Starting a Pentest - apviso [APVISO](/)Product

Resources

Developers

Company

[Pricing](/#pricing)[Partners](/partners)[Enterprise](/enterprise)

[Login](/login)[Get started](/register)

[Login](/login)[Start pentest](/register)

[Home](/)[Knowledge Base](/docs)Starting a PentestPentestingStarting a Pentest
==================

How to initiate a pentest, choose a pentest package, and understand what each package means for depth and runtime.

Initiating a Pentest
--------------------

1. Navigate to the target you want to pentest.
2. Click **Start Pentest**.
3. Select a **pentest package** (see below).
4. Optionally configure advanced settings, with credentials stored in your runner-local auth file.
5. Click **Confirm**.

The pentest is added to the self-hosted runner job queue and begins when an eligible runner claims it. You can monitor status from the target detail page or the **Pentests** list.

Pentest Packages
----------------

Pentest packages control the depth of analysis, the number of tests performed, and the runtime profile:

- **Demo / First Check** — controlled demo or eligible first self-hosted check.
- **Quick Check** — fast security review covering common vulnerability classes.
- **Launch Review** — balanced launch-readiness review across major attack vectors.
- **Full Pentest** — deeper authenticated, API, and business-logic assessment.
- **Compliance Evidence** — maximum-depth assessment with the strongest report and retest evidence.

Deeper packages give agents more time and token budget to reason about the application, resulting in broader coverage and more complex findings.

What Happens After You Click Confirm
------------------------------------

1. **License check** — APVISO verifies your self-hosted license, target allowance, runner heartbeat, and concurrency.
2. **Runner job** — APVISO creates a `pending_runner` scan job.
3. **Runner preflight** — your runner checks Docker, BYOK provider credentials, image digest/signature, and target reachability.
4. **Execution** — your runner launches the scan image locally; four AI agents stream findings to your dashboard in real time.
5. **Completion** — the reporter agent produces the final report and the pentest status moves to `completed`.

Concurrent Pentests
-------------------

The number of pentests you can run simultaneously depends on your tier and configured runner concurrency:

- **Pay per pentest** — 1 concurrent pentest, with no subscription and no monthly start cap; you pay $19 per pentest (fully refunded if a pentest finds nothing or errors out).
- **Launch** — 3 concurrent pentests with unlimited scans.
- **Team** — 10 concurrent pentests.
- **Enterprise** — custom limits through sales-managed terms.

If you exceed your concurrent limit, additional pentests remain pending until runner capacity opens.

### Related Articles

[Understanding Pentest Statuses

What each pentest status means and what actions are available at each stage.](/docs/scan-statuses)[License Usage

How self-hosted license state, runner health, and target visibility control pentest starts.](/docs/license-usage)[Subscription Plans

Compare the APVISO plans — Pay per pentest, Launch, Team, Partner, and Enterprise — and understand what each includes.](/docs/subscription-plans)[Authenticated Pentesting

Configure authentication so APVISO can test pages and API endpoints behind login — supporting bearer tokens, cookies, API keys, and more.](/docs/authenticated-scanning)

[Back to Knowledge Base](/docs)

[APVISO](/)Autonomous AI-powered penetration testing for modern web applications.

Subscribe

[](https://github.com/apviso)[](https://x.com/Apviso_com)[](https://www.linkedin.com/company/apviso/)

[![Featured on Good AI Tools](https://goodaitools.com/assets/images/badge.png)](https://goodaitools.com/ai/apviso)

Product

- [Features](/#features)
- [Sentinel](/sentinel)
- [Pricing](/pricing)
- [Integrations](/integrations)
- [Benchmarks](/#compare)
- [Affiliate Program](/affiliate)
- [Partners](/partners)
- [Enterprise](/enterprise)

Resources

- [Blog](/blog)
- [Use Cases](/use-cases)
- [Glossary](/glossary)
- [Comparisons](/comparisons)
- [Alternatives](/alternatives)
- [Compliance](/compliance)
- [Vulnerabilities](/vulnerabilities)
- [Industries](/industries)
- [OWASP APTS](/trust/apts)

Developers

- [Knowledge Base](/docs)
- [API Reference](/docs/api)
- [MCP Server](/docs/mcp)

Company

- [About](/about)
- [Contact](/contact)
- [Status](https://status.apviso.com)
- [Privacy Policy](/legal/privacy)
- [Terms of Service](/legal/terms)

© 2026 APVISO. All rights reserved.
