Rengine Versions Save

What's Changed

• Fix celery unable to load apps

What's Changed

• Fix various ffuf bugs by @yarysp in https://github.com/yogeshojha/rengine/pull/1199
• Set and update default YAML config with all latest vars by @yarysp in https://github.com/yogeshojha/rengine/pull/1200
• Add checks for placeholder in custom tool task by @yarysp in https://github.com/yogeshojha/rengine/pull/1201
• Whatportis - Replace purge by truncate to prevent port import error by @yarysp in https://github.com/yogeshojha/rengine/pull/1203
• ops(installation): fix nano not being installed when absent by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1143
• Fix uninitialised variable cmd in custom_subdomain_tools by @cpandya2909 in https://github.com/yogeshojha/rengine/pull/1207
• [FIX] security: OS Command Injection vulnerability (x2) #1219 by @0xtejas in https://github.com/yogeshojha/rengine/pull/1227
• Update README.md | Fixed 1 broken link to the regine.wiki by @jostasik in https://github.com/yogeshojha/rengine/pull/1226

New Contributors :rocket:

• @yarysp made their first contribution in https://github.com/yogeshojha/rengine/pull/1199
• @jostasik made their first contribution in https://github.com/yogeshojha/rengine/pull/1226
• @cpandya2909 made their first contribution in https://github.com/yogeshojha/rengine/pull/1207
• @0xtejas made their first contribution in https://github.com/yogeshojha/rengine/pull/1227

Full Changelog: https://github.com/yogeshojha/rengine/compare/v2.0.3...v2.0.4

Bug Fixes

What's Changed

• CI: update GitHub action versions by @jxdv in https://github.com/yogeshojha/rengine/pull/1136
• Fixed (subdomain_discovery | ERROR | local variable 'use_amass_config' referenced before assignment) by @Deathpoolxrs in https://github.com/yogeshojha/rengine/pull/1149
• chore: update LICENSE by @jxdv in https://github.com/yogeshojha/rengine/pull/1153
• Fix subdomains list empty in Target by @psyray in https://github.com/yogeshojha/rengine/pull/1166
• Fix top menu text overflow in low resolution by @psyray in https://github.com/yogeshojha/rengine/pull/1167
• Update auto comment workflow due to deprecation warnings by @ErdemOzgen in https://github.com/yogeshojha/rengine/pull/1126
• Change Redirect URL after login to prevent 500 error by @psyray in https://github.com/yogeshojha/rengine/pull/1124
• fix-1030: Add missing slug on target summary link by @psyray in https://github.com/yogeshojha/rengine/pull/1123

New Contributors

• @Deathpoolxrs made their first contribution in https://github.com/yogeshojha/rengine/pull/1149
• @ErdemOzgen made their first contribution in https://github.com/yogeshojha/rengine/pull/1126

Full Changelog: https://github.com/yogeshojha/rengine/compare/v2.0.2...v2.0.3

What's Changed

• Added tooltip text to dashboard total vulnerabilities tooltip by @luizmlo in https://github.com/yogeshojha/rengine/pull/1029
• ops(uninstall.sh): add missing volumes and echo messages by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/977
• Fix no results in target subdomain list by @psyray in https://github.com/yogeshojha/rengine/pull/1036
• Fix Tool Settings Broken Link by @aqhmal in https://github.com/yogeshojha/rengine/pull/1021
• Fix subdomains list empty in Target by @psyray in https://github.com/yogeshojha/rengine/pull/1053
• Raise page limit to 500 for popup list by @psyray in https://github.com/yogeshojha/rengine/pull/1051
• Add directories count on Directories list by @psyray in https://github.com/yogeshojha/rengine/pull/1050
• ops(docker-compose): upgrade to 2.23.0 by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1023
• Fix endpoints list and count by @psyray in https://github.com/yogeshojha/rengine/pull/1041
• Fix failing visualization when dorks are present by @psyray in https://github.com/yogeshojha/rengine/pull/1045
• Fix note not saving by @psyray in https://github.com/yogeshojha/rengine/pull/1047
• Count only not done todos in subdomains list by @psyray in https://github.com/yogeshojha/rengine/pull/1048
• Fix user agent definition keyword by @psyray in https://github.com/yogeshojha/rengine/pull/1054
• Upgrade project discovery tool at CT build by @psyray in https://github.com/yogeshojha/rengine/pull/1055
• Add a check to not load datatables twice by @psyray in https://github.com/yogeshojha/rengine/pull/1039
• Nmap port scan fails when Naabu return no port by @psyray in https://github.com/yogeshojha/rengine/pull/1067
• chore(issue-templates): incorrect label name by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1066
• Endpoints list popup empty by @psyray in https://github.com/yogeshojha/rengine/pull/1070
• Add missing domain id value in subscan by @psyray in https://github.com/yogeshojha/rengine/pull/1069
• Fixes for #1033, #1026, #1027 by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1071
• Temporary fix to prevent celery beat crash by @psyray in https://github.com/yogeshojha/rengine/pull/1072
• fix: ffuf ANSI code processing preventing task to finish by @ocervell in https://github.com/yogeshojha/rengine/pull/1058
• Update views.py by @Vijayragha1 in https://github.com/yogeshojha/rengine/pull/1074
• Fix crash on saving endpoint (FFUF related only) by @psyray in https://github.com/yogeshojha/rengine/pull/1063
• chore(issue-templates): fix incorrect description by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1078
• IOError -> OSError by @jxdv in https://github.com/yogeshojha/rengine/pull/1081
• Add directories count on Directories list by @psyray in https://github.com/yogeshojha/rengine/pull/1090
• chore(issue-template): don't allow blank issues by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1089
• Fix bad nuclei config name by @psyray in https://github.com/yogeshojha/rengine/pull/1098
• disallow empty password by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1105
• fix attribute error on scan history #1103 by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1104
• issue-633: added already-in-org filter to target dropdown in org form by @SeanOverton in https://github.com/yogeshojha/rengine/pull/1106
• Update Dockerfile to fix silicon incompatability by @SubGlitch1 in https://github.com/yogeshojha/rengine/pull/1107
• Add source for nmap scan by @psyray in https://github.com/yogeshojha/rengine/pull/1108
• Spelling mistake in hackerone.html by @Linuxinet in https://github.com/yogeshojha/rengine/pull/1112
• fix(version): incorrect number in art by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1111
• Fix report generation when Ignore Informational Vulnerabilities checked by @psyray in https://github.com/yogeshojha/rengine/pull/1100
• fix(tool_arsenal): incorrect regex version numbers by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1086

New Contributors

• @luizmlo made their first contribution in https://github.com/yogeshojha/rengine/pull/1029 :partying_face:
• @aqhmal made their first contribution in https://github.com/yogeshojha/rengine/pull/1021 :partying_face:
• @C0wnuts made their first contribution in https://github.com/yogeshojha/rengine/pull/973 :partying_face:
• @ocervell made their first contribution in https://github.com/yogeshojha/rengine/pull/1058 :partying_face:
• @Vijayragha1 made their first contribution in https://github.com/yogeshojha/rengine/pull/1074 :partying_face:
• @jxdv made their first contribution in https://github.com/yogeshojha/rengine/pull/1081 :partying_face:
• @SeanOverton made their first contribution in https://github.com/yogeshojha/rengine/pull/1106 :partying_face:
• @SubGlitch1 made their first contribution in https://github.com/yogeshojha/rengine/pull/1107 :partying_face:
• @Linuxinet made their first contribution in https://github.com/yogeshojha/rengine/pull/1112 :partying_face:

Full Changelog: https://github.com/yogeshojha/rengine/compare/v2.0.1...v2.0.2

Once again excellent work on reNgine v2.0.2 by @AnonymousWP, @psyray, @ocervell and everybody else! :rocket:

2.0.1 fixes a ton of issues in reNgine 2.0.

Fixes:

1. Prevent duplicating Nuclei vulns for subdomain #1012 @psyray
2. Fixes for empty subdomain returned during nuclei scan #1011 @psyray
3. Add all the missing slug in scanEngine view & other places #1005 @psyray
4. Foxes for missing vulscan script #1004 @psyray
5. Fixes for missing slug in report settings saving #1003
6. Fixes for Nmap Parsing Error #1001 #1002 @psyray
7. Fix nmap script ports iterable args #1000 @psyray
8. Iterate over hostnames when multiple #1002 @psyray
9. Gau install #998, change gauplus to gau @psyray
10. Add missing slug parameter in schedule scan #996 @psyray
11. Add missing slug parameter in schedule scan #996, fixes #940, #937, #897, #764 @psyray
12. Add stack trace into make logs if DEBUG True #994 @psyray
13. Fix dirfuzz base64 name display #993 #992 @psyray
14. Fix target subdomains list not loading #991 @psyray
15. Change WORDLIST constant value #987, fixes #986@psyray
16. fix(notification_settings): submitting results in error 502 #981 fixes #970 @psyray
17. Fixes with documentation and installation/update/uninstall scripts @anonymousWP
18. Fix file directory popup not showing in detailed scan #912 @psyray

@AnonymousWP and @psyray have been phenomenal in fixing these bugs. Thanks to both of you! :heart: :rocket:

Added

• Projects: Projects allow you to efficiently organize their web application reconnaissance efforts. With this feature, you can create distinct project spaces, each tailored to a specific purpose, such as personal bug bounty hunting, client engagements, or any other specialized recon task.
• Roles and Permissions: assign distinct roles to your team members: Sys Admin, Penetration Tester, and Auditor—each with precisely defined permissions to tailor their access and actions within the reNgine ecosystem.
• GPT-powered Report Generation: With the power of OpenAI's GPT, reNgine now provides you with detailed vulnerability descriptions, remediation strategies, and impact assessments.
• API Vault: This feature allows you to organize your API keys such as OpenAI or Netlas API keys.
• GPT-powered Attack Surface Generation
• URL gathering now is much more efficient, removing duplicate endpoints based on similar HTTP Responses, having the same content_lenth, or page_title. Custom duplicate fields can also be set from the scan engine configuration.
• URL Path filtering while initiating scan: For instance, if we want to scan only endpoints starting with https://example.com/start/, we can pass the /start as a path filter while starting the scan. @ocervell
• Expanding Target Concept: reNgine 2.0 now accepts IPs, URLS, etc as targets. (#678, #658) Excellent work by @ocervell
• A ton of refactoring on reNgine's core to improve scan efficiency. Massive kudos to @ocervell
• Created a custom celery workflow to be able to run several tasks in parallel that are not dependent on each other, such OSINT task and subdomain discovery will run in parallel, and directory and file fuzzing, vulnerability scan, screenshot gathering etc. will run in parallel after port scan or url fetching is completed. This will increase the efficiency of scans and instead of having one long flow of tasks, they can run independently on their own. @ocervell
• Refactored all tasks to run asynchronously @ocervell
• Added a stream_command that allows to read the output of a command live: this means the UI is updated with results while the command runs and does not have to wait until the task completes. Excellent work by @ocervell
• Pwndb is now replaced by h8mail. @ocervell
• Group Scan Results: reNgine 2.0 allows to group of subdomains based on similar page titles and HTTP status, and also vulnerability grouping based on the same vulnerability title and severity.
• Added Support for Nmap: reNgine 2.0 allows to run Nmap scripts and vuln scans on ports found by Naabu. @ocervell
• Added support for Shared Scan Variables in Scan Engine Configuration:
  • enable_http_crawl: (true/false) You can disable it to be more stealthy or focus on something different than HTTP
  • timeout: set timeout for all tasks
  • rate_limit: set rate limit for all tasks
  • retries: set retries for all tasks
  • custom_header: set the custom header for all tasks
• Added Dalfox for XSS Vulnerability Scan
• Added CRLFuzz for CRLF Vulnerability Scan
• Added S3Scanner for scanning misconfigured S3 buckets
• Improve OSINT Dork results, now detects admin panels, login pages and dashboards
• Added Custom Dorks
• Improved UI for vulnerability results, clicking on each vulnerability will open up a sidebar with vulnerability details.
• Added HTTP Request and Response in vulnerability Results
• Under Admin Settings, added an option to allow add/remove/deactivate additional users
• Added Option to Preview Scan Report instead of forcing to download
• Added Katana for crawling and spidering URLs
• Added Netlas for Whois and subdomain gathering
• Added TLSX for subdomain gathering
• Added CTFR for subdomain gathering
• Added historical IP in whois section

Fixes

• GF patterns do not run on 404 endpoints (#574 closed)
• Fixes for retrieving whois data (#693 closed)
• Related/Associated Domains in Whois section is now fixed

Removed

• Removed pwndb and tor related to it.
• Removed tor for pwndb

Fixed Various Installation Errors Fixed Naabu Port Scanning Issue

• Fixed various installation issues
• Fixed #769, #768, #766, #761, Thanks to, @bin-maker, @carsonchan12345, @paweloque, @opabravo

Fixed https://github.com/yogeshojha/rengine/issues/748 , https://github.com/yogeshojha/rengine/issues/743 , https://github.com/yogeshojha/rