Pentest.fyi Logo

Pentest.fyi

#2 Daily Winner

Directory of penetration testing companies worldwide

5 upvotes
Pentest.fyi - Product Image

What is Pentest.fyi?

Pentest.fyi is a comprehensive global directory of penetration testing companies, listing over 7,700 firms as of the latest update. It helps organizations quickly find and evaluate pentest providers based on specific needs.

The platform offers advanced filtering options: narrow down results by region (USA, Europe, Asia, etc.), company size (from X-Small to XL), and a wide range of certifications such as ISO 27001, OSCP, CREST, CISSP, SOC 2, and many more. You can also filter by whether a company publishes CVEs or has been verified.

Featured company profiles include a brief description of services, employee count, and a direct link to the vendor’s website. The directory is maintained by ResponseHub, and any penetration testing company can submit their listing for inclusion.

Whether you need a local provider for a compliance audit or a specialized firm for embedded systems testing, Pentest.fyi streamlines the search process.

How to use Pentest.fyi

  1. 1

    Visit pentest.fyi and explore the company listings.

  2. 2

    Use the search bar or apply filters such as region, size, or certifications.

  3. 3

    Browse results and click on a company to see its profile and description.

  4. 4

    Use the 'Visit Website' link to contact a company directly.

  5. 5

    If you are a pentest provider, use 'Submit Company' to add your listing.

Key features

Browse a directory of over 7,700 penetration testing companies globally.

Filter by region, location, company size, and verification status.

Search by certifications like ISO 27001, OSCP, CISSP, and many others.

View featured company profiles with service details and website links.

Identify companies that publish CVEs or offer specialized testing services.

Use cases

  • A business finds a local ISO 27001-certified pentest firm.
  • A researcher analyzes vendors by CVE publication activity.
  • A startup seeks a small, verified company for a web app test.
  • A compliance team shortlists CREST or PCI DSS certified providers.
  • A pentest firm gains exposure by listing in the directory.

Best for

CTOs and security managersCompliance and audit teamsProcurement professionalsPenetration testing vendorsIndependent researchers

Alternatives & similar tools

Similar tools in Security

Browse category →
RansomLeak Security Training logo

RansomLeak Security Training

freemium

RansomLeak is security awareness training that replaces passive video courses with interactive 3D cybersecurity simulations. Employees don't watch someone explain what a phishing email looks like. They receive one in a simulated inbox and decide what to do with it. They pick up a call from someone impersonating IT support. They find a USB drive near the office door. Every simulation branches based on their decisions and shows them what an attacker would have done next. Each scenario is built on documented attack patterns from real corporate breaches. The format works because active decision-making under pressure produces stronger recall than passive content. When someone gets fooled inside a simulation and watches the damage unfold, they remember it. Training covers phishing, spear-phishing, business email compromise, social engineering across phone, chat, and in-person channels, data handling, password security, physical security, and incident reporting. Multiple difficulty levels per topic. Gamification with points, badges, and leaderboards keeps completion rates high across large workforces. Security teams get analytics showing where knowledge gaps exist across the organization. Deploys as SCORM packages (1.2 and 2004) for Cornerstone, Workday, SAP SuccessFactors, Docebo, Moodle, Canvas, Blackboard, and other LMS platforms. Or as a standalone cloud LMS with user management, real-time analytics, campaign scheduling, SSO/MFA, and custom branding. Built by the Kontra Application Security Training team for mid-market and enterprise organizations in finance, healthcare, technology, and government.

9View on LaunchVault
GreenPT logo

GreenPT

free

Most AI chatbots hide the true cost of their technology, where your data goes, how much energy each conversation consumes, and who profits from your customer interactions. With Frida, you get full transparency about the AI powering your support. Frida gives you intelligent AI assistants that respect both your users and the planet. Our platform combines AI trained on your knowledge, sustainable infrastructure powered by GreenPT, and full transparency into every conversation’s environmental impact. Whether you need a website chatbot, internal knowledge assistant, or AI integrated into Slack and Teams, Frida delivers accurate answers without compromising on privacy or sustainability. Capabilities Powerful features that make AI work for your organisation. Easy to set up, simple to manage, and designed with sustainability built in. Custom AI Agents Create AI agents that sound like your brand, not a generic robot. Upload your FAQs, documentation, and product information—or let Frida crawl your website automatically. Define how your agent responds: friendly and casual, professional and precise, or anything in between. Knowledge Structure your information the way it makes sense for your organisation. Create dedicated paths for products, policies, procedures, or any topic your users ask about. Add rich content like images, videos, and downloadable files to give complete answers. Keep everything organised and easy to update as your business evolves. Brandable Chat Widget Make Frida look like you built it yourself. Customize colors, fonts, logos, and welcome messages to match your brand perfectly. Add quick-start buttons for common questions and create a welcoming experience for every visitor. With support for English, Dutch, German, French, Spanish, and more, your assistant speaks your customers’ language—literally. Multi-Channel Deployment Meet your users where they already are. Embed Frida on your website for customer support, add it to Slack or Teams for internal help, or connect via API to build custom experiences. One knowledge base, multiple touchpoints—so you train once and deploy everywhere. Smart Integrations Frida works with the tools you already use. Pull product data from Shopify or WooCommerce, search your Notion workspace during conversations, access files from Google Drive or OneDrive, and send conversations directly to Slack. No more switching between systems—Frida brings your knowledge together in one place.

