Free while we're in beta.
No credit card. No usage caps. Self-hosted means your data never leaves the workspace you own. When we open paid tiers, every beta workspace gets at least 90 days of grandfathered pricing.
Beta tier — the full product, no limits.
Start a free workspace- Unlimited engagements per workspace
- Unlimited workspace teammates
- All recon modules (CT, DNS, takeover, email security, Nuclei, WAF, redirect, GraphQL)
- Quick Scan chain (one-click apex audit)
- Scope enforcement at the route layer
- Tamper-evident SHA-256 hash-chained audit log
- TOTP MFA + single-use recovery codes per account
- Self-hosted password recovery (no email provider)
- Workspace tenancy + invitation links
- PDF report export
Pro & Enterprise tiers will add the workflows below. Pricing will be announced at general availability.
Talk about your needs- Everything in beta
- Webhook fan-out (Slack / Discord / generic JSON)
- Scheduled scans on a cron
- API keys for programmatic dispatch
- Higher dispatch + rate-limit ceilings
- Custom report branding
- SAML / SCIM provisioning (Enterprise)
Common questions
What happens when beta ends?
Every workspace created during beta gets at least 90 days of grandfathered free access after we announce paid tiers. You'll have plenty of notice and an obvious path to either pay or export your data.
Is the data really self-hosted?
Your workspace is hosted on Verilax infrastructure, but the authentication is self-contained — no third-party identity provider like Auth0 or Clerk. Operator identities, recovery codes, audit logs, and findings never leave the Verilax-managed workspace. We can also offer fully on-premise deployment for Enterprise; reach out.
Do I need to give you API credentials for AI providers?
No. Verilax does not call third-party AI providers from the operator's account. The 'AI-driven' tagline refers to module orchestration and finding deduplication; the recon modules use deterministic protocols (CT logs, DNS, HTTP fingerprints, etc.), not LLMs.
What's the rate limit on the free tier?
Per-IP write rate limit defaults to 30 actions / 60s + refill at 0.5/sec. Per-actor write limits are generous enough for normal operator workflows. Talk to us if you're doing scripted multi-workspace dispatch and we'll raise your ceiling.
Can I export everything?
Yes. Findings export to proposal-ready PDF today. JSON / CSV export per engagement is planned for Pro. The audit log is queryable via the workspace audit endpoint and can be dumped any time. Workspace deletion cascades cleanly with a type-the-name confirmation.
Ready to stand up your first engagement?
Five minutes from signup to your first scan results.