reNgine : An Automated recon Framework For Web Applications

reNgine is an automated reconnaissance framework meant for information gathering during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the domains, endpoints, or gather information.

The beauty of reNgine is that it gathers everything in one place. It has a pipeline of reconnaissance, which is highly customizable.

reNgine can be very useful when you want to perform the reconnaissance, gather endpoints, directory and file search, grab screenshots, and gather all the results in one place.

Suppose, if you have a domain hackerone.com, reNgine can perform the scan based on your scan engines, gather all the results in one place. reNgine makes it possible for use cases like, “I want to search the subdomain which has page title “Dashboard” and has page status as 200, and I quickly want to have a look at the screenshot”.

Another use-case could be, “I want to list all subdomains that use PHP, and the HTTP status is 200!”

On the endpoints part, reNgine is capable of gathering the URL endpoints using tools like gau, hakrawler which gathers URL from many sources like common crawl, Wayback engine, etc.

reNgine also makes it possible for the use case like, “search the URLs that have extension .php and HTTP status is 200!”

Suppose if you are looking for open redirection, you can quickly search for =http and look for HTTP status 30X, this will give high accuracy of open redirection with minimal efforts.

Demo

What it is not?

reNgine is not a:

  • Vulnerability scanner!
  • Reconnaissance with high accuracy (No! reNgine, uses other open-source tools, to make this pipeline possible. The accuracy and capability of reNgine is also dependent on those tools)
  • Speed oriented recon framework with immediate results

Screenshots

  • Scan results
  • Gathered Endpoints

Of course, at this point, reNgine does not give the best of the best result compared to other tools, but reNgine has certainly minimal efforts. Also, I am continuously adding new features. You may help me on this journey by creating a PR filled with new features and bug fixes. Please have a look at the Contributing section before doing so.

Flow

Getting Started

To get a local copy up and running, follow these simple example steps.

git clone https://github.com/yogeshojha/rengine.git
cd rengine

Prerequisites

  • Docker
    • Install docker based on your OS from here
  • docker-compose
    • Installation instructions for docker-compose from here

Installation

Assuming that you have followed the above steps and inside rengine directory

docker-compose up –build

The build process may take some time.

Alternatively, you also can run the project with pre-built Docker images (with 2FA enabled, you have to create a new personal access token with read:packages scope):

docker login docker.pkg.github.com
docker-compose pull
docker-compose up

Once the setup is done, you need to setup the password.

Register Account

Once the application is up and running, you need an account for reNgine. This can be easily created using createsuperuser from Django. Open a new terminal tab, and run the following command:

docker exec -it rengine_web_1 python manage.py createsuperuser

You may now enter your username and password. Remember to keep a secure password.

Usage

Note: reNgine does fingerprinting, port scanning, and banner grabbing, which might be illegal in some countries. Please make sure you are authorized to perform reconnaissance on the targeted domain before using this tool.

If the installation is successful, then you can run reNgine by using the command

docker-compose up -d

The web application can then be accessed from http://localhost:8000

VPS HTTPS Installation

If you are considering to install on VPS with https, here is an awesome blog written by @J0_mart https://www.jomar.fr/posts/2020/07/en-install-rengine-with-nginx-and-ssl-auto-renew/

R K

Recent Posts

GitButler : Revolutionizing Branch Management With Virtual Branches

GitButler is a git client that lets you work on multiple branches at the same…

2 hours ago

Minegrief : Unpacking A Crafty Minecraft Malware

Self-spreading to other Minecraft servers using an extendable, module-based lateral movement system. Crafty Controller Auth'd…

2 hours ago

ModTask – Task Scheduler Attack Tool

ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…

2 days ago

HellBunny : Advanced Shellcode Loader For EDR Evasio

HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…

2 days ago

SharpRedirect : A Lightweight And Efficient .NET-Based TCP Redirector

SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…

2 days ago

Flyphish : Mastering Cloud-Based Phishing Simulations For Security Assessments

Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…

3 days ago