Gordon VAPT goes beyond point-in-time assessments. Automated scanners run continuously while CERT-In empanelled pentesters validate, exploit, and prioritise findings for your team.
Gordon's scanning engine runs 24/7 across your entire attack surface — web applications, APIs, cloud infrastructure, network devices, and endpoints. New vulnerabilities are detected within hours of CVE publication.
Gordon VAPT is active within 24 hours of onboarding — no agents, no complex setup. Connect your domains and cloud accounts, and scanning begins immediately.
Add your domains, IP ranges, cloud accounts (AWS, Azure, GCP), and API endpoints. Gordon auto-discovers subdomains and shadow IT assets you may not know about.
Gordon's multi-engine scanner runs DAST, network scanning, cloud misconfiguration checks, and dependency analysis continuously. New CVEs are tested within hours of publication.
CERT-In empanelled pentesters conduct manual testing on a scheduled or on-demand basis — chaining vulnerabilities, testing business logic, and simulating advanced attacker techniques.
Developers receive prioritised, actionable fix guidance. After remediation, Gordon automatically re-scans to confirm closure. Compliance reports are generated instantly for regulatory submissions.
A private sector bank needed quarterly VAPT reports for RBI IT Framework compliance but was spending 6 weeks per cycle on manual testing and report writing.
Gordon reduced the cycle to 10 days — continuous scanning plus a 48-hour pentest report. RBI-formatted reports generated automatically. 23 critical findings fixed before the audit.
An enterprise SaaS startup needed a pentest report to close a Fortune 500 customer who required ISO 27001 evidence before signing. They had 3 weeks to deliver.
Gordon delivered the pentest report in 48 hours, found and helped fix 2 critical vulnerabilities, and provided an ISO 27001-aligned attestation letter. The deal closed on time.
A major e-commerce platform's annual pentest was scheduled for January. A critical CVE dropped in their payment gateway library 2 weeks before their peak sales season.
Gordon's continuous scanner detected the vulnerable library within 4 hours of CVE publication. The patch was deployed in 18 hours — before any attacker could exploit it during peak traffic.
Choose the plan that fits your team. VAPT features are highlighted below — scroll down to see the full platform included in every plan.
| Features | Free | Startup | Enterprise | Custom |
|---|---|---|---|---|
| ▶Overview(3 features) | ||||
| Gordon AI Credits (monthly) | 50 credits | 500 credits | 2,500 credits | Custom allocation |
| Dashboard | ✓ | ✓ | ✓ | ✓ |
| Account (User) Limit | 1 account | Up to 5 | Up to 20 | Unlimited |
| ▶Assess(7 features) | ||||
| Security Checklist (60-point) | Strong & Standard only | Dynamic + Analytics | Dynamic Checklist | ✓ |
| VAPT (Vulnerability Assessment) | — | — | 5 API + 10 Dynamic Pages | Custom |
| Third Party Risk | — | — | 3 vendors | Unlimited |
| Financial Impact — Risk Quantification | — | — | ✓ | ✓ |
| Financial Impact — Security ROI | — | — | ✓ | ✓ |
| Security Awareness (Phishing Sim + Training) | 5 Campaigns | 10 Campaigns | ✓ | ✓ |
| Cyber Force | — | — | On Demand | On Demand |
All other platform modules included | ||||
| ▶Identify(8 features)Other modules | ||||
| Monitored Domains | 1 | 5 | 20 | Unlimited |
| Monitored IPs | 5 | 50 | 500 | Unlimited |
| Monitored Web Apps | 1 | 5 | 20 | Unlimited |
| Tech & Services | ✓ | ✓ | ✓ | ✓ |
| Phishing Risk (Lookalike Domain + Email Security) | — | ✓ | ✓ | ✓ |
| Code Workspace (GitHub, GitLab, Bitbucket) | — | — | 2 Workspaces | Custom |
| Cloud Security Compliance | — | — | Single Cloud (3 instances) | Multi Cloud (10+) |
| Workforce Risk Monitoring | — | ✓ | ✓ | ✓ |
| ▶Monitor (SOC & Threat)(10 features)Other modules | ||||
| SOC Overview | — | — | 5 SOC Reports | ✓ |
| Alert Triage | — | — | 5,000 alerts/mo | Unlimited |
| Investigation | — | 50 investigations | Unlimited | ✓ |
| Threat Hunting | — | 1 exercise | Custom | Custom |
| Auto Response | — | — | ✓ | ✓ |
| Risk Monitoring | — | 5 Category dashboards | ✓ | ✓ |
| Threat Intelligence (Threats, IOCs, Campaigns) | — | 10 threats, 5 IOCs, 2 campaigns | Unlimited | Custom |
| Alert Center | — | ✓ | ✓ | ✓ |
| Brand Intelligence (Monitoring + Takedown) | 50 notifications | 1 Company monitoring | Full + Takedown | Full + Custom feeds |
| Dark Web Monitoring | Credential & Org Leaks | Industry + APT + Recent leaks | ✓ | ✓ |
| ▶Risk Transfer(2 features)Other modules | ||||
| Cyber Insurance | — | ✓ | ✓ | ✓ |
| Incident Hotline (24/7) | — | — | ✓ | ✓ |
| ▶Compliance (GRC)(2 features)Other modules | ||||
| GRC Module | 1 Policy creation | 1 framework | 3 frameworks | All + Custom |
| Unlimited Policy Generation | — | ✓ | ✓ | ✓ |
| ▶Extras & Integrations(3 features)Other modules | ||||
| Integrations | ✓ | 3 active | 15 active | All 26+ & Custom API |
| Marketplace | ✓ | ✓ | ✓ | ✓ |
| Credit Add-on Packs | — | ✓ | ✓ | ✓ |
| ▶Support & SLA(4 features)Other modules | ||||
| Support Channel | Docs only | Email (48h SLA) | Hotline + CSM (8h SLA) | 24/7 Engineer (1h SLA) |
| Dedicated Security Engineer | — | — | — | ✓ |
| White-label / MSSP | — | — | — | ✓ |
| API Access | — | — | — | ✓ |
All plans include a 15-day free trial — no credit card required.
The question is whether it's Gordon finding them — or an attacker. Start a free scan today. No credit card required.
