or zero-day issue
Compete with enterprise DAST/EASM depth (Detectify, Intruder, etc.)

iPentesting provides safe, non-invasive public-facing security checks. It does not replace a full penetration test, legal advice, compliance assessment, or certified security audit.

Need a deeper assessment? Read how we compare to pentests.

Simple, transparent pricing

Start free. Upgrade when you need full reports, alerts, and monitoring.

Free

For quick checks and basic visibility.

$0/month

1 domain
Monthly basic scan
Basic security score
Top 3 findings
Limited fix guidance

Scan Free

Best for Small Businesses

Standard

Clear security reports and ongoing monitoring.

$29/month

$290/year

3 domains
Weekly scans
Full findings
PDF reports
Email alerts
OWASP checklist
SSL, DNS, email & website checks

Start 7-Day Trial

Best for Agencies

Premium

For agencies and MSPs — white-label reports, multi-client dashboards, daily monitoring, and GovCon readiness tools.

$99/month

$990/year

15 domains
White-label reports
Client dashboard
Daily monitoring
Team access (5 users)
GovCon readiness packet
Vendor questionnaire generator
Incident response plan generator

Start Premium

View full pricing details →

What owners and consultants say

“We finally have a security report our clients understand — without the hacker-movie vibe.”

Agency Owner

Digital Marketing Agency

“The DMARC and SSL alerts alone paid for Standard within the first month.”

IT Consultant

MSP Partner

“Clear score, clear fixes. Our team knew exactly what to prioritize.”

SaaS Founder

B2B Software

Frequently asked questions

Yes. iPentesting performs safe, non-invasive public-facing checks only. We do not run exploits, brute force credentials, or perform aggressive scanning that could harm uptime.

Scan your domain for free today

Get your security score and top findings in minutes. No credit card required.

Start Free Scan Browse Free Tools