Pricing

Pro

€5

per month

One flat rate. No tiers.
Community is free. Pro is prepaid by the month — no auto-renewal.

30-day Pro trial — no account, no card. One trial per device.

Community

Free. No account. No time limit. No feature gates beyond the Pro extensions.

Scanner

42 active checks across OWASP Top 10 and API Security Top 10, 40 passive Nerve checks on every response, out-of-band detection via Oastify across 6 protocols. See the coverage matrix.

42 active40 passiveOWASP Top 10API Top 106 OOB protocols

Intruder

Fuzzer with 19 payload generators and 15 processing rules. Sniper, pitchfork, cluster bomb, and battering ram modes.

19 generators15 processors4 attack modesturbo mode

Toolkit

Repeater, decoder with transform chains, sequencer with FIPS randomness analysis, comparer for response diffing.

repeaterdecodersequencercomparersitemap

Proxy

Intercepting proxy with HTTP/1.1, HTTP/2, and WebSocket. On-the-fly TLS with auto-generated CA certificate. Match-and-replace rules, scope filtering, invisible-proxy mode, and hold/forward/drop interception.

HTTP/1.1HTTP/2WebSocketauto TLSmatch & replacescope filter

Pro

Everything in Community, plus the offensive toolkit and team features.

Race conditions

Single-packet attack, last-byte sync, and barrier-based coordination. Pre-built modules for common race patterns.

single-packetlast-byte syncbarrier

MCP

134 tools for AI agents. Claude Code, Cursor, Windsurf, or any MCP-compatible client drives the proxy, scanner, intruder, decoder, crawler, and Oastify directly. Includes 35 vurl-offensive tools for HTTP smuggling, cache poisoning, SSRF chains, and protocol-level attacks.

134 tools35 vurl toolsClaude / Cursoragent-driven

Synaps WASM modules

Community-contributed scanner modules written in Rust and compiled to WASM. Sandboxed with Wasmtime: 1B instruction fuel cap, 16 MB memory cap. Guest SDK exposes HTTP, raw TCP, DNS, TLS inspection, WebSocket, browser automation, and Oastify callbacks.

WASM sandboxRust SDKcommunity modules16 MB cap

Lua extensions

Hook requests, responses, and scan results. Modify live traffic. Permission-gated, sandboxed with execution limits.

Lua 5.4live trafficsandboxed

Collaboration

End-to-end encrypted project sharing — shared flows, findings, and scope in real time. Multi-project workspaces with isolation.

E2E encryptedreal-timemulti-project

vurl-offensive

35 MCP tools for high-value bug classes — HTTP smuggling, client-side desync, Kubernetes and cloud-metadata SSRF, MCP server RCE, LLM prompt injection, and JA3/JA4 fingerprint mirage. See the full coverage matrix.

35 toolsHTTP smugglingK8s SSRFJA3 / JA4 mirage

Mobile

Android APK and iOS IPA static analysis. Frida dynamic instrumentation. Storage inspection. Feeds the same scanner pipeline.

APK staticIPA staticFrida

How it works

How do accounts work?: Generate an account ID on the account page. It looks like HGN-A1B2C3D4-E5F6A7B8-C9D0E1F2. Save it — there is no email, no password, no recovery.
What happens when my time runs out?: Pro features stop working. Your data stays. Community features keep working. Buy more time at any point; the expiry extends from the current date.
Can I pay with crypto?: Yes — Bitcoin and Monero via BTCPay Server. No KYC, no tracking.
Refunds?: Card: full refund within 14 days if Pro features were not used. Crypto: not refundable (blockchain transactions are irreversible). Full refund policy.
Why no Enterprise tier?: One flat price for everyone. We do not differentiate by employer or team size.
Student discount?: Yes — verified GitHub Student Developer Pack holders get 12 months of Pro at no cost. Claim it here.