$ £

$75 p/m, billed annually

Price is per user and subject to VAT.
30 day money back guarantee.

Deploy on-premises Info

Client certificate authentication Info

Unlimited engagements Info

Custom report templates Info

Findings library Info

Integrated CVSS calculator Info

PingCastle support Info

MFA with authenticator apps Info

Search and analyse imported scanner data Info

Dark mode available Info

Most common scanning tools supported Info

Further scanners added for free, just ask Info

Buy now

You can deploy HaxHQ on-premises, with full control over the host it runs on and full visibility into the source code. Being able to verify makes it easier to trust 🙂.

Fact: if your pentest reporting solution is not on-premises, you are not providing the best security available for your customers' vulnerability data


Client certificate authentication provides better web application security than any other authentication method.

HaxHQ is the only reporting tool on the market with an integrated Certificate Authority, allowing you to easily and securely deploy client certificate authentication as the second authentication factor.

You still have authenticator token MFA available if you need it.


Enjoy a simple fee structure with no in-app sales.

Once you buy HaxHQ you can use every aspect of it, as much as you need to.


Edit the default template to apply your branding by simply changing text and images in Word or get it all done for you for free.

Send us your current template and we will return a version of it that works with HaxHQ.


Build your library on the fly as you work on reports, with zero extra effort.

Never repeat an edit again - if you have reported a finding before and saved your texts to library they will get seamlessly loaded the next time.


Don't guesstimate the severity of a finding, easily calculate it with the integrated CVSS calculator.

Consistently present CVSS score and vector values add weight to your report and make it easier to justify the selected severity to the customer.


HaxHQ is the only reporting tool on the market with PingCastle support.

PingCastle does for Active Directory what Nessus does for the rest of your infrastructure. If you do AD testing and are not using PingCastle you are missing out.


If you don't want to use client certificate authentiation, for whatever reason, traditional MFA with authenticator apps is available.


Nessus scans contain a lot of information which can help a penetration tester during enumeration and testing.

If you have imported any to HaxHQ you can query all the information and even export IP lists to file based on ports, services or software etc.


Many pentesters spend way more time in front of a screen than our eyes can comfortably handle.

Enable dark mode and reduce the strain.


HaxHQ supports Nessus, Acunetix, Burp, Qualys and amass out of the box. These seem to be the most commonly used tools.

PingCastle is supported as well and if you use that tool you will LOVE what HaxHQ can do for you. If you do any AD testing, you should definitely add PingCastle to your tool set.


If you are using scanning tools which are not currently supported by HaxHQ please tell us.

We will add support for you, for free and within a month of you requesting it (in many cases a couple of days will suffice).