Web Application Security

reNgine – Reconnaissance Framework For Gathering Information During Penetration Testing

 

reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. The beauty of reNgine is that it gathers everything in one place. It has a pipeline of reconnaissance, which can be customized.

reNgine can be very useful when you have a domain, you want to recon the domain, gather endpoints, directory, and file search, performing visual reconnaissance, and gather the results in one place.
Suppose, if you have a domain hackerone.com, reNgine can perform the scan based on your defined scan engine, gather all the results in one place. reNgine makes it possible for use cases like, “I want to search the subdomain which has page title “Dashboard” and has page status as 200 and quickly want to have a look at the screenshot”, reNgine makes it possible.
Another use-case could be, “I want to list all subdomains that use PHP and the HTTP status is 200!”
On the endpoints part, reNgine is capable of gathering the URL endpoints using tools like gau, gathers URL from many sources like common crawl, Wayback engine, etc.
reNgine makes it possible for the use case like, “search the URLs that have extension .php and HTTP status is 200!”
Also, Suppose if you are looking for open redirection, you can quickly search for =http and look for HTTP status 30X, this will give high accuracy of open redirection with minimal efforts.

What it is not
reNgine is not a:

  • Vulnerability scanner!
  • Reconnaissance with high accuracy (No! reNgine, uses other open-source tools, to make this pipeline possible. The accuracy and capability of reNgine is also dependent on those tools)
  • Speed oriented recon framework with immediate results

Screenshots

Scan results

 

Gathered Endpoints

Of course, at this point, reNgine does not give the best of the best result compared to other tools, but reNgine has certainly minimal efforts. Also, I am continuously adding new features. You may help me on this journey by creating a PR filled with new features and bug fixes. Please have a look at the Contributing section before doing so.

Flow

Getting Started
To get a local copy up and running follow these simple example steps.

git clone https://github.com/yogeshojha/rengine.git
cd rengine

Prerequisites

  • Docker
    • Install docker based on your OS from here
  • docker-compose
    • Installation instructions for docker-compose from here

Installation
Assuming that you have followed the above steps and inside rengine directory

docker-compose up --build

The build process may take some time.

Usage

reNgine does fingerprinting, port scanning, and banner grabbing which might be illegal in some countries. Please make sure you are authorized to perform reconnaissance on the targeted domain before using this tool.

If the installation is successful, then you can simply run reNgine by using the command

docker-compose up -d

The web application can then be accessed from http://localhost:8000

Contributing
Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated. Your contributions could be as simple as fixing the indentations or fixing UI to as complex as bringing new modules and features.
See contributing guide to get started.

First-time Open Source contributors
Please note that reNgine is beginner-friendly. If you have never done any open-source yet, we encourage you to do so. We will be happy and proud of your first PR ever.
You can begin with resolving any open issues.

Acknowledgements and Credits
reNgine is just a pipeline of recon. reNgine would not have been possible without the following individuals/organizations.

Also, some of the icons and images used herein reNgine are from Freepik and Flaticon.

 

To Top

Pin It on Pinterest

Share This