-
Notifications
You must be signed in to change notification settings - Fork 12
Home
reNgine-ng is your go-to web application reconnaissance suite that's designed to simplify and streamline the reconnaissance process for security professionals, penetration testers, and bug bounty hunters. With its highly configurable engines, data correlation capabilities, continuous monitoring, database-backed reconnaissance data, and an intuitive user interface, reNgine-ng redefines how you gather critical information about your target web applications.
Traditional reconnaissance tools often fall short in terms of configurability and efficiency. reNgine-ng addresses these shortcomings and emerges as a excellent alternative to existing commercial tools.
reNgine-ng was created to address the limitations of traditional reconnaissance tools and provide a better alternative, even surpassing some commercial offerings. Whether you're a bug bounty hunter, a penetration tester, or a corporate security team, reNgine-ng is your go-to solution for automating and enhancing your information-gathering efforts.
reNgine-ng is not an ordinary reconnaissance suite; it's a game-changer! With the 2.0 release we've turbocharged the traditional workflow with groundbreaking features that is sure to ease your reconnaissance game. reNgine-ng redefines the art of reconnaissance!
reNgine-ng is packed with features that no any open other source tool provides. Here are some list of cool features supported by reNgine-ng:
- Reconnaissance:
- Subdomain Discovery
- IP and Open Ports Identification
- Endpoints Discovery
- Directory/Files fuzzing
- Screenshot Gathering
- Vulnerability Scan
- Nuclei
- Dalfox XSS Scanner
- CRLFuzzer
- Misconfigured S3 Scanner
- WHOIS Identification
- WAF Detection
- OSINT Capabilities
- Meta info Gathering
- Employees Gathering
- Email Address gathering
- Google Dorking for sensitive info and urls
- Projects, create distinct project spaces, each tailored to a specific purpose, such as personal bug bounty hunting, client engagements, or any other specialized recon task.
- Perform Advanced Query lookup using natural language alike and, or, not operations
- Highly configurable YAML-based Scan Engines
- Support for Parallel Scans
- Support for Subscans
- Recon Data visualization
- GPT Vulnerability Description, Impact and Remediation generation
- GPT Attack Surface Generator
- Multiple Roles and Permissions to cater a team's need
- Customizable Alerts/Notifications on Slack, Discord, and Telegram
- Automatically report Vulnerabilities to HackerOne
- Recon Notes and Todos
- Clocked Scans (Run reconnaissance exactly at X Hours and Y minutes) and Periodic Scans (Runs reconnaissance every X minutes/- hours/days/week)
- Proxy Support
- Screenshot Gallery with Filters
- Powerful recon data filtering with autosuggestions
- Recon Data changes, find new/removed subdomains/endpoints
- Tag targets into the Organization
- Smart Duplicate endpoint removal based on page title and content length to cleanup the reconnaissance data
- Identify Interesting Subdomains
- Custom GF patterns and custom Nuclei Templates
- Edit tool-related configuration files (Nuclei, Subfinder, Naabu, amass)
- Add external tools from Github/Go
- Interoperable with other tools, Import/Export Subdomains/Endpoints
- Import Targets via IP and/or CIDRs
- Report Generation
- Toolbox: Comes bundled with most commonly used tools during penetration testing such as whois lookup, CMS detector, CVE lookup, etc.
- Identification of related domains and related TLDs for targets
- Find actionable insights such as Most Common Vulnerability, Most Common CVE ID, Most Vulnerable Target/Subdomain, etc.
-
If this is your first time visiting reNgine-ng, here is a guide on 🚀 Getting Started .
-
If are already using reNgine-ng and wish to Update/Upgrade, head to 🔥 Update .
If have already installed reNgine-ng, and want to learn how to use, head to ⚡ Usage.
If you wish to add new features or want to contribute to reNgine-ng, head to Developer's Guide
If ⚡ Usage documentation is not sufficient, and you still need help, head to 💁 Discord section. This section contains instructions on how to join reNgine-ng discord server.
Community may have published blogs/videos on your own language. Please check the community published blogs/videos here.
If you have found any security issues on reNgine-ng, we recommend reporting them immediately on Discord by joining an admin.
Caution
Please do not disclose any security vulnerabilities on Github issues.
Guide on How to report security issues is available.
If you want to know the latest changes in reNgine-ng, head to 🤖 Changelog.
reNgine-ng is licensed under the GNU General Public License v3.0
- Home - Introduction to reNgine-ng with workflows and features
- Installation - Install reNgine-ng in different ways
- Usage - Common usage and best practices
- Backup-Restore - Backup and restore reNgine-ng easily
- Dependencies - Information about used third-party libraries and tools
- Security - Security best practices and reporting issues
- Support - Troubleshooting guide and common issues
- Changelog - Complete changelog
- Community - Get help on social networks
- Contributing - How to contribute to the project
- Presentations - Materials regarding reNgine presented at conferences
- Screenshots - Collection of screenshots demonstrating features