Penfold: the toolkit the practice extracted from its 2026 OpenBSD campaign
Five-stage open-source Python toolkit covering recon, verify, disclose, harness, and orchestrator. Includes the four-verifier pre-send hallucination filter from The Calculator Discipline. Walked-back ranking signals shipped alongside survivors, with per-tool post-mortems.
What it is
Penfold is the open-source Python toolkit TriageForge maintains for vulnerability research against OpenBSD-shaped C codebases. It bundles the recon, verify, and disclosure-discipline tools the practice built and validated during a 13-day OpenBSD campaign in May 2026 — the campaign that produced the four landed disclosures (OSPFD-001, OSPF6D-001, SNMPD-001, EIGRPD-001) listed on the practice’s Publications page.
The name is a Danger Mouse reference. Penfold is the hamster: modest, scope-aware, occasionally indispensable. That is roughly the right mental model.
The five-stage pipeline
| Stage | Subpackage | What it does |
|---|---|---|
| 1 | penfold.recon | Statistical ranking of candidate functions in a libclang-extracted corpus. Production primary signal is rmt_null_test (Marchenko-Pastur null via Monte Carlo); cg_dist_score is a modestly useful secondary; libclang_extractor is the AST front-end. |
| 2 | penfold.verify | frame_check returns a verdict on whether the OpenBSD stack-canary scheme (canary at [rbp-8] on amd64, PAC + canary on arm64) would defang an OOB write at a cited offset in the shipped binary. fingerprint_locate resolves source function names to addresses in stripped binaries. |
| 3 | penfold.disclose | The pre-send discipline layer. Includes caller_bounds_detector, disclosure_template (gate-enforced scaffold), and hallucination_check — the ten-verifier pre-send filter documented in The Calculator Discipline. |
| 4 | penfold.harness | harness_gen emits a *_verify.c skeleton for live testing under ASAN. harness.bsd_pwn provides raw-packet primitives for BSD-side network tests; used for the live amd64 DoS validation of EIGRPD-001. |
| 5 | penfold.orchestrator | mkii_run stitches the four upstream subpackages together via a JSON state file. Each command (screen, audit, harness, verify, disclose) maps to a workflow step; gates default to OPEN until ticked. |
Why publish it
Three reasons.
First, methodology integrity. The practice’s May 2026 paper The Calculator Discipline argues for routine pre-send discipline against AI-assisted disclosure hallucinations. That argument is hollow if the discipline lives only in the author’s private workflow. Penfold ships the four verifiers as open code so the case for routine pre-send checks is something other researchers can adopt at their own keyboards.
Second, honest walk-backs. Six structural ranking signals were built, evaluated, and walked back when the validation corpus grew to N=11,415: rmt_score_nb, dom_score, tda_score, vig_lambda2-as-anti-predictive, cpg_ranker, and three bayes_fuse variants. They live in the repository’s deprecated/ directory with per-tool post-mortems. Publishing the walked-back artefacts alongside the survivors is the part the practice cares about most. A paper saying “walk things back” means more when the walked-back artefacts ship in the same repository.
Third, small-lab credibility. Toolkits like penfold — open, BSD-licensed, honest about scope — are how a small independent practice contributes to the public conversation about vulnerability research at scale. Joern, angr, AFL, and the rest of the public toolchain were built the same way. The practice’s contribution is modest by comparison, but it is a contribution.
Installing and using
git clone https://github.com/jetnoir/penfold
cd penfold
pip install -e .
# Score every function in a libclang-extracted corpus
python -m penfold.recon.hunt_rmt_null my_corpus.pkl ranked.json
# Verify a candidate's stack frame against the shipped binary
python -m penfold.verify.frame_check /usr/sbin/ospf6d \
--arch x86_64 --function lsa_check \
--buf-offset -80 --buf-size 16 --oob-size 16
# Pre-send hallucination check on a disclosure draft
python -m penfold.disclose.hallucination_check draft.txt \
--source-root user@host:/path/to/openbsd-src --report report.md
Operational manuals, worked case studies and per-stage references are in docs/. Python 3.10 or later. Five runtime dependencies: libclang, NumPy, SciPy, NetworkX, pyserial.
Scope and honesty
Target class. OpenBSD-shaped C — kernel and userland daemons that follow the OpenBSD compiler-and-libc posture. Most components generalise to other BSDs and to Linux C; frame_check’s canary scheme is the one place this assumption is hard-coded.
Research-grade. The components are individually robust and have been used in anger across the practice’s 2026 disclosure batch. The package is not packaged as a turnkey scanner that a non-author can drop onto an unfamiliar binary and trust the output of. The documentation says so.
No tests yet. Honest 0.1.x admission. tests/README.md outlines the suite the practice intends to stand up before 0.2.0. Acceptable for research code at this stage; flagged for the next minor release.
Engagement
Patches and issues are welcome through the GitHub project. Methodology discussion is welcome by written email to the practice. Commercial support is not offered. Vulnerabilities in penfold itself should be reported to security@triageforge.co.uk per the project’s SECURITY.md.