pentestcostcalculator.com
Pen test scope

External infrastructure pen test

Internet-facing servers, services, network perimeter. Often a CREST / CHECK requirement for UK government and regulated industries.

Small
2-4d
£2,000-£6,000 UK
Medium
4-8d
£4,000-£12,000 UK
Large
8-15d
£8,000-£22,500 UK

Standards typically applied

NIST 800-115PCI DSS (where applicable)CHECK (UK gov scope)

Considerations that move the day count

  • External IP count drives day count more than any other factor
  • CHECK-scope work for UK government / CNI must use CHECK-team-member-led teams (typically £300-£500/day premium on standard CREST rates)
  • Cloud-hosted external infra may include cloud configuration review as an integrated scope
Source

NIST SP 800-115 + CREST methodology + Precursor Security 2026 scope ranges

Verified 2026-06-02
Other scopes
Web application pen test5-10dInternal infrastructure pen test5-10dMobile application pen test5-10dCloud configuration / pen test5-10dAPI pen test4-8dRed team engagement20-40d