Investment
A Plan for Every Team Scale
Simple, transparent pricing that grows with your security operation. No hidden fees.
Pentester
Perfect for solo security researchers and freelance bug hunters.
Squad
Ideal for lean security teams and growing startups.
Consulting
Tailored for boutique security firms and mid-sized consultancies.
Scale
Designed for enterprise MSSPs handling high-volume engagements.
Business
CustomPlan Limits
Intended For
Capabilities
Standard on all plans
We don't gate core utility. All platform capabilities are available on every tier — only capacity limits apply.
Dashboard
- Analyst overview
- Key summarized metrics
- Visual analytics charts
- Recent activity audit log
- Personal reminders for scheduled events
Clients
- Client onboarding
- Company profile management
- Invite client users
- Upload and manage client documents
- Client portal access
Projects
- Scope details & analytics
- Findings management & custom vulns
- Assign predefined & custom test cases
- Task management & assignment
- Team responsibility assignment
- Audit trail for CRUD activities
Reporting
- Custom report generation
- Upload custom templates
- Dynamic report fields
- Report charts & release configuration
Users & Groups
- Role-based access control (RBAC)
- Admin, Sales, Team Lead, Consultant
- Client Admins & Client Users
- User activation & 2FA management
- Create and manage groups
Calendar
- Schedule activities & engagements
- Assign engagement participants
- Automated email reminders for events
Master Library
- Centralized vulnerability database
- Assessment technology mappings
- Reusable vulnerability entries
Customization Engine
- White-label interface (Logo, Domain)
- Custom UI theme color & Full Dark Mode
- Configure custom client & project fields
- Custom statuses & severity levels
- Configure test cases & report templates
Global Utilities
- Application-wide activity tracking
- Security audit logging
- Custom email/project notifications
- Duplicate projects
- View, restore, or permanently delete projects
Questions
Common queries
A pentest management platform is a unified workspace for security teams to manage the entire VAPT lifecycle — from project scoping and team assignment to vulnerability tracking and automated report generation.
Yes! Rootflow was built for scale. MSSPs can manage hundreds of clients and projects with strict data isolation, custom branding, and granular RBAC for both consultants and client users.
Absolutely. Rootflow is available as a fully managed SaaS platform or as a self-hosted deployment (Docker Compose) for organizations with strict data sovereignty and compliance requirements.
Yes! Every plan comes with a 30-day free trial — no credit card required. You can explore all features and upgrade anytime.
Every organization runs in a fully isolated tenant with dedicated storage. All data is encrypted at rest and in transit. SSO and 2FA are supported.
Yes — on Consulting and Enterprise plans, you can apply your own logo, colors, domain, and company name across the entire platform.