Any tier (included in Enterprise) · 168 specialized tests

Aggressive Pentest

Full exploitation testing — SQL injection, RCE, credential brute force, consent-gated proof-of-exploit

€599 Add to Scan

What Gets Tested

Full SQLmap surface — level 5 + risk 3 (cookies + headers + host + CSRF + POST JSON/form)
SQLmap WAF bypass — 5-tamper chain (space2comment + between + randomcase + charencode + equaltolike)
SQLmap proof-of-exploit — --dump=5 sample extraction (GDPR Art 5 capped), --dbs/--tables enumeration — consent-gated
Command injection (commix) — level 3 + POST body + cookie/header injection + tamper chain
Commix --os-cmd / --os-shell single-shot command execution — consent-gated
Blind XSS with Interactsh OOB callback correlation (dalfox --blind)
Server-Side Template Injection (sstimap) — all template engines
Local/Remote File Inclusion + SSRF chaining + XXE with file read
Deserialization vulnerability testing (Log4Shell, Jackson, Spring SpEL, OGNL)
HTTP/1.1 + HTTP/2 smuggling (CL.TE / TE.CL / TE.TE chains)
Cache poisoning attempts + Host header injection exploitation
LDAP injection testing + JWT tamper modes (alg=none, RS256→HS256, embedded JWK)
WordPress credential brute force — top-100 wordlist × 5 admin usernames — consent-gated
Nikto WAF evasion stacks 5 + 8 (multi-stack bypass) against hardened targets
WhatWeb aggression level 4 — CDN, off-site resources, inline JS fingerprint

How It Works

1

Consent

Written authorization + signed attestation required before live-impact tests fire (proof-of-exploit extraction, command execution, credential brute force). Preflight enforces the gate.

2

Reconnaissance

Extended attack surface mapping: multi-page crawl, parameter discovery, authenticated form harvesting.

3

Exploitation

Active exploitation attempts with per-tool rate limiting. --dump sample capped at 5 rows (GDPR-compliant); --os-shell single-shot eval, no persistent access. Safe payloads only.

4

Verification

Each finding manually verified with proof-of-concept evidence. Interactsh callbacks correlate blind findings.

Compliance Coverage

OWASP-A03 (Injection) OWASP-A07 (Auth/Brute) OWASP-A08 (Software Integrity) OWASP-A10 (SSRF) PTES CEH v13 PCI-DSS Req8.3

Aggressive Pentest

€599

Any tier (included in Enterprise) · One-time per scan

168 specialized tests + AI-powered analysis

Start Your Scan

Select this addon when configuring your scan

Related Add-Ons

Authenticated Scanning (Recommended)

€109

85% of real breaches exploit authenticated access — test what logged-in users can do

AI Security (LLM Top 10 v2025)

€89

Test your AI/ML integrations against OWASP LLM Top 10 v2025 + MITRE ATLAS