revelion.ai
revelion@ai $ _
The Autonomous
AI PenTester
Sign Up and Start Testing in Minutes.
Real Strategy | Real Exploits | Real Reports
🇬🇧Built in the UK|🔒GDPR Compliant|🛡️Authorised Testing Only
Process
How Revelion Works
From scope definition to executive report — fully autonomous security testing in four steps.
01
01. Define Scope
Choose your target type, set boundaries, and define what's off-limits. You control exactly what gets tested.
1 / 4
01. Define Scope
Choose your target type, set boundaries, and define what's off-limits. You control exactly what gets tested.
02. AI Reconnaissance
Eight specialised agents map your attack surface — discovering services, technologies, and potential entry points autonomously.
03. Automated Exploitation
Real exploitation, not just scanning. Agents chain vulnerabilities together like an experienced pentester would — with proof-of-concept for every finding.
04. Actionable Report
Executive summaries for leadership, technical deep-dives for your team. CVSS scores, remediation steps, and proof-of-exploit for every finding.
01
Capabilities
Platform Features
Enterprise-grade autonomous penetration testing with the intelligence of seasoned security professionals.
Adapts Mid-Attack
Hits a dead end on the web app? It's already pivoting to that forgotten staging server it found earlier. No rigid playbooks — the AI thinks fluidly like you do.
Proves It, Doesn't Just Flag It
Every finding comes with a real proof-of-exploit. Not theoretical risk scores — actual evidence your client can't argue with.
Watch It Work
Live feed of every decision, discovery, and exploit. You see exactly what the AI is doing and why. No black box.
Catches What Scanners Miss
Chains vulnerabilities together, tests business logic, and explores attack paths that automated scanners can't see.
Runs While You Sleep
Launch a mission at 11pm, wake up to a finished report. Your billable hours just multiplied.
Findings You Can Trust
Every finding is confidence-scored. Know instantly what's confirmed, what's likely, and what needs a second look.
Control
Your AI, Your Rules
Full control before, during, and after every mission.
Go fully autonomous or take the wheel — it's your call.
Before Launch
During Mission
PRE-LAUNCH
Configure Your Mission
Set the strategy before a single packet is sent. Define your target type, aggression level, scope boundaries, and focus areas. Choose which tools to prioritise, which systems to exclude, and when testing should run.
Your methodology. Your rules. Every time.
1 / 2
Hybrid Mode
Real-time human steering
Proven Results
Real Vulnerabilities Exploited
Actual findings from Revelion's autonomous penetration testing — not theoretical risks, but confirmed exploits.
CRITICAL
CVSS 9.8
Remote Code Execution via Template Injection
Target
/artist.php
Detected user input being processed through a Twig template engine. Confirmed code evaluation with a mathematical probe, then escalated to full OS command execution as the Apache service account.
Technique
SSTI Detection → Expression Evaluation → RCE Chain
CRITICAL
CVSS 9.8
OS Command Injection with Output Capture
Target
/nslookup.php
Identified a POST parameter being passed directly to the operating system. Chained arbitrary Windows commands and captured filesystem output, confirming full server-level control.
Technique
Parameter Fuzzing → Command Chaining → Data Exfiltration
CRITICAL
CVSS 9.1
Arbitrary File Read via Server-Side Exploitation
Target
/artist.php
Leveraged a confirmed RCE vulnerability to read server-side PHP source code using relative path traversal. Successfully extracted application configuration files containing sensitive data.
Technique
Vulnerability Pivoting → File System Access → Source Code Extraction
Value
Pay Only For What You Use
No retainers. No subscriptions required. No minimum spend.
Just top up credits and test — starting from £10.
0
credits
£10starting price
No Contracts
cancel or stop anytime
Top Up Instantly
credits available in seconds
Transparent Usage
see exactly where every credit goes
No Wasted Spend
only pay for what you actually use
Get started for the price of 2 coffees.
Traditional Pentest
Cost
£15,000 — £30,000
Frequency
Once a year
Timeline
2-4 week wait for availability
Delivery
Static PDF, often months late
Retesting
Pay full price again
Cost
From £10
Frequency
On-demand, 24/7, unlimited
Timeline
Results in hours
Delivery
Interactive findings with live proof-of-concept
Retesting
Top up and go. Instantly.
