BlogNews

An automated recon framework for web applications

An automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation, and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.

reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine’s correlation, it just makes recon effortless.

reNgine is an automated reconnaissance framework with a focus on a highly configurable streamlined recon process. reNgine is backed by a database, with data correlation and organization, the custom query “like” language for recon data filtering, reNgine aims to address the shortcomings of traditional recon workflow. Developers behind the reNgine understand that recon data can be huge, manually looking up for entries to attack could be cumbersome, with features like Auto Interesting Subdomains discovery, reNgine automatically identifies interesting subdomains to attack based on certain keywords (both built-in and custom) and helps penetration testers focus on attack rather than recon.

reNgine is also focused on continuous monitoring. Penetration testers can choose to schedule the scan at periodic intervals, get notified on notification channels like Discord, Slack, and Telegram for any new subdomains or vulnerabilities identified, or any recon data changes.

Interoperability is something every recon tool needs, and reNgine is no different. Beginning reNgine 1.0, we additionally developed features such as import and export subdomains, endpoints, GF pattern matched endpoints, etc. This will allow you to use your favorite recon workflow in conjunction with reNgine.

reNgine features Highly configurable scan engines based on YAML, that allows penetration testers to create as many recon engines as they want of their choice, configure as they wish, and use it against any targets for the scan. These engines allow penetration testers to use tools of their choice, the configuration of their choice. Out of the box, reNgine comes with several scan engines like Full Scan, Passive Scan, Screenshot gathering, OSINT Engine, etc.

Our focus has always been on finding the right recon data with very minimal effort. While having a discussion with fellow hackers/pentesters, screenshots gallery was a must, reNgine 1.0 also comes with a screenshot gallery, and what’s more exciting than having a screenshot gallery with filters, filter screenshots with HTTP status, technology, ports, and services.

We also want our fellow hackers to stay ahead of the game, reNgine 1.0 introduces automatic vulnerability reporting (currently only Hackerone is supported, other platforms may come soon). This allows hackers to define their own vulnerability report template and reNgine will do the rest of the job to report vulnerability as soon as it is identified.

-----------------------------------------------------

-----------------------------------------------------

https://rengine.wiki

Dark Mode

Recon Data filtering

Changelog

You can watch reNgine 1.0 release trailer here. (Recommended)

Please find the latest release notes and changelog here.

-----------------------------------------------------

https://127.0.0.1 or if you’re on the VPS https://your_vps_ip_address

https://reNgine.wiki

huntr

Security Researchers welcome onboard! I am excited to announce a bug bounty program for reNgine in collaboration with huntr.dev, this means you’ll be rewarded for any security vulnerabilities discovered in reNgine.

Thank you for your interest in reporting vulnerabilities to reNgine! If you are aware of potential security vulnerabilities within reNgine, we encourage you to report immediately via huntr.dev

Please do not disclose any vulnerabilities via Github Issues/Blogs/Tweets after/before reporting on huntr.dev as it is explicitly against huntr.dev and reNgine disclosure policy and will not be eligible for monetary rewards.

Please note that the maintainer of reNgine does not determine the bounty amount. The bounty reward is determined by an industry-first equation from huntr.dev to understand the popularity, impact, and value of repositories to the open-source community.

What do I expect from security researchers?

  • Patience: Please note that currently I am the only maintainer in reNgine and will take some time to validate your report. I request your patience throughout the process.
  • Respect Privacy and Security Reports: Please do not disclose any vulnerabilities in public (this also includes GitHub issues) before or after reporting on huntr.dev! That is against the disclosure policy and will not be eligible for monetary rewards.
  • Respect the rules

What do you get in return?

  • Much thanks from Maintainer
  • Monetary Rewards
  • CVE ID(s)

Please find the FAQ and Responsible disclosure policy from huntr.dev.

-----------------------------------------------------

contributing guide to get started.

You can also join our discord channel #development for any development-related queries.

-----------------------------------------------------

open issues.

-----------------------------------------------------

join our discord channel #support

-----------------------------------------------------

-----------------------------------------------------

  • GitHub Star to the project.
  • Tweet about this project, or maybe blogs?
  • Sponsor financially via Github or Paypal. https://paypal.me/yogeshojha11
  • Join DigitalOcean using my referral link your profit is $100 and I get $25 DO credit. This will help me test reNgine on VPS before I release any major features. ps. Please consider running reNgine/any recon on VPS!
  • If you are looking for Proxies, please use this referral link to purchase. Or you can also use a coupon renginehere on PrivateProxy, using coupon rengine, you’ll get an additional 25% off.

Together, we can make reNgine better every day!

-----------------------------------------------------

Source link

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button