Find the latest Webinar content from the Sprocket Testing Team.
Pricing

Discover What’s Exposed.
Validate What’s Exploitable.

From foundational attack surface visibility to continuous security validation, our tiers scale with your organization’s security maturity and operational complexity.

Community Edition

ATTACK SURFACE MANAGEMENT

Free
  • External attack surface discovery
  • Asset inventory & enrichment
  • Change detection alerts
  • Baseline exposure visibility
Register Now
Starter Package

CONTINUOUS PENETRATION TESTING

$15,000
  • Everything in Community, plus:
  • Continuous testing on up to 20 external hosts
  • Real attacker emulation & exploitation
  • Detailed findings with remediation guidance
  • Unlimited retests
Get Started
Custom Package

CONTINUOUS PENETRATION TESTING

CONTACT SALES
  • Everything in starter, plus:
  • Custom host count & scope
  • Internal, web app, & social engineering testing available
  • SAML SSO & custom reporting
  • Dedicated engagement management
Request a Quote

Compare Options

Community Edition Starter Custom
External Attack Surface Discovery
Asset Inventory & Enrichment
Attack Surface Change Monitoring
External Network Penetration Testing Up to 20 hosts Custom
Internal Network Penetration Testing $13,000 add-on Available as add-on
Web Application Penetration Testing Available as add-on
Social Engineering / Phishing Available as add-on
Adversarial Emulation (TTP-Based)
Proof of Exploitation (PoE)
Findings with Risk Context
Remediation Guidance & Retesting Support
Unlimited Retests
SAML/SSO Integration
On-Demand Self-Service Reports
Custom & Executive Reporting

Community Edition

  • External Attack Surface Discovery
  • Asset Inventory & Enrichment
  • Attack Surface Change Monitoring

Starter

  • External Attack Surface Discovery
  • Asset Inventory & Enrichment
  • Attack Surface Change Monitoring
  • External Network Penetration Testing — Up to 20 hosts
  • Internal Network Penetration Testing — $13,000 add-on
  • Adversarial Emulation (TTP-Based)
  • Proof of Exploitation (PoE)
  • Findings with Risk Context
  • Remediation Guidance & Retesting Support
  • Unlimited Retests
  • SAML/SSO Integration
  • On-Demand Self-Service Reports
  • Custom & Executive Reporting

Custom

  • External Attack Surface Discovery
  • Asset Inventory & Enrichment
  • Attack Surface Change Monitoring
  • External Network Penetration Testing — Custom
  • Internal Network Penetration Testing — Available as add-on
  • Web Application Penetration Testing — Available as add-on
  • Social Engineering / Phishing — Available as add-on
  • Adversarial Emulation (TTP-Based)
  • Proof of Exploitation (PoE)
  • Findings with Risk Context
  • Remediation Guidance & Retesting Support
  • Unlimited Retests
  • SAML/SSO Integration
  • On-Demand Self-Service Reports
  • Custom & Executive Reporting

Frequently Asked Questions

Attacker

How does Sprocket pricing compare to traditional penetration testing costs?

Traditional pentests are typically priced per engagement and can quickly become outdated, often requiring repeat purchases. Continuous testing can reduce overall costs while improving coverage, with some organizations seeing meaningful savings compared to repeated point-in-time tests.
Wallet

How is pricing structured for Continuous Penetration Testing?

Sprocket Security uses a subscription-based pricing model, giving you continuous testing throughout the year instead of paying per test engagement. This allows you to test, retest, and validate fixes without being limited to a fixed scope or schedule.
List

What factors impact the cost?

Pricing is based on the size and complexity of your attack surface, including the number of assets, environments (external, internal, applications), and testing scope. Unlike traditional pentests that price per engagement, continuous testing scales with your environment and security goals.
Retesting

Does pricing include retesting after vulnerabilities are fixed?

Yes, unlimited retesting is included at no additional cost, so every fix can be validated immediately without waiting for another engagement or paying extra fees.
Internet

Is ASM included in the CPT pricing?

Yes, Sprocket starter package and custom pricing includes continuous Attack Surface Management (ASM) as part of the platform, giving you real-time visibility into your external assets as they change. This ensures new domains, IPs, and services are automatically discovered and can be tested without requiring a new engagement.

About CPT

Always-On Security Testing

  • check Continuous Penetration Testing simulates real-world attacks to catch vulnerabilities before attackers do. Unlike point-in-time tests, it provides always-on coverage, assessing new exposures from code, config, or deployment changes immediately.
  • check Expert-driven validation on findings. Reducing noise and prioritizing results your team can act on.
  • check Remediate faster. Shorten exposure windows from months to hours with clear guidance that helps your team fix what matters most and verify the fix with unlimited retesting.
Download Product Sheet 
Testimonials

What Our
Customers Say

Drag to explore Swipe to see more
5 stars
“Sprocket’s continuous pentesting model should be the industry standard. Their portal/dashboard where findings are published is modern and easy to navigate. The details for each finding are complete with proof and an easy-to-understand explanation. Steps for remediation are given, and their team is willing to assist if a particular finding is difficult to fix, which is especially helpful for organizations without the time or manpower to dig into each individual issue.”
| G2
User in Manufacturing
Mid-Market Company, 51-1000 employees
5 stars
“Far and above a better pentest engagement experience than I’ve encountered with other IT security firms. The staff stays up to date with modern IT penetration testing techniques, they are knowledgeable and quick to respond to questions. They’re also willing to assist with remediating their findings, which is a huge bonus for companies without the time or resources to dedicate to some of the more intricate/complex vulnerabilities.”
| Source Forge
500-999 Employees
5 stars
“Sprocket Security brings a high level of cybersecurity expertise to the table. Their detailed approach to penetration testing ensures no vulnerabilities are overlooked. They offer a comprehensive dashboard of any findings and steps for remediation.”
| G2
Mid-Market Company, 51-1000 employees
5 stars
“The whole team is great to work with. From the first sales call, to scoping, procurement, implementation, now in operation. Our technical account manager is super responsive and ensures our needs are prioritized. The testers provide great write-ups to their findings and are quick to hop on a call if clarity is needed. The product team is eager to hear how to improve the user experience of their platform. Over a year into our relationship and by far my best vendor to work with.”
| Source Forge
IT Infrastructure Manager
$50M-$250M USD
5 stars
IT Security is constantly evolving and requires that we are always one step ahead of the attackers. With a limited IT team, having the knowledge and experience in house is not always an option, but Sprocket Security can be an extension of our team and give us the capability to stay on top of the latest vulnerabilities and attack vectors.
| Gartner
IT Lead in Services (non-government)
<$50M in Company Revenue