Gordon VAPT goes beyond point-in-time assessments. Automated scanners run continuously while CERT-In empanelled pentesters validate, exploit, and prioritise findings for your team.
Gordon's scanning engine runs 24/7 across your entire attack surface — web applications, APIs, cloud infrastructure, network devices, and endpoints. New vulnerabilities are detected within hours of CVE publication.
Gordon VAPT is active within 24 hours of onboarding — no agents, no complex setup. Connect your domains and cloud accounts, and scanning begins immediately.
Add your domains, IP ranges, cloud accounts (AWS, Azure, GCP), and API endpoints. Gordon auto-discovers subdomains and shadow IT assets you may not know about.
Gordon's multi-engine scanner runs DAST, network scanning, cloud misconfiguration checks, and dependency analysis continuously. New CVEs are tested within hours of publication.
CERT-In empanelled pentesters conduct manual testing on a scheduled or on-demand basis — chaining vulnerabilities, testing business logic, and simulating advanced attacker techniques.
Developers receive prioritised, actionable fix guidance. After remediation, Gordon automatically re-scans to confirm closure. Compliance reports are generated instantly for regulatory submissions.
A private sector bank needed quarterly VAPT reports for RBI IT Framework compliance but was spending 6 weeks per cycle on manual testing and report writing.
Gordon reduced the cycle to 10 days — continuous scanning plus a 48-hour pentest report. RBI-formatted reports generated automatically. 23 critical findings fixed before the audit.
An enterprise SaaS startup needed a pentest report to close a Fortune 500 customer who required ISO 27001 evidence before signing. They had 3 weeks to deliver.
Gordon delivered the pentest report in 48 hours, found and helped fix 2 critical vulnerabilities, and provided an ISO 27001-aligned attestation letter. The deal closed on time.
A major e-commerce platform's annual pentest was scheduled for January. A critical CVE dropped in their payment gateway library 2 weeks before their peak sales season.
Gordon's continuous scanner detected the vulnerable library within 4 hours of CVE publication. The patch was deployed in 18 hours — before any attacker could exploit it during peak traffic.
Choose the plan that fits your team. Upgrade or cancel anytime.
For growing companies up to 100 employees. Core security, GRC, and insurance in one platform.
Start Free TrialFor companies with 100–500 employees. Expanded limits across all modules.
Start Free TrialFor large enterprises 500+ employees. Unlimited scale, dedicated support, and custom SLAs.
Talk to Sales| Features | Free | Startup $1,787/mo |
Mid-Market $3,382/mo |
Enterprise $6,607/mo |
|---|---|---|---|---|
| ▶Attack Surface Monitoring12 scans/year | ||||
| Monitored Assets (Domains, IPs, Mobile Apps) | — | 1 asset | 3 assets | 10 assets |
| Exposed subdomains & open ports | — | ✓ | ✓ | ✓ |
| SSL/TLS certificate health | — | ✓ | ✓ | ✓ |
| DNS anomalies & misconfigurations | — | ✓ | ✓ | ✓ |
| Web technology fingerprinting | — | ✓ | ✓ | ✓ |
| CVE & vulnerability scoring | — | ✓ | ✓ | ✓ |
| Continuous monitoring & alerts | — | ✓ | ✓ | ✓ |
| ▶SOC Monitoring24/7 | ||||
| Monitored Endpoints | — | Upto 100 | Upto 500 | Upto 2,000 |
| AI-powered alert triage | — | ✓ | ✓ | ✓ |
