Your first scan
Pencheff’s default standard profile maps findings to OWASP Top 10
categories in ~15 minutes. Pick the surface you want to work from:
- Open app.pencheff.com and sign in.
- Register target → enter the URL, optional credentials, scope, exclude paths.
- Pick a profile (
standardis the default balanced OWASP Top 10 run). - Click Start scan — you’ll be redirected to a live progress page with SSE-streamed stages.
- When it finishes, browse findings by severity, OWASP category, compliance framework.
Pencheff will never send traffic outside the scope you declared. Targets
are private by default, and credentials are Fernet-encrypted at rest in the
hosted SaaS, or MaskedSecret-wrapped (never logged) in the CLI.
Picking a profile
The dashboard exposes three tiers. Older specialised profiles
(engage, compliance, api-only, cicd, sca, iac,
supply-chain, network-va, hackme, continuous,
compliance-full) are still accepted by the API for backward
compatibility but get coerced to one of these three tiers at the
runner — pick the tier that matches the depth you want.
| Profile | Time | What’s included |
|---|---|---|
quick | ~5–10 min | Top-severity probes only. CI/CD-friendly fail-fast on critical/high. (Folds in the legacy cicd.) |
standard | ~20–40 min | OWASP Top 10 + active scanner. REST/GraphQL/API surface. ASM/SCA/IaC checks. Deterministic bug-bounty pipeline (subdomain → live filter → crawl → param → scan → triage). CVE correlation. (Folds in the legacy api-only, asm, sca, iac.) |
deep | 60+ min | Every module + Pulse + attack chains. Full swarm orchestration (Tier 2 · all 7 phases · top-1000 ports · subdomain fan-out ≤100). Deterministic orchestrator + MITRE ATT&CK narrative. PCI-DSS / SOC 2 / ISO 27001 / NIST / HIPAA mappings. (Folds in the legacy engage, compliance, compliance-full, supply-chain, network-va, hackme, continuous.) |
mobile-static | ~5 min | CLI only — static analysis of an APK or IPA: manifest, secrets, crypto, plist. No device required. |
LLM red-team scans use their own profile cap separate from URL profiles:
| Profile | Payloads | Wall time @ 18 RPM |
|---|---|---|
quick (LLM) | 25 | ~2 min |
standard (LLM) | 75 | ~5 min |
deep (LLM) | 250 | ~15–60 min |
See the full module list with list_scan_profiles.
What’s next
- Core concepts — understand sessions, findings, chains
- Features — deep-dive each scan area
- LLM red team — adversarial testing for chat endpoints
- Repo scanning — connect a GitHub repo and scan source + deps