Real penetration testing, priced for small sites.
The industry average penetration test costs thousands and starts with a discovery call. We publish our prices, scope the work for small websites, and a human still does the testing.
Is your site exposed? Find out.
- 1 domain
- Manual critical-bug check by our team
- A straight yes or no answer
- Standard queue · no report, no card
- Covers one domain that you have verified you own.
- A member of our team reviews it by hand — there is no automated scanner.
- You get a single answer: does your site have any critical bugs, yes or no.
- Free checks sit in our standard queue and are not prioritised.
- No written report and no severity breakdown are included.
- No card is needed, and you can upgrade any time to see the detail.
A deep audit, done by hand.
- 1 domain
- A person audits your whole site
- Full written report of every bug we find
- Premium support + a real contact
Upgrade to Signal within 3 days and we credit everything you paid — you only cover the difference.
- Covers one domain that you have verified you own.
- A security engineer manually audits your whole site, by hand.
- You receive a full written report of every vulnerability we find.
- Each finding comes with its severity, the evidence, and a clear fix.
- This is a one-time engagement with no ongoing monitoring.
- Includes premium support and a named person from our team as your contact.
We find it, we fix it, we watch it.
Extend in 3-month blocks. +$36 per extra 3 months.
- 1 domain
- Full manual audit + report
- We fix every high and critical for you
- Security cover as you ship updates
- Premium support + a real contact
- Covers one domain that you have verified you own.
- The same full manual audit and written report as Circuit.
- We fix every high and critical issue for you, not just report it.
- Includes 3 months of security cover so we watch your app as you ship updates.
- Extend the cover in 3-month blocks whenever you need longer.
- Includes premium support and a named person from our team as your contact.
How that compares to a traditional pentest
| Traditional pentest firm | Bug Circuit Circuit — $49 | Bug Circuit Signal — $299 | |
|---|---|---|---|
| Price | $5,000 – $20,000+ | $49 one-time | $299 / 3 months |
| Testing | Manual (senior consultants) | Manual (senior tester, productized scope) | Manual + re-tests after fixes |
| Scope | Custom, negotiated over calls | Small-site web attack surface | Small-site scope + fix support |
| Time to start | 2–6 weeks of scoping | Starts after checkout | Starts after checkout |
| Report | Formal PDF | Full written report | Full report + fix verification |
| Best for | Enterprises, formal compliance | Small sites, WordPress, indie SaaS | Businesses that want it fixed, not just found |
The honest caveat: a $49 audit is not a 3-week enterprise engagement, and we never pretend it is. It is focused manual testing of the attack surface a small website actually exposes — which is exactly what most small businesses need and can afford. If your scope is bigger, we’ll say so before taking your money.
Every paid plan includes
- Manual testing by a human — logic flaws, access control, and auth issues automated scanners miss.
- A written report you can share — severity, evidence, plain-English impact, and exact fix steps.
- Authorized, legal testing — domain ownership verification and a recorded Authorization to Test first.
- 14-day money-back guarantee — full refund before your audit begins, no questions asked.
- Real support — talk to the people who actually tested your site, not a ticket queue.
Common questions
Why is Bug Circuit $49 when a penetration test normally costs $5,000+?
Is this a real manual test or an automated scan?
Is there a money-back guarantee?
What do I actually receive?
Do you test any website?
What if you find nothing serious?
Keep reading
Not sure yet? Start with the free check
Run the free passive scan and see your exposure first — no login, no charge, no impact on your site.