All Projects → yogeshojha → Rengine

yogeshojha / Rengine

Licence: gpl-3.0
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Programming Languages

python
139335 projects - #7 most used programming language
javascript
184084 projects - #8 most used programming language
CSS
56736 projects
HTML
75241 projects
shell
77523 projects
Dockerfile
14818 projects

Projects that are alternatives of or similar to Rengine

tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-95.87%)
Mutual labels:  scanner, penetration-testing, bug-bounty, infosec, recon, bugbounty, information-gathering, reconnaissance
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (-1.4%)
Mutual labels:  osint, security-tools, reconnaissance, information-gathering, penetration-testing, bugbounty, scanning
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-87.58%)
Mutual labels:  osint, security-tools, reconnaissance, recon, penetration-testing, pentesting, bugbounty
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+110.7%)
Mutual labels:  scanner, penetration-testing, bug-bounty, infosec, pentesting, bugbounty
Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+100.12%)
Mutual labels:  osint, reconnaissance, information-gathering, security-tools, infosec, pentesting
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-85.2%)
Mutual labels:  security-tools, scanner, bug-bounty, infosec, pentesting, bugbounty
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-94.48%)
Mutual labels:  security-tools, reconnaissance, recon, penetration-testing, bug-bounty, bugbounty
Discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (-25.91%)
Mutual labels:  osint, reconnaissance, recon, information-gathering, penetration-testing, scanning
aquatone
A Tool for Domain Flyovers
Stars: ✭ 43 (-98.75%)
Mutual labels:  osint, penetration-testing, bug-bounty, infosec, bugbounty, reconnaissance
flydns
Related subdomains finder
Stars: ✭ 29 (-99.16%)
Mutual labels:  osint, bug-bounty, infosec, recon, bugbounty, reconnaissance
Vajra
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: ✭ 269 (-92.18%)
Mutual labels:  osint, scanner, recon, information-gathering, bug-bounty, pentesting
Scilla
🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (-96.63%)
Mutual labels:  security-tools, reconnaissance, recon, information-gathering, penetration-testing, pentesting
Favfreak
Making Favicon.ico based Recon Great again !
Stars: ✭ 564 (-83.6%)
Mutual labels:  osint, reconnaissance, recon, information-gathering, bugbounty
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (-84.27%)
Mutual labels:  osint, reconnaissance, recon, pentesting, bugbounty
Git Hound
Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
Stars: ✭ 602 (-82.49%)
Mutual labels:  osint, security-tools, reconnaissance, recon, bug-bounty
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-94.71%)
Mutual labels:  security-tools, penetration-testing, infosec, pentesting, bugbounty
Social Analyzer
API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
Stars: ✭ 8,449 (+145.68%)
Mutual labels:  osint, reconnaissance, information-gathering, security-tools, pentesting
Sn0int
Semi-automatic OSINT framework and package manager
Stars: ✭ 814 (-76.33%)
Mutual labels:  osint, reconnaissance, recon, bug-bounty, pentesting
Spaces Finder
A tool to hunt for publicly accessible DigitalOcean Spaces
Stars: ✭ 122 (-96.45%)
Mutual labels:  osint, reconnaissance, recon, infosec, pentesting
Oscp Prep
my oscp prep collection
Stars: ✭ 105 (-96.95%)
Mutual labels:  osint, scanner, recon, penetration-testing, pentesting

reNgine Latest Version License reNgine Issues   

   

  

 

An automated reconnaissance framework for web applications with focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by database and simple yet intuitive User Interface.

reNgine makes is easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Dashboard Scan Results

-----------------------------------------------------

reNgine Documentation · What's new · Contribute · Report Bug · Request Feature

-----------------------------------------------------

Table of Contents

-----------------------------------------------------

About reNgine

-----------------------------------------------------

reNgine is an automated reconnaissance framework with a focus on a highly configurable streamlined recon process. reNgine is backed by a database, with data correlation and organization, the custom query “like” language for recon data filtering, reNgine aims to address the shortcomings of traditional recon workflow. Developers behind the reNgine understand that recon data can be huge, manually looking up for entries to attack could be cumbersome, with features like Auto Interesting Subdomains discovery, reNgine automatically identifies interesting subdomains to attack based on certain keywords (both built-in and custom) and helps penetration testers focus on attack rather than recon.

reNgine is also focused on continuous monitoring. Penetration testers can choose to schedule the scan at periodic intervals, get notified on notification channels like Discord, Slack, and Telegram for any new subdomains or vulnerabilities identified, or any recon data changes.