| Kill-chain reconstruction (MITRE ATT&CK) | — | ✓ | ✓ | ✓ |
| Automated response playbooks | — | ✓ | ✓ | ✓ |
| CERT-In 6-hour incident reporting | — | ✓ | ✓ | ✓ |
| Threat intelligence (IOCs, Campaigns) | — | 10 threats, 5 IOCs | 50 threats, 20 IOCs | Unlimited |
| ▶Workforce Risk & Security Awareness | ||||
| Monitored Employees | — | Upto 100 | Upto 500 | Upto 2,000 |
| Email phishing simulation | — | ✓ | ✓ | ✓ |
| Custom phishing templates | — | ✓ | ✓ | ✓ |
| Security awareness training + LMS | — | ✓ | ✓ | ✓ |
| ▶Dark Web Monitoring | ||||
| Monitored Keywords (brand, legal name, vendors) | — | 1 keyword | 1 keyword | 5 keywords |
| Tor forums, paste sites, Telegram channels | — | ✓ | ✓ | ✓ |
| Breach databases & data dumps | — | ✓ | ✓ | ✓ |
| Ransomware & APT group monitoring | — | ✓ | ✓ | ✓ |
| ▶Cloud Security & Billing Monitoring | ||||
| Cloud Instances Monitored | — | 1 instance | 2 instances | 5 instances |
| Misconfiguration detection (CIS 572 benchmark) | — | ✓ | ✓ | ✓ |
| IAM & privilege escalation checks | — | ✓ | ✓ | ✓ |
| S3 / Blob public exposure alerts | — | ✓ | ✓ | ✓ |
| Cloud billing tracking & optimisation | — | ✓ | ✓ | ✓ |
| ▶GRC & ComplianceAudit charges extra | ||||
| Compliance Frameworks | — | 2 frameworks | 4 frameworks | 5 frameworks |
| Automated control mapping | — | ✓ | ✓ | ✓ |
| AI gap assessment & remediation tasks | — | ✓ | ✓ | ✓ |
| Policy & procedure auto-generation | — | ✓ | ✓ | ✓ |
| Risk register automation | — | ✓ | ✓ | ✓ |
| AI-based internal audit & audit-ready reports | — | ✓ | ✓ | ✓ |
| Trust center | — | ✓ | ✓ | ✓ |
| ▶Third Party Risk Management (TPRM) | ||||
| Vendors Monitored | — | 100 vendors | 250 vendors | 1,000 vendors |
| AI security questionnaire dispatch & scoring | — | ✓ | ✓ | ✓ |
| Continuous external surface scan | — | ✓ | ✓ | ✓ |
| Breach & dark web alerts for vendor | — | ✓ | ✓ | ✓ |
| Risk rating (A–F) with trend | — | ✓ | ✓ | ✓ |
| ▶Gordon AI | ||||
| AI Credits / Tokens | — | 500 credits | 1,000 credits | 1,000 credits |
| Auto-generated risk narratives | — | ✓ | ✓ | ✓ |
| One-click remediation playbooks | — | ✓ | ✓ | ✓ |
| Executive summary generation | — | ✓ | ✓ | ✓ |
| AI-assisted questionnaire filling (CRQ) | — | ✓ | ✓ | ✓ |
| Threat intelligence summaries | — | ✓ | ✓ | ✓ |
| ▶Brand Intelligence & Takedowns | ||||
| Brand Assets Monitored | — | 1 asset, 20 keywords | 3 assets, 60 keywords | 5 assets, 100 keywords |
| Fake domain / phishing page / typosquat monitoring | — | ✓ | ✓ | ✓ |
| Reverse imaging / logo detection | — | ✓ | ✓ | ✓ |
| Social media & counterfeit listing monitoring | — | ✓ | ✓ | ✓ |
| Takedowns (Rogue app, DMCA, Phishing pages) | — | 25 takedowns | 100 takedowns | 125 takedowns |
| ▶Consent Manager (DPDPA) | ||||
| Unique Consents (website / mobile app users) | — | 25K consents | 100K consents | 500K consents |
| Granular consent collection & withdrawal | — | ✓ | ✓ | ✓ |
| 15+ platform integrations | — | ✓ | ✓ | ✓ |
| 22 Indian language translation (DPDPA Art. 18) | — | ✓ | ✓ | ✓ |
| Cookie scanner, data deletion & grievance requests | — | ✓ | ✓ | ✓ |
| Google Consent Mode V2 support | — | ✓ | ✓ | ✓ |
All plans include a 15-day free trial — no credit card required.
The question is whether it's Gordon finding them — or an attacker. Start a free scan today. No credit card required.
