Independent reference. Not affiliated with any vendor listed.

$ list --filter=quote-only

18 of the 20 vendors in this index publish tier structures (or nothing) but no usable dollar figure. Here they are with what to ask before signing.

$ answer --question="Which pen-test vendors hide pricing entirely?"

Eighteen of the twenty vendors tracked here are quote-only: Cobalt.io, HackerOne, Bugcrowd, Synack, NetSPI, Rapid7, Bishop Fox, Trustwave SpiderLabs, Coalfire, Praetorian, Mandiant, CrowdStrike, Secureworks, Pentera, Intruder.io, BreachLock, DeepSeas Red (ex RedTeam Security), Schellman. Cobalt and BreachLock publish tier maps; the rest route every product to a sales call. None of this is unique to pen-test; it mirrors the wider enterprise-security purchasing pattern.

Last verified June 2026

$ vendors --list

$ before-signing --questions

Send every quote-only vendor the same twelve-question RFP. The answer-quality difference is itself a buying signal. See the RFP template.