Getting startedYour first scan

Your first scan

Pencheff’s default standard profile maps findings to OWASP Top 10 categories in ~15 minutes. Pick the surface you want to work from:

  1. Open app.pencheff.com and sign in.
  2. Register target → enter the URL, optional credentials, scope, exclude paths.
  3. Pick a profile (standard is the default balanced OWASP Top 10 run).
  4. Click Start scan — you’ll be redirected to a live progress page with SSE-streamed stages.
  5. When it finishes, browse findings by severity, OWASP category, compliance framework.

Pencheff will never send traffic outside the scope you declared. Targets are private by default, and credentials are Fernet-encrypted at rest in the hosted SaaS, or MaskedSecret-wrapped (never logged) in the CLI.

Picking a profile

The dashboard exposes three tiers. Older specialised profiles (engage, compliance, api-only, cicd, sca, iac, supply-chain, network-va, hackme, continuous, compliance-full) are still accepted by the API for backward compatibility but get coerced to one of these three tiers at the runner — pick the tier that matches the depth you want.

ProfileTimeWhat’s included
quick~5–10 minTop-severity probes only. CI/CD-friendly fail-fast on critical/high. (Folds in the legacy cicd.)
standard~20–40 minOWASP Top 10 + active scanner. REST/GraphQL/API surface. ASM/SCA/IaC checks. Deterministic bug-bounty pipeline (subdomain → live filter → crawl → param → scan → triage). CVE correlation. (Folds in the legacy api-only, asm, sca, iac.)
deep60+ minEvery module + Pulse + attack chains. Full swarm orchestration (Tier 2 · all 7 phases · top-1000 ports · subdomain fan-out ≤100). Deterministic orchestrator + MITRE ATT&CK narrative. PCI-DSS / SOC 2 / ISO 27001 / NIST / HIPAA mappings. (Folds in the legacy engage, compliance, compliance-full, supply-chain, network-va, hackme, continuous.)
mobile-static~5 minCLI only — static analysis of an APK or IPA: manifest, secrets, crypto, plist. No device required.

LLM red-team scans use their own profile cap separate from URL profiles:

ProfilePayloadsWall time @ 18 RPM
quick (LLM)25~2 min
standard (LLM)75~5 min
deep (LLM)250~15–60 min

See the full module list with list_scan_profiles.

What’s next