reNgine 1.3.3

Fix #732, Upgraded Go to 1.1.8.2

reNgine 1.3.2

Fixes for

• #683 For Filtering GF tags
• #669 Where Directory UI had to be collapsed

reNgine 1.3.1

Fixes

• Fix for #643 Downloading issue for Subdomain and Endpoints
• Fix for #627 Too many Targets cause issues while loading data table
• Fix the version Numbering issue

reNgine 1.3.0

1.3.0

Release Date: July 11, 2022

Added

• Geographic Distribution of Assets Map
• Added WAF Detector as an optional tool in Scan Engine

Fixes

• WHOIS Provider Changed
• Fixed Dark UI Issues
• Fix HTTPX Issue with custom Header

reNgine 1.2.0

1.2.0

Release Date: May 30, 2022

Added

• Naabu Exclude CDN Port Scanning
• Added WAF Detection

Fixes

• Fix #630 Character Name too Long Issue
• [Security] Fixed several instances of Command Injections, CVE-2022-28995, CVE-2022-1813
• Hakrawler Fixed - #623
• Fixed XSS on Hackerone report via Markdown
• Fixed XSS on Import Target using malicious filename
• Stop Scan Fixed #561
• Fix installation issue due to missing curl
• Updated docker-compose version

reNgine 1.1.0

🏷️ 1.1 [Current Release]

Release Date: Apr 24, 2022

• Redeigned UI

• Added Subscan Feature

  Subscan allows further scanning any subdomains. Assume from a normal recon process you identified a subdomain that you wish to do port scan. Earlier, you had to add that subdomain as a target. Now you can just select the subdomain and initiate subscan.

• Ability to Download reconnaissance or vulnerability report

• Added option to customize report, customization includes the look and feel of report, executive summary etc.

• Add IP Address from IP

• WHOIS Addition on Detail Scan and fetch whois automatically on Adding Single Targets

• Universal Search Box

• Addition of Quick Add menus

• Added ToolBox Feature

  ToolBox will feature most commonly used recon tools. One can use these tools to identify whois, CMSDetection etc without adding targets. Currently, Whois, CMSDetector and CVE ID lookup is supported. More tools to follow up.

• Notify New Releases on reNgine if available

• Tools Arsenal Section to feature preinstalled and custom tools

• Ability to Update preinstalled tools from Tools Arsenal Section

• Ability to download/add custom tools

• Added option for Custom Header on Scan Engine

• Added CVE_ID, CWE_ID, CVSS Score, CVSS Metrics on Vulnerability Section, this also includes lookup using cve_id, cwe_id, cvss_score etc

• Added curl command and references on Vulnerability Section

• Added Columns Filtering Option on Subdomain, Vulnerability and Endpoints Tables

• Added Error Handling for Failed Scans, reason for failure scan will be displayed

• Added Related Domains using WHOIS

• Added Related TLDs

• Added HTTP Status Breakdown Widget

• Added CMS Detector

• Updated Visualization

• Option to Download Selected Subdomains

• Added additional Nuclei Templates from https://github.com/geeknik/the-nuclei-templates

• Added SSRF check from Nagli Nuclei Template

• Added option to fetch CVE_ID details

• Added option to Delete Multiple Scans

• Added ffuf as Directory and Files fuzzer

• Added widgets such as Most vulnerable Targets, Most Common Vulnerabilities, Most Common CVE IDs, Most Common CWE IDs, Most Common Vulnerability Tags

And more...

Minor Bug Fixes on Scheduler 1.0.2

What's Changed

• Fixed OSINT Crash Issue
• Fixed Celery Scheduling Issue

Full Changelog: v1.0.1...v1.0.2

v1.0.1 Minor Bug Fixes

Changelog

• Fixed #482 Endpoints and Vulnerability Datatable were showing results of other targets due to the scan_id parameter
• Fixed #479 where the scan was failing due to recent httpx release, change was in the JSON output
• Fixed #476 where users were unable to click on Clocked Scan (Reported only on Firefox)
• Fixed #442 where an extra slash was added in Directory URLs
• Fixed #337 where users were unable to link custom wordlist
• Fixed #436, Checkbox in Notification Settings were not working due to same name attribute, now fixed
• Fixed #439, Hakrawler crashed if the deep mode was activated due to -plain flag
• Fixed #437, If Out of Scope subdomains were supplied, the scan was failing due to None value
• Fixed #424, Multiple Targets couldn't be scanned

Improvements

• Enhanced install script, check for if docker is running service or not #468

Security

• Fixed Cross Site Scripting - #460 #457 #454 #453 #459 #460
• Fixed Cross Site Scripting reported on Huntr #478 https://www.huntr.dev/bounties/ac07ae2a-1335-4dca-8d55-64adf720bafb/

Release v0.1

Merge pull request #423 from yogeshojha/release/major-1.0

Release/major 1.0

Rengine V0.5 Release with Nuclei Integration

++Nuclei Integration: v0.5 is primarily focused on vulnerability scanner using Nuclei. This was a long pending due and we've finally integrated it.

++Powerful search queries across endpoints, subdomains and vulnerability scan results: reNgine reconnaissance data can now be queried using operators like <,>,&,| and !, namely greater than, less than, and, or, and not. This is extremely useful in querying the recon data. More details can be found at Instructions to perform Queries on Recon data

++Out of scope options: Many of you have been asking for out of scope option. Thanks to Valerio Brussani for his pull request which made it possible for out of scope options. Please check the documentation on how to define out of scope options.

++Official Documentation(WIP): We often get asked on how to use reNgine. For long, we had no official documentation. Finally, I've worked on it and we have the official documentation at rengine.wiki

The documentation is divided into two parts, for Developers and for Penetration Testers. For developers, it's a work in progress. I will keep you all updated throughout the process.

++Redefined Dashboard: We've also made some changes in the Dashboard. The additions include vulnerability scan results, most vulnerable targets, most common vulnerabilities.

++Global Search: This feature has been one of the most requested features for reNgine. Now you can search all the subdomains, endpoints, and vulnerabilities.

++OneForAll Support: reNgine now supports OneForAll for subdomain discovery, it is currently in beta. I am working on how to integrate OneForAll APIKeys and Configuration files.

++Configuration Support for subfinder: You will now have ability to add configurations for subfinder as well.

++Timeout option for aquatone: We added timeout options in yaml configuration as a lot of screenshots were missing. You can now define timeout for http, scan and screenshots for timeout in milliseconds.

++Design Changes A lot of design changes has happened in reNgine. Some of which are:

Endpoints Results and Vulnerability Scan Results are now displayed as a separate page, this is to separate the results and decrease the page load time.
Checkbox next to Subdomains and Vulnerability report list to change the status, this allows you to mark all subdomains and vulnerabilities that you've already completed working on.
Sometimes due to timeout, aquatone was skipping the screenshots and due to that, navigations between screenshots was little annoying. We have fixed it as well.
Ability to delete multiple targets and initiate multiple scans.
--Subdomain Takeover: As we decided to use Nuclei for Vulnerability Scanner, and also, since Subjack wasn't giving enough results, I decided to remove Subjack. The subdomain Takeover will now be part of Nuclei Vulnerability Scanner.

With this PR, the following Issues or Feature requests are closed
#97 #151 #214 #213 #204 #162 #156 #153 #267 #256 #243 #272 Closed