reNgine: an automated reconnaissance framework

reNgine

reNgine is an automated reconnaissance framework with a focus on a highly configurable streamlined recon process. reNgine is backed by a database, with data correlation and organization, the custom query “like” language for recon data filtering, reNgine aims to address the shortcomings of traditional recon workflow. Developers behind the reNgine understand that recon data can be huge, manually looking up for entries to attack could be cumbersome, with features like Auto Interesting Subdomains discovery, reNgine automatically identifies interesting subdomains to attack based on certain keywords (both built-in and custom) and helps penetration testers focus on attack rather than recon.

reNgine is also focused on continuous monitoring. Penetration testers can choose to schedule the scan at periodic intervals, get notified on notification channels like Discord, Slack, and Telegram for any new subdomains or vulnerabilities identified, or any recon data changes.

Interoperability is something every recon tool needs, and reNgine is no different. Beginning reNgine 1.0, we additionally developed features such as import and export subdomains, endpoints, GF pattern matched endpoints, etc. This will allow you to use your favourite recon workflow in conjunction with reNgine.

reNgine features Highly configurable scan engines based on YAML, that allows penetration testers to create as many recon engines as they want of their choice, configure as they wish, and use it against any targets for the scan. These engines allow penetration testers to use tools of their choice, the configuration of their choice. Out of the box, reNgine comes with several scan engines like Full Scan, Passive Scan, Screenshot gathering, OSINT Engine, etc.

Our focus has always been on finding the right recon data with very minimal effort. While having a discussion with fellow hackers/pentesters, screenshots gallery was a must, reNgine 1.0 also comes with a screenshot gallery, and what’s exciting than having a screenshot gallery with filters, filter screenshots with HTTP status, technology, ports, and services.

 

reNgine

Feature

  • Reconnaissance:
    • Subdomain Discovery
    • IP and Open Ports Identification
    • Endpoints Discovery
    • Directory/Files fuzzing
    • Screenshot Gathering
    • Vulnerability Scan
      • Nuclei
      • Dalfox XSS Scanner
      • CRLFuzzer
      • Misconfigured S3 Scanner
    • WHOIS Identification
    • WAF Detection
  • OSINT Capabilities
    • Meta info Gathering
    • Employees Gathering
    • Email Address gathering
    • Google Dorking for sensitive info and urls
  • Projects, create distinct project spaces, each tailored to a specific purpose, such as personal bug bounty hunting, client engagements, or any other specialized recon task.
  • Perform Advanced Query lookup using natural language alike and, or, not operations
  • Highly configurable YAML-based Scan Engines
  • Support for Parallel Scans
  • Support for Subscans
  • Recon Data visualization
  • GPT Vulnerability Description, Impact and Remediation generation
  • GPT Attack Surface Generator
  • Multiple Roles and Permissions to cater a team’s need
  • Customizable Alerts/Notifications on Slack, Discord, and Telegram
  • Automatically report Vulnerabilities to HackerOne
  • Recon Notes and Todos
  • Clocked Scans (Run reconnaissance exactly at X Hours and Y minutes) and Periodic Scans (Runs reconnaissance every X minutes/- hours/days/week)
  • Proxy Support
  • Screenshot Gallery with Filters
  • Powerful recon data filtering with autosuggestions
  • Recon Data changes, find new/removed subdomains/endpoints
  • Tag targets into the Organization
  • Smart Duplicate endpoint removal based on page title and content length to cleanup the reconnaissance data
  • Identify Interesting Subdomains
  • Custom GF patterns and custom Nuclei Templates
  • Edit tool-related configuration files (Nuclei, Subfinder, Naabu, amass)
  • Add external tools from Github/Go
  • Interoperable with other tools, Import/Export Subdomains/Endpoints
  • Import Targets via IP and/or CIDRs
  • Report Generation
  • Toolbox: Comes bundled with most commonly used tools during penetration testing such as whois lookup, CMS detector, CVE lookup, etc.
  • Identification of related domains and related TLDs for targets
  • Find actionable insights such as Most Common Vulnerability, Most Common CVE ID, Most Vulnerable Target/Subdomain, etc.

 

Flow

 

Install & Use

Copyright (C) 2020 yogeshojha