For Penetration Testing Firms

The platform that thinks like a pentester

Hexecution is an AI-native platform built around the test itself: native scan orchestration, smart finding content, AI-assisted review, and one-click reports. 500+ features refined by a working pentest firm on every engagement we deliver. And yes, it runs the business side too, so the spreadsheets and the bolted-on CRM can finally go.

The Reality

Most firms run on a patchwork

A reporting tool for deliverables. A CRM for the sales pipeline. Spreadsheets for scoping. Word for templates. A couple of consultants maintaining scripts on the side. Every seam between those tools is a place where things get dropped, re-keyed, or forgotten. And underneath it all, tooling that treats a pentest like a generic document project. We got tired of it, so we built a platform that treats scope, scans, findings, instances, and retests as first-class objects, and then we made it good enough to sell.

Pentest-first, not reporting-first

Built around how a test actually runs. Scope files auto-generated for your tools, scans orchestrated natively (Nmap, Nuclei, Amass, httpx, Dehashed), findings organized by instance and location, retests tracked per location. Not a document tool with a findings table bolted on.

Smart about content

500+ finding templates calibrated across 690+ real assessments, Nessus plugin auto-matching, per-instance CVSS, field inheritance across instances, DOCX round-trip import, and multi-model AI review (Claude, GPT, Gemini, Grok) built into the workflow, not sold as an add-on.

Runs the business side too

Deal pipeline, scoping engine with real hour math, e-signature, invoicing, commissions, and renewals. The parts of running a firm that reporting tools leave in your spreadsheets and CRM come along for free.

Sales to Invoicing

The whole engagement, in one place

Hexecution covers everything from first contact to renewal, but the highlighted steps are where it goes deepest: the test itself. That is the part most platforms treat as a document to format, and the part we obsess over.

Step 01

Deal Pipeline & Scoping

Kanban pipeline, sublinear pricing engine across 17 assessment types, 3 rate tiers, 7 discount types. Scope a deal in minutes.

Step 02

Proposal & E-Signature

Interactive proposal portal, real-time pricing, BoldSign SOW signing that auto-advances the deal and spins up the project.

Step 03

Scope & Scan OrchestrationPentest Core

Define scope once, auto-generate tool-specific scope files, and orchestrate Nmap, Nuclei, Amass, httpx, and Dehashed through production Airflow pipelines. Results merge into the asset inventory automatically.

Step 04

Findings & Smart ContentPentest Core

500+ curated templates, Nessus plugin auto-matching, per-instance CVSS, field inheritance, structured OWASP/CWE/CVE tags, and multi-model AI quality review before human peer review.

Step 05

Peer Review & DeliveryPentest Core

Structured 5-question reviews with delivery gating, then DOCX/PDF/CSV/web reports generated in seconds and delivered via secure tokenized links.

Step 06

Retest, Invoice & Renew

Per-location retest lifecycle, Xero invoicing, commission tracking, and an automated renewal and win-back engine.

See It Running

The same platform we use every day

These are real screens from Hexecution (shown with demo data). Start with the attack surface and the findings workspace where the testing happens, the scan and breach data behind it, then the analytics, scheduling, and pipeline that run the practice around it.

Attack surface, two lenses: what is reachable to test, and the full IP estate broken down by provider, discovery, and scope
The findings workspace: 500+ curated templates, per-instance CVSS and status, structured tags, and AI-assisted review, all in a two-panel editor
Scan orchestration with change detection: new, changed, and resolved findings across consecutive scans
Breach and OSINT data: exposed credentials surfaced per engagement, with source and hash
Calibrated impact analytics: size-normalized impact per consultant, with trajectories over time
Scheduling Gantt: allocations, utilization, and free capacity at a glance
Ops dashboard: active assessments, findings by severity, and review status at a glance
Deal pipeline: lead to won with scoping hours and pricing attached

Capabilities

500+ features, built for how firms actually work

Smart Findings Content

  • 500+ curated finding templates
  • Calibrated against 690+ real assessments
  • Nessus plugin ID auto-mapping, built in
  • Per-instance CVSS and field inheritance
  • Structured OWASP/CWE/CVE/root-cause tags
  • Team knowledge that compounds

AI-Assisted Quality

  • Multi-model review (Claude, GPT, Gemini, Grok)
  • Built in, not a paid add-on
  • 0-100 quality score per report
  • AI CVSS vector generation
  • Severity mismatch detection

Scan Orchestration & Continuous Testing

  • Native scan orchestration via Airflow
  • Auto-generated tool-specific scope files
  • Scheduled daily/weekly/monthly/quarterly scans
  • Asset-change detection between scans
  • Unified attack-surface dashboard
  • Change alerts routed to Slack

Calibrated Consultant Scorecard

  • Size-normalized impact ranking across engagements
  • Calibration bias factor (over/under-raters surfaced)
  • Per-consultant trajectory over time
  • Credits human-directed AI-agent findings
  • Transparent 'how impact is calculated' panel

Team & Delivery Ops

  • Consultant scheduling Gantt with capacity
  • Timesheet tracking with reminders
  • Multi-round peer review with delivery gates
  • Service coverage tracking across scans
  • Full field-level audit changelog

Business Operations

  • Deal pipeline with kanban and analytics
  • Scoping engine with sublinear hour math
  • BoldSign e-signature for SOWs
  • Xero invoicing integration
  • Commission tracking with referral tiers
  • Renewal automation and win-back engine

How it compares

Reporting platforms format the deliverable. Hexecution runs the test that produces it, then handles the practice around it too.

CapabilityHexecutionReporting PlatformsSpreadsheets & Word
Native scan orchestration (runs the scans)Manual
Asset-change detection between scansPartial
AI-assisted review, built in (not add-on)Add-on
500+ curated, calibrated finding libraryPartial
Per-instance CVSS & structured tagsPartialManual
DOCX round-trip import/exportPartialManual
Multi-round peer review with gatingPartial
Calibrated consultant scorecard
Interactive client portal with SSO
Deal pipeline, scoping & pricing engine
E-signature, invoicing & commissions
Renewal automation & win-back
Built by a working pentest firmYou

“Reporting Platforms” = dedicated pentest reporting/management tools. “Spreadsheets & Word” = home-baked stacks. Comparison reflects the workflow a firm runs end to end.

Built by a working pentest firm

Every feature exists because we hit the problem running TrustFoundry. Hexecution is not a SaaS company's guess at your workflow. It is the platform we use on every engagement, refined across 690+ assessments. When you ask for something, you are talking to the people who test for a living.

Here for the long run

Hexecution runs on a profitable services business, not venture burn. Early customers get a single-tenant deployment for real data isolation, a direct line to the team, and roadmap input. SOC 2 is on the roadmap, and we provide a security overview and architecture review to design partners today.

Want to run your firm on Hexecution?

We are working with a small number of firms as early customers. If you want a platform that goes deep on the test itself, not just a nicer place to write reports, let us show you how we run every engagement (business side included).