The open-source, all-in-one security platform
Pencheff is the all-in-one security platform — built around three orthogonal commitments: methodology, coverage, and reporting. Each is enforced by the engine, not the operator.
Pencheff follows an adversarial methodology modelled on manual penetration testing — reconnaissance, authenticated coverage, business-logic probing, and exploit chaining — delivered with the consistency of automation.
Read the procedureInjection, access control, authentication, cryptography, client-side, infrastructure, cloud, and API — examined with Pencheff's first-party probes. Auxiliary tools are optional and operator-managed.
See the instrumentsEvery assessment yields a formal report with executive summary, letter grade, and evidence — mapped to OWASP Top 10, SOC 2, PCI-DSS, NIST 800-53, ISO 27001, and HIPAA categories.
Inspect a dossierEach engagement traces the same adversarial path — from passive reconnaissance to multi-step exploit chaining — so that two assessments of the same target, six months apart, are directly comparable.
Passive enumeration: subdomains, DNS, certificate transparency, public artefacts, technology fingerprint.
Authenticated and unauthenticated crawls, API discovery, endpoint inventory, parameter cataloguing.
Forty-nine instruments fired against the surface — injection, access control, OAuth, cloud, business logic.
Each finding re-fired with crafted payloads. Request and response evidence captured. False positives discarded.
Single findings composed into multi-step attacks: SSRF → metadata, XSS → session theft, IDOR → privilege escalation.
Forty-nine first-party instruments cover the modern attack surface — injection, access control, authentication, cryptography, client-side, infrastructure, cloud, and API — and can be composed with repo scanning, threat models, compliance rollups, SBOM output, and LLM red team workflows. Auxiliary tools (nmap, sqlmap, nuclei, ffuf, hydra, nikto) remain optional and operator-managed.
First-party probes — exhaustively catalogued, individually verified, weighted by severity. Re-examination of any finding is unlimited on every plan.
Web DAST, code analysis, dependency intelligence, infrastructure posture, AI red team, and cloud surface checks all normalise into the same finding schema — so an engineer triaging injection and an auditor reviewing compliance are reading the same record.
Pencheff covers the full OWASP LLM Top 10 (2025) with curated payload libraries, attacker-driven loops, and judge-backed scoring. Agentic testing probes tool calls, memory, planners, and swarm workflows. The Sentry guardrail enforces policy at runtime.
Roleplay, payload splitting, obfuscation, encoding variants, jailbreak corpora, and regression suites against any OpenAI-compatible endpoint. Attacker-LLM loops and judge-backed scoring when configured.
LLM red team →Tool authorization abuse, memory and context attacks, planner hijacking, cross-session leakage, retrieval poisoning, and swarm orchestration probes for agent-based products.
Agentic tests →Sentry runtime guardrail for prompt, response, tool, and PII policy checks. Maps to OWASP LLM, MITRE ATLAS, NIST AI RMF, EU AI Act, ISO/IEC 42001, and SOC 2.
Guardrails →Runtime protection · live traffic
Point your app at a target’s guardrail proxy and Pencheff inspects every request inline — prompts, responses, tool calls, and the memory your agents trust.
Drop-in gateway for any OpenAI-compatible model. Every prompt and response is checked against your OWASP-LLM policy before it reaches the model — or your users.
Runtime proxy →Per-target rules gate the tool calls your model makes — block SSRF, secret exfiltration, and destructive actions, require human approval, or redact credential-shaped arguments.
Agent firewall →Every proxied request recorded as a span tree — the LLM call, the detector verdict, the firewall decision — viewable per target, with zero added latency.
Runtime traces →Audit agent memory, vector-store chunks, and retrieved documents for secrets at rest and memory poisoning — injected instructions hiding in the context your agents trust.
Memory scanner →From registration to remediation, the same procedure governs every assessment — so that the engineer who runs it, the operator who reviews it, and the auditor who reads it are all working from the same record.
Provide a target URL and, optionally, credentials for authenticated coverage. All secrets are encrypted at rest.
Commission a quick, standard, or deep assessment. Progress streams live; stages are logged for review.
Triage findings with full request/response evidence. Re-examine any finding after remediation with a single action.
Download a formal DOCX or PDF report, dispatch to ticketing, and close out with verified evidence.
Two dossiers, issued together. Engineering receives the technical record; audit and executive readers receive the framework-mapped summary. Bound by a single grade and a single date of issue.
Pencheff normalises every finding against application security standards, audit frameworks, and AI governance requirements — so your engineers, auditors, and compliance officers work from the same report.
Every confirmed finding maps to one or more application security control frameworks.
Dossiers are issued with compliance rollup tables ready for auditor review.
AI assessment output maps to governance frameworks for LLM and agentic products.
Slack, Jira, GitHub, SARIF, webhooks, and more — findings route into your existing toolchain automatically. No new dashboard to babysit.
Dashboards, reports, multi-workspace, integrations, and schedules. Sign up and run a full assessment in under three minutes.
Get started →Native Mac client. Same workspace as the web app, plus on-device repo scanning, Downloads + macOS posture monitors, and an agentic remediation runner that keeps source on your machine.
Get started →Run deterministic checks in pipelines. Emit SARIF, trigger GitHub checks, and route findings into the platform from any CI system.
Get started →Expose scanning and security automation as tools to compatible AI agents. Invoke assessments and fetch findings inside AI workflows.
Get started →Operate the full stack inside your boundary via Docker Compose. Control data residency, tune scanning, and meet internal security policy.
Get started →Direct answers — on authorisation, scope, plans, audit acceptance, self-hosting, and credential handling. For anything else, write to us.
Yes. Pencheff is free to use and fully open source under the MIT licence. The entire platform is on GitHub and self-hostable as a Docker Compose stack - run it inside your own boundary with no licence fee, no seat limits, and no feature gating. There is nothing to pay and nothing locked behind a tier.
Pencheff is for applications you own or have been granted written permission to assess. It is an instrument of assurance, not a means of unauthorised access. Please direct it only at systems within your mandate.
One complete engagement against a target: reconnaissance, infrastructure, injection, client-side, authentication, authorisation, advanced web, API, business logic, cloud, file handling, websocket, subdomain takeover, and exploit chaining. Re-examination of individual findings is unlimited.
Quick profile: 2-5 minutes. Standard: 10-25 minutes. Deep: 30-90 minutes, contingent on application breadth.
Yes. DOCX and PDF reports include evidence-backed mapping to OWASP Top 10 (2021), PCI-DSS 4.0, NIST 800-53, SOC 2 (CC6/CC7), ISO 27001:2022, and HIPAA Security Rule - accepted by auditors as evidentiary material.
Yes. Pencheff is distributed as a Docker Compose stack under an MIT licence. Refer to the repository documentation for installation.
Credentials are encrypted at rest with Fernet (AES-128 in CBC mode with HMAC-SHA256). Removing a target removes its credentials immediately.
A complimentary assessment takes under three minutes to commission and under thirty to complete. No credit card, no sales call.