PROFESSIONAL PENTEST · FROM $19/MO

The first AI Pentester self-service.

Traditional pentest: $3,000+. SAFETAGGY: $19/mo. An autonomous agent runs 9 real tools (nmap, nuclei, sqlmap, dalfox…) and ships findings with proof-of-exploitation and remediation in 20 minutes.

14-day trial · no card·9 real pentest tools·Read-only payloads

~/pentestbox

deep-scan agent · live

80+

checks every scan

real pentest tools

< 30s

median scan time

The depth of a pentest, the speed of a paste

82checks. Every scan. Every time.

Passive checks run in seconds; active probes are read-only markers — never exploitation payloads. Findings come scored, explained, and paired with a Claude-written fix.

Security headers

12 checks

SSL / TLS

9 checks

Injection

8 checks

CORS

5 checks

Sensitive data

7 checks

GraphQL

4 checks

Subdomain takeover

3 checks

JWT

6 checks

CMS fingerprint

5 checks

Cloud metadata

4 checks

Email security

4 checks

GDPR / LGPD

5 checks

SOC 2 controls

6 checks

PCI-DSS

4 checks

Deep Scan · powered by Claude

Audit every client site without the consultant invoice.

Point Claude Sonnet 4.6 — or Opus, on Business — at a verified domain. It plans, runs nine real pentest tools in an isolated container, and writes up CWE-tagged findings with proof-of-concept and remediation. ~20 minutes, white-label PDF, no humans required.

nmap

port + service

nuclei

CVE templates

sqlmap

SQL injection

dalfox

XSS hunter

katana

crawler

ffuf

fuzzer

httpx

tech detect

testssl.sh

TLS audit

commix

command inj.

Domain-verified via DNS TXTRead-only payloadsFailed scans don't burn credits

plan

Claude

recon

httpx · katana

ports

nmap

fuzz

ffuf · nuclei

exploit

sqlmap · dalfox

tls

testssl.sh

report

CWE · CVSS

What you actually get

A report your founder can read. Fixes your AI can paste.

No CVSS jargon dumps. Every finding has plain-language impact, a copy-button fix prompt for Claude or Cursor, and the exact file or header to change.

safetaggy score

0/100

Needs attention

Critical1

High2

Medium2

Low2

acme-corp.comscan #4812

FindingsComplianceAI fixesExports

7 issues

critical

Next.js middleware authorization bypass

CVE-2024-31082·Auth bypass on /admin/*

high

Content-Security-Policy header missing

CWE-1021·Clickjacking, XSS escalation

high

Reflected XSS in /search?q=

CWE-79·Cookie theft via crafted link

medium

Stripe.js v2 (deprecated)

PCI-3.2·Stops receiving security patches

medium

CORS allows null origin with credentials

CWE-942·Cross-origin data exfiltration

low

Server header reveals nginx version

CWE-200·Info disclosure for fingerprinting

low

robots.txt exposes /staging/ path

CWE-200·Surface area discovery

$safetaggy export --format markdown --ai-readycopies a Claude-ready prompt

How it works

Three minutes from URL to patched.

STEP 01

Paste your URL

No agents, no SDKs, no DNS changes for the basic scan. Type your domain, hit scan.

STEP 02

Triage in plain English

Score 0–100, severity-grouped findings, each with one-line impact and a copy-button AI prompt.

STEP 03

Ship the fix

Paste the prompt into Claude or Cursor, ship the patch, re-scan to confirm. Schedule weekly auto-scans.

Pricing · USD · cancel anytime

Pay for what you ship.

Trial

14 days · no card

Free

Start trial

3 scans / day

1 Deep Scan credit (Sonnet)

3 AI Fix It / day

Markdown export

All 80+ checks

Stop selling pentests as consulting. Start shipping them as a service.

Agencies use SAFETAGGY to audit every client site monthly, deliver white-label reports, and bill recurring — without hiring a security team.

Start 14-day trial →See a sample report