The All-in-One Platform
for Security Consultancies
Scope engagements, generate SOWs, manage testing, and deliver live results — all on your own isolated Private Cloud. Your brand. Your infrastructure. Your competitive edge.
From first call to final fix:
one platform
Most teams use Excel for scoping, Word for SOWs, and a separate tool for reporting. SPEAR replaces all of them with a single integrated workflow.
Sales & Scoping
Stop scoping in Excel and writing SOWs in Word. SPEAR automates the entire pre-engagement pipeline — from lead capture and scoping questionnaires through branded SOW generation and e-signature.
- CRM Pipeline
- SOW Generation
- Pricing Workbench
- Scoping Portal
Engagement Management
Manage your entire testing portfolio from a single dashboard. Schedule consultants, track timelines, monitor utilization, and never miss a deadline across dozens of concurrent engagements.
- Resource Scheduling
- Consultant Management
- Timeline Tracking
- PTO & Availability
Testing Operations
Centralized vulnerability management with 20+ scanner imports, structured retesting workflows, and methodology-driven test cases. The command center for active engagements.
- Vulnerability Tracking
- 20+ Scanner Imports
- Retesting Workflows
- Test Cases
Delivery & Portals
Dead documents don't fix vulnerabilities. Deliver native PDF reports for auditors and live client portals for real-time remediation tracking. No Word export needed — by design.
- Native PDF Export
- Live Client Portals
- Branded Themes
- Content Library
Everything included.
Every plan.
SSO, branding, RBAC, and audit trails are included on every plan. Enterprise-grade capabilities without the enterprise complexity.
White-Label Everything
Your brand on every touchpoint. Login pages, PDF reports, client portals, SOW documents, and scoping questionnaires all carry your identity. Set it once — every artifact is on-brand.
AI-Powered Writing
AI-assisted finding descriptions, severity recommendations, and remediation guidance. Write faster, more consistent reports with intelligent content generation that learns your style.
Dynamic Shortcodes
Variables that auto-populate across templates. Client name, dates, scope details — define once, use everywhere in reports and SOWs. No more find-and-replace mistakes.
Full Audit Trail
Complete activity logging for every action. Track who changed what, when. Built for SOC 2 and ISO 27001 compliance. Your clients' auditors will thank you.
RBAC + SSO Included
Granular role-based access control with SAML/OIDC SSO on every plan. Admin, manager, consultant, and viewer roles with custom permission sets.
20+ Integrations
Import from 20+ industry-standard vulnerability scanners and testing tools. Connect with your ticketing and workflow platforms. Full REST API for custom automation.
Your Infrastructure. Your Data.
Single-tenant deployment on your own VPS, Docker, or bare metal. Air-gapped support for classified environments. Your data never touches a shared cloud — no third-party dependency, no vendor lock-in.
Dead Documents Don't Fix Vulnerabilities
Static Word docs get emailed, filed, and forgotten. SPEAR gives you native PDF for auditors and live portals for real-time remediation tracking.
Native PDF Reports
Tamper-proof, audit-ready PDFs generated directly from structured data. No Word intermediate, no formatting headaches. Your brand, your template, delivered in minutes.
- Custom branded templates with your logo & colors
- Executive, Technical, and Compliance formats
- Consistent formatting across all engagements
- One-click export with table of contents
- Immutable audit trail for compliance
Live Client Portals
Give clients their own branded portal with live findings, remediation tracking, and direct communication. Included free on every plan.
- White-labeled with your client's branding
- Real-time findings as you test
- Built-in remediation tracking & re-test requests
- Secure commenting and collaboration
- Unlimited client accounts (free)
Simple, Transparent
Pricing.
Every feature on every plan. SSO, branding, unlimited portals, and AI included. The only difference is how you deploy and how many users you need.
SPEAR Solo
For independent consultants and freelance pentesters. Your own managed cloud instance.
- Full Platform Access
- Unlimited Client Portals
- SSO / SAML Included
- 20+ Scanner Integrations
- AI-Powered Report Writing
- Native PDF Engine
- Dedicated Private VPS
- Zero DevOps Required
- Community Support
Self-Hosted
Full platform on your infrastructure. You host it, you own it.
- Full Platform Access
- Unlimited Client Portals
- SSO / SAML Included
- 20+ Scanner Integrations
- AI-Powered Report Writing
- Native PDF Engine
- Docker/Kubernetes Ready
- Ops Seats: $50/seat/mo
- Community Support
SPEAR Team
For growing consultancies and agencies. Managed cloud with zero DevOps.
- Full Platform Access
- Unlimited Client Portals
- SSO / SAML Included
- 20+ Scanner Integrations
- AI-Powered Report Writing
- Native PDF Engine
- Dedicated Private VPS
- Ops Seats: $50/seat/mo
- Zero DevOps Required
- Community Support
Enterprise
For large firms, government, and MSSPs with advanced security and compliance requirements.
- Full Platform Access
- Unlimited Client Portals
- SSO / SAML Included
- 20+ Scanner Integrations
- AI-Powered Report Writing
- Native PDF Engine
- Priority Support
- Dedicated Success Manager
- Custom Legal & Procurement
- Custom Invoicing
- SLA-Backed Uptime
- White-Glove Migration
Why SPEAR? See the difference.
Other tools cover one phase. SPEAR covers all four.
| Feature | SPEAR | Reporting Tools | Portal Platforms | Spreadsheets |
|---|---|---|---|---|
| CRM / Sales Pipeline | ||||
| SOW Generation | ||||
| Pricing Workbench | ||||
| Engagement Management | ||||
| Vulnerability Tracking | ||||
| Native PDF Export | ||||
| Live Client Portals | ||||
| White-Label Branding | ||||
| SSO Included (No Tax) | ||||
| Single-Tenant Isolation | ||||
| Self-Hosted Option | ||||
| Published Pricing |
Frequently Asked Questions
Why no Word export?
By design. Word documents get modified, emailed around, and lose formatting. Our native PDF engine produces tamper-proof, audit-ready deliverables. Live Client Portals handle the collaboration that Word can't.
How is SPEAR different from other security tools?
Most tools only cover reporting. SPEAR covers the full engagement lifecycle — CRM pipeline, SOW generation, pricing workbench, engagement management, vulnerability tracking, and delivery (PDF + live portals) in one platform.
Is SSO really included on every plan?
Yes. SAML and OIDC single sign-on are included on every plan, including Self-Hosted. Security features shouldn't require a tier upgrade.
What does 'single-tenant' mean?
Every SPEAR instance runs on its own isolated infrastructure. Your data is never co-mingled with other customers. No shared databases, no shared servers — complete data sovereignty.
At $160/month per tester, SPEAR pays for itself after just 2 engagements. Stop scoping in Excel, writing SOWs in Word, and reporting in yet another tool.