Interoperability is something every recon tool needs, and reNgine is no different. Beginning reNgine 1.0, we additionally developed features such as import and export subdomains, endpoints, GF pattern matched endpoints, etc. This will allow you to use your favourite recon workflow in conjunction with reNgine.

reNgine features Highly configurable scan engines based on YAML, that allows penetration testers to create as many recon engines as they want of their choice, configure as they wish, and use it against any targets for the scan. These engines allow penetration testers to use tools of their choice, the configuration of their choice. Out of the box, reNgine comes with several scan engines like Full Scan, Passive Scan, Screenshot gathering, OSINT Engine, etc.

Our focus has always been on finding the right recon data with very minimal effort. While having a discussion with fellow hackers/pentesters, screenshots gallery was a must, reNgine 1.0 also comes with a screenshot gallery, and what's exciting than having a screenshot gallery with filters, filter screenshots with HTTP status, technology, ports, and services.

We also want our fellow hackers to stay ahead of the game, reNgine 1.0 introduces automatic vulnerability reporting (currently only Hackerone is supported, other platforms may come soon). This allows hackers to define their own vulnerability report template and reNgine will do the rest of the job to report vulnerability as soon as it is identified.

-----------------------------------------------------

Features

  • Perform Recon: Subdomain Discovery, Ports Discovery, Endpoints Discovery, Directory Bruteforce, Screenshot gathering
  • IP Discovery, CNAME discovery, Vulnerability scan using Nuclei
  • Ability to Automatically report Vulnerabilities to Hackerone
  • Support for Parallel Scans
  • Recon Data visualization
  • Highly configurable scan engines
  • OSINT Capabilities (Metainfo Gathering, Employees Gathering, Email Address with option to look password in leaked database, dorks etc)
  • Customizable Alerts/Notification on Slack, Discord and Telegram
  • Perform Advanced Query lookup using natural language alike and, or, not operations
  • Support for Recon Notes and Todos
  • Support for Clocked Scans (Run reconnaissance exactly at X Hours and Y minutes) and Periodic Scans (Runs reconnaissance every X minutes/hours/days/week)
  • Proxy Support
  • Screenshot Gallery with Filters
  • Powerful recon data filtering with auto suggestions
  • Recon Data changes, finds new/removed subdomains/endpoints
  • Support for tagging targets into Organization
  • Ability to identify Interesting Subdomains
  • Support for custom GF patterns and custom Nuclei Templates
  • Support for editing tool related configuration files (Nuclei, Subfinder, Naabu, amass)
  • Ability to Mark Important Subdomains
  • Interoperable with other tools, Import/Export Subdomains/Endpoints
  • Option to send scan data directly to discord

-----------------------------------------------------

Documentation

You can find reNgine documentation at https://rengine.wiki

Screenshots

General Usage

Dark Mode

Recon Data filtering

Other Screenshots (Click to Expand!)

Auto Report Vulnerability to hackerone with customizable vulnerability report template

Report Vulnerability Manually

Customizable Notification

Tagging Organization

Recon data Visualization

Upload custom GF and Nuclei patterns, with option to edit tool configuration

Recon TODO

-----------------------------------------------------

Changelog

You can watch reNgine 1.0 release trailer here. (Recommended)

Please find the latest release notes and changelog here.

-----------------------------------------------------

Quick Installation

(Only Ubuntu/VPS)

  1. Clone this repo
git clone https://github.com/yogeshojha/rengine && cd rengine
  1. Edit the dotenv file, please make sure to change the password for postgresql POSTGRES_PASSWORD !
nano .env
  1. Run the installation script, Please keep an eye for any prompt, you will also be asked for username and password for reNgine.
sudo ./install.sh

if ./install.sh does not have install permission, please change it, chmod +x install.sh

reNgine can now be accessed from https://127.0.0.1 or if you're on the VPS https://your_vps_ip_address

Installation (Mac/Windows/Other)

Installation instructions can be found at https://reNgine.wiki

reNgine Bug Bounty Program

huntr

Security Researchers, welcome onboard! I am excited to announce bug bounty program for reNgine in collaboration with huntr.dev, this means you'll be rewarded for any security vulnerabilities discovered in reNgine.

