Home
reNgine NG is your go-to web application reconnaissance suite that's designed to simplify and streamline the reconnaissance process for security professionals, penetration testers, and bug bounty hunters. With its highly configurable engines, data correlation capabilities, continuous monitoring, database-backed reconnaissance data, and an intuitive user interface, reNgine NG redefines how you gather critical information about your target web applications.
Traditional reconnaissance tools often fall short in terms of configurability and efficiency. reNgine NG addresses these shortcomings and emerges as a excellent alternative to existing commercial tools.
reNgine NG was created to address the limitations of traditional reconnaissance tools and provide a better alternative, even surpassing some commercial offerings. Whether you're a bug bounty hunter, a penetration tester, or a corporate security team, reNgine NG is your go-to solution for automating and enhancing your information-gathering efforts.
reNgine NG is not an ordinary reconnaissance suite; it's a game-changer! With the 2.0 release we've turbocharged the traditional workflow with groundbreaking features that is sure to ease your reconnaissance game. reNgine NG redefines the art of reconnaissance!
reNgine NG is packed with features that no any open other source tool provides. Here are some list of cool features supported by reNgine NG:
- Reconnaissance:
- Subdomain Discovery
- IP and Open Ports Identification
- Endpoints Discovery
- Directory/Files fuzzing
- Screenshot Gathering
- Vulnerability Scan
- Nuclei
- Dalfox XSS Scanner
- CRLFuzzer
- Misconfigured S3 Scanner
- WHOIS Identification
- WAF Detection
- OSINT Capabilities
- Meta info Gathering
- Employees Gathering
- Email Address gathering
- Google Dorking for sensitive info and urls
- Projects, create distinct project spaces, each tailored to a specific purpose, such as personal bug bounty hunting, client engagements, or any other specialized recon task.
- Perform Advanced Query lookup using natural language alike and, or, not operations
- Highly configurable YAML-based Scan Engines
- Support for Parallel Scans
- Support for Subscans
- Recon Data visualization
- GPT Vulnerability Description, Impact and Remediation generation
- GPT Attack Surface Generator
- Multiple Roles and Permissions to cater a team's need
- Customizable Alerts/Notifications on Slack, Discord, and Telegram
- Automatically report Vulnerabilities to HackerOne
- Recon Notes and Todos
- Clocked Scans (Run reconnaissance exactly at X Hours and Y minutes) and Periodic Scans (Runs reconnaissance every X minutes/- hours/days/week)
- Proxy Support
- Screenshot Gallery with Filters
- Powerful recon data filtering with autosuggestions
- Recon Data changes, find new/removed subdomains/endpoints
- Tag targets into the Organization
- Smart Duplicate endpoint removal based on page title and content length to cleanup the reconnaissance data
- Identify Interesting Subdomains
- Custom GF patterns and custom Nuclei Templates
- Edit tool-related configuration files (Nuclei, Subfinder, Naabu, amass)
- Add external tools from Github/Go
- Interoperable with other tools, Import/Export Subdomains/Endpoints
- Import Targets via IP and/or CIDRs
- Report Generation
- Toolbox: Comes bundled with most commonly used tools during penetration testing such as whois lookup, CMS detector, CVE lookup, etc.
- Identification of related domains and related TLDs for targets
- Find actionable insights such as Most Common Vulnerability, Most Common CVE ID, Most Vulnerable Target/Subdomain, etc.
-
If this is your first time visiting reNgine NG, here is a guide on 🚀 Getting Started .
-
If are already using reNgine NG and wish to Update/Upgrade, head to 🔥 Update .
If have already installed reNgine NG, and want to learn how to use, head to ⚡ Usage.
If you wish to add new features or want to contribute to reNgine NG, head to Developer's Guide
If ⚡ Usage documentation is not sufficient, and you still need help, head to 💁 Discord section. This section contains instructions on how to join reNgine NG discord server.
Community may have published blogs/videos on your own language. Please check the community published blogs/videos here.
If you have found any security issues on reNgine NG, we recommend reporting them immediately on Discord by joining an admin.
Caution
Please do not disclose any security vulnerabilities on Github issues.
Guide on How to report security issues is available.
If you want to know the latest changes in reNgine NG, head to 🤖 Changelog.
reNgine NG is licensed under the GNU General Public License v3.0