Pentest.fyi

Pentest.fyi is the definitive global directory for connecting organizations with professional penetration testing companies. It solves a critical problem in cybersecurity: finding a qualified, trustworthy, and relevant security testing partner. The platform meticulously catalogs over 7,599 service providers worldwide, offering an unparalleled database for businesses of all sizes, from startups to large enterprises. Its core value is simplifying the complex vendor selection process through powerful, granular search and filtering tools. Users can pinpoint companies based on geographic region, specific location, company size, certifications, and even whether they actively publish CVEs. Each detailed listing provides essential information like service offerings, employee count, and location, enabling informed, data-driven decisions. By streamlining the discovery and vetting process, Pentest.fyi empowers organizations to efficiently enhance their cybersecurity posture, manage risk, and meet compliance requirements with the right expert partner.

Global Company Directory

Access a comprehensive, searchable database of 7,599+ penetration testing companies from around the world. Each listing provides key details including company name, location, employee size, and a clear overview of their specific service offerings and specializations, giving you a solid foundation for comparison.

Advanced Search & Filtering

Precisely narrow down potential partners using a robust set of filters. Search by geographic region, country, or city. Filter by company size, from boutique firms to large consultancies. Refine results based on critical certifications like CREST, OSCP, or ISO 27001, and even by whether a company actively contributes to security research by publishing CVEs.

Detailed Company Profiles

Review in-depth profiles for each listed provider. Beyond basic contact information, profiles highlight core services, featured capabilities, and company descriptions. This transparency allows you to quickly assess if a firm's expertise aligns with your specific testing needs, such as web app, cloud, or mobile security.

Curated & Featured Listings

Discover vetted and highlighted companies on the platform's main page. These featured listings offer immediate visibility into reputable providers, showcasing firms with specific specializations like AI-powered testing or CREST-certified services, helping you identify standout candidates quickly.

Compliance-Driven Vendor Selection

An organization needing to comply with standards like PCI DSS, HIPAA, or GDPR must work with appropriately certified partners. Use the certification filter to instantly identify companies holding specific credentials, ensuring your chosen vendor meets strict regulatory and audit requirements.

Finding Local or Regional Expertise

A business preferring a local provider for onsite testing or regional compliance knowledge can use the location filters. Search by country, state, or city to find qualified penetration testing companies in your specific geographic area, facilitating easier communication and logistics.

Sourcing Specialized Testing Services

For projects requiring niche expertise, such as Kubernetes, embedded systems, or AI application security, browse detailed service tags in company profiles. This allows you to move beyond generalists and find firms with proven experience in your specific technology stack.

Scaling Security with Company Growth

A startup can find a small, agile firm for initial testing, while a large enterprise can filter for "Large" or "XL" companies with extensive resources for a global assessment. The employee size filter helps match the scale of the provider to the scale and complexity of your own organization's needs.

How does Pentest.fyi list companies?

Companies are submitted to the directory and cataloged to create a comprehensive database. The platform displays factual, publicly-available information about each firm, such as location, size, and certifications, serving as an aggregator and search tool rather than a rating or review site.

Is using Pentest.fyi free?

Yes, searching, filtering, and browsing the extensive directory of penetration testing companies is completely free for users. Organizations can use the platform's tools to discover and research potential security partners without any cost or obligation.

What does "Publishes CVEs" mean in the filters?

This filter identifies companies that actively contribute to public cybersecurity knowledge by discovering and publishing Common Vulnerabilities and Exposures (CVEs). Filtering for these companies can help you find partners deeply engaged in security research and vulnerability discovery.

How current is the data on Pentest.fyi?

The platform maintains a large, actively managed database. While it strives for accuracy, company details can change. It is always recommended to verify critical information, such as certifications and specific service offerings, directly with the chosen provider before engaging their services.