Thank you for your interest in reporting vulnerabilities to reNgine! If you are aware of potential security vulnerabilities within reNgine, we encourage you to report immediately via huntr.dev

Please do not disclose any vulnerabilities via Github Issues/Blogs/Tweets after/before reporting on huntr.dev as it is explicitly against huntr.dev and reNgine disclosure policy and will not be eligible for monetary rewards.

Please note that the maintainer of reNgine does not determine the bounty amount. The bounty reward is determined by industry-first equation from huntr.dev to understand the popularity, impact and value of repositories to the open source community.

What do I expect from security researchers?

  • Patience: Please note that currently I am the only maintainer in reNgine and will take sometime to validate your report. I request your patience throughout the process.
  • Respect Privacy and Security Reports: Please do not disclose any vulnerabilities in public (this also includes github issues) before or after reporting on huntr.dev! That is against the disclosure policy and will not be eligible for monetary rewards.
  • Respect the rules

What do you get in return?

  • Much thanks from Maintainer
  • Monetary Rewards
  • CVE ID(s)

Please find the FAQ and Responsible disclosure policy from huntr.dev.

-----------------------------------------------------

Contributing

Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated. Your contributions could be as simple as fixing the indentations or fixing UI to as complex as bringing new modules and features.

See contributing guide to get started.

You can also join our discord channel #development for any development related queries.

-----------------------------------------------------

First-time Open Source contributors

Please note that reNgine is beginner-friendly. If you have never done any open-source yet, we encourage you to do so. We will be happy and proud of your first PR ever.

You can begin with resolving any open issues.

-----------------------------------------------------

reNgine Support

Please do not raise any github issues for support requests. Instead, join our discord channel #support

-----------------------------------------------------

Related Projects

There are many other great reconnaissance frameworks, you may use reNgine in conjunction with these tools. But, they themselves are great, and may sometimes even produce better results than reNgine.

-----------------------------------------------------

Support and Sponsoring

If reNgine has helped you in any way, and you love this project and/or support active development of reNgine, please consider any of these options:

  • Add a GitHub Star to the project.
  • Tweet about this project, or maybe blogs?
  • Sponsor financially via Github or Paypal. https://paypal.me/yogeshojha11
  • Join DigitalOcean using my referral link your profit is $100 and I get $25 DO credit. This will help me test reNgine on VPS before I release any major features. ps. Please consider running reNgine/any recon on VPS!
  • If you are looking for Proxies, please use this referral link to purchase. Or you can also use coupon rengine here on PrivateProxy, using coupon rengine, you'll get additional 25% off.

Together, we can make reNgine better every day!

-----------------------------------------------------

Acknowledgements and Credits

reNgine would not have been possible without the following individuals/organizations. Thanks to these amazing devs/hackers!

  • Project Discovery
    • nuclei, httpx, naabu, subfinder
  • Tom Hudson
    • gf, assetfinder, waybackurls, unfurl
  • OWASP
    • amass
  • Ahmed Aboul-Ela
    • Sublist3r
  • Mauro Soria
    • dirsearch
  • Corben Leo
    • gau
  • Luke Stephens
    • hakrawler
  • Jaeles Project
    • gospider
  • Jing Ling
    • OneForAll
  • FortyNorthSecurity
    • EyeWitness
  • Christian Martorella
    • theHarvester
  • Davidtavarez
    • pwndb
  • Deepseagirl
    • degoogle
  • Josué Encinar
    • Metafinder, Emailfinder
  • Bp0lr
    • gauplus
  • Nicolas Crocfer
    • whatportis
  • Helmut Wandl
    • Gridzy.js
reNgine official Icon is made by Freepik from www.flaticon.com

-----------------------------------------------------

License

Distributed under the GNU GPL v3 License. See LICENSE for more information.

-----------------------------------------------------

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].