pentestcostcalculator.com
Pen test scope

Internal infrastructure pen test

Internal network, Active Directory, lateral movement testing. Often follows an assumed-breach scenario — tester is given a low-privilege foothold.

Small
3-5d
£3,000-£7,500 UK
Medium
5-10d
£5,000-£15,000 UK
Large
10-20d
£10,000-£30,000 UK

Standards typically applied

NIST 800-115MITRE ATT&CK Enterprise

Considerations that move the day count

  • Active Directory maturity dominates findings — older AD estates accumulate misconfigurations rapidly
  • Assumed-breach vs zero-knowledge scope materially changes day count and value
  • VPN / remote-only testing during COVID era is increasingly the default; on-site testing carries travel + per-diem premium
Source

NIST SP 800-115 + MITRE ATT&CK + Precursor Security 2026 scope ranges

Verified 2026-06-02
Other scopes
Web application pen test5-10dExternal infrastructure pen test4-8dMobile application pen test5-10dCloud configuration / pen test5-10dAPI pen test4-8dRed team engagement20-40d