7View on LaunchVault
CyberChecker logo

CyberChecker

paid

CyberChecker is an automated security scanner that checks any website for over 50 vulnerabilities in just 60 seconds. Bots probe sites daily for exposed secrets, misconfigurations, SQL injection, and outdated software. CyberChecker runs a military-grade audit to find these issues before attackers do. The free scan provides a quick vulnerability count with no credit card required. For a one-time payment of $39, the full report reveals exact locations of each issue and provides copy-paste code fixes—no security expertise needed. Key checks include: Exposed API keys, database passwords, and credentials in client-side code SQL injection, XSS, and other OWASP Top 10 risks SSL/TLS and security header misconfigurations Sensitive file exposure (e.g., .env, .git, config backups) CMS and framework vulnerabilities (WordPress, Supabase, Stripe) CyberChecker simulates real attacker reconnaissance, actively probing for hidden threats. Use it as part of your security routine to catch common weaknesses before they lead to a breach.

4View on LaunchVault
Ambriel logo

Ambriel

freemium

Ambriel is a unified fraud prevention platform that helps businesses detect and stop fraudulent activities across users, devices, and transactions in real time. Combining AI-driven risk scoring, device fingerprinting, and automated screening against global sanctions and PEP lists, Ambriel provides a comprehensive risk engine trusted by companies in financial services, e-commerce, marketplaces, iGaming, insurance, and crypto. Key capabilities include advanced fraud detection using over 200 data sources, real-time transaction monitoring, customizable onboarding flows with automated checks, and multi-channel alerts via email, SMS, Slack, Discord, Teams, and webhooks. A built-in case management system enables teams to investigate and resolve suspicious activity efficiently. Ambriel addresses critical use cases such as onboarding and registration fraud, payment fraud, bonus and promotion abuse, account takeover, refund and return abuse, and money muling. The platform is PCI DSS, ISO 27001, and GDPR compliant, and supports AML and KYC requirements, ensuring secure and compliant operations. Integration is straightforward with plugins for WooCommerce and Wix (Magento and Shopify coming soon) and a robust API for custom builds. Businesses can start for free and scale as needed to protect revenue and build trust.

4View on LaunchVault
aiME Private AI logo

aiME Private AI

freemium

aiME is a private AI assistant that runs powerful language models directly on your device. Completely offline after initial model download, your conversations never leave your phone — no subscriptions, no data collection, and no account required. Choose from a curated list of open-weight models optimized for your device. Whether you're on a plane, hiking off-grid, or simply value your privacy, aiME keeps working without internet. Free to download with an optional one-time premium unlock for advanced models. No recurring fees, ever. Download on the App Store or Google Play today.

3View on LaunchVault
Eleidon logo

Eleidon

free

Eleidon is the phishing-proof secure messaging app that replaces risky external email. Senders need your explicit approval via trust requests which means no spam, no spoofing, and no phishing. Every message is cryptographically verified and end-to-end encrypted. Free for personal use, create organizations with paid plans. Claim your secure inbox at eleidon.com.

3View on LaunchVault

Frequently asked questions about Pentest.fyi

Common questions to help you decide if Pentest.fyi is right for you.

It is a worldwide directory of penetration testing companies, allowing users to search and filter by region, size, certifications, and other criteria.

According to the page, there are 7,759 companies in the directory, covering a wide range of specializations.

The site does not mention any fees for searching; you can browse and filter companies freely. For listing a company, use the 'Submit Company' link—details are on the official site.

Click the 'Submit Company' link on the site. The process and any requirements are provided there; for specific questions, contact the site directly.

The directory is brought to you by ResponseHub, a company that offers AI-driven security questionnaire automation.

Comments