42Crunch pricing

Public pricing details for 42Crunch are not published in a standardized, self-serve format. The list price per seat or per scan is not available on the website, and quotes typically require direct engagement with sales. Cost drivers include the number of team members, the volume of APIs to be tested, deployment options, and the level of support or compliance documentation required.

As an alternative approach, middleBrick offers a self-service scanner with clearly defined pricing. The free tier supports three scans per month and CLI access with no user limits. The Starter plan at 99 dollars per month covers 15 APIs, monthly scans, a dashboard, email alerts, and the MCP Server. The Pro plan at 499 dollars per month supports 100 APIs, with additional APIs billed at 7 dollars each, and adds continuous monitoring, GitHub Action gates, and scheduled scans. The Enterprise plan is typically 2000 dollars per month or higher for unlimited APIs, custom rules, SSO, audit logs, and dedicated support.

The value of a scanner is tied to how its features reduce manual effort and improve coverage. middleBrick maps findings to OWASP API Top 10, SOC 2 Type II, and PCI-DSS 4.0, providing direct alignment with established controls. Continuous monitoring in the Pro tier produces diffs between scans, tracks score trends, and delivers email alerts at a rate-limited frequency. HMAC-SHA256 signed webhooks allow automated responses in CI/CD pipelines, and the tool supports authenticated scans using Bearer tokens, API keys, Basic auth, and cookies, with domain verification to ensure only domain owners can scan with credentials.

middleBlack is a black-box scanner that operates without agents, SDKs, or code access. It supports any language, framework, or cloud environment and completes scans in under a minute using read-only methods plus text-only POST for LLM probes. It does not perform active SQL injection or command injection, does not fix or remediate findings, and does not detect business logic vulnerabilities, blind SSRF, or provide compliance certification. It is designed to detect and report, with remediation guidance, and to complement rather than replace human pentesters for high-stakes audits.

middleBrick provides multiple delivery formats to fit different workflows. The Web Dashboard enables scan management, report downloads, and branded compliance PDFs. The CLI, distributed as an npm package, supports commands such as middlebrick scan <url> with JSON or text output. A GitHub Action can gate CI/CD, failing builds when scores drop below a set threshold. An MCP Server allows scanning from AI coding assistants, and a programmable API supports custom integrations. All scan data can be deleted on demand and is never used for model training.