Pricing
Simple, Transparent Pricing
Start free, scale as you grow. No hidden fees, no long-term contracts.
Free
£0pay-as-you-go
Perfect for getting started and occasional testing.
- Pay-as-you-go credits (£10 = 10,000 credits)
- Full autonomous pentesting
- Professional reports
- Email support
- Single target at a time
- Custom methodologies
Most Popular
Pro
£99/month
For teams who need regular, comprehensive testing.
- 125,000 credits/month included
- +25% bonus on top-ups
- Priority queue access
- Pre-Mission Intelligence
- Custom Tasks
- Executive reports
- Multiple concurrent targets
- Priority support
Enterprise
Custom
Tailored solutions for large-scale deployments.
- Unlimited credits
- Custom integrations
- On-premise deployment options
- SLA guarantees
- Custom Tasks
- Dedicated infrastructure
- SSO & advanced security
- 24/7 priority support
All plans include: Real exploitation (not just scanning) • Professional PDF reports • UK-hosted infrastructure • GDPR compliant
MSP/IT-Team Tiers Coming Soon
Support
Frequently Asked Questions
Everything you need to know about Revelion and autonomous penetration testing.
General
Revelion is an autonomous penetration testing platform. It uses AI agents to perform real security assessments against your systems - the same techniques a human pentester would use, but available on demand.
Scanners check for known signatures. Revelion thinks. It chains vulnerabilities together, adapts its approach based on what it finds, and exploits weaknesses to prove they're real - not just flag them as theoretical risks.
No. Revelion is a tool for security professionals, not a replacement. It handles the repetitive, time-consuming work so pentesters can focus on complex logic flaws and business context that require human judgement.
How It Works
A target URL or IP address and a Docker container running on your machine. Setup takes about 5 minutes.
The execution agent runs locally in a Docker container so all testing traffic originates from your infrastructure. Our cloud brain coordinates the strategy, but the actual testing happens on your side.
Yes. You define the target, scope boundaries, and exclusions before launch. During a mission, you can inject operator directives to steer the AI in real time - like telling it to focus on a specific endpoint or try particular credentials.
Depends on the target complexity. A simple web app might take 30-60 minutes. Larger targets with multiple services can run for several hours. You can watch the agents work in real time and stop at any point.
Security & Compliance
You must only test systems you own or have written authorisation to test. Revelion includes scope enforcement to prevent testing outside your defined boundaries. You are responsible for ensuring you have proper authorisation.
The execution agent runs on your infrastructure. Findings and mission data are stored in your account with row-level security isolation. We use Supabase (SOC 2 Type II certified) for data storage and Fly.io (SOC 2 Type II certified) for our cloud services.
Yes. We process minimal personal data, store it within certified infrastructure, and provide full data deletion on request. Our Privacy Policy details exactly what we collect and why.
Pricing & Access
Pay-as-you-go means you only use what you pay for - minimum purchase for credits is 10,000 (£10). Pro subscription is £99/month with 125,000 credits included (25% bonus). No long-term contracts.
A typical external pentest costs £10,000-20,000 and takes weeks to schedule. Revelion lets you test whenever you want for a fraction of the cost.
We're currently running a pilot programme with limited spots. Join the waitlist for early access.
Technical
Anything you point it at. Web apps, APIs, internal networks, external infrastructure, cloud services. The agent runs on your machine so it can reach whatever your network can reach.
The agent has access to industry-standard tools including Nmap, Nuclei, SQLMap, Feroxbuster, Playwright, and more - all running inside the Docker container. The AI decides which tools to use and how to combine them based on what it discovers.
Yes. Every mission generates a penetration test report with findings, severity ratings, CVSS scores, CVE references, and remediation guidance. Pro users get premium branded PDF reports.
Ready to Find What
Scanners Miss?
Stop relying on tools that only scratch the surface. Deploy AI that thinks, adapts, and exploits like a real attacker — at machine speed.
No credit card required • Free credits to start • Cancel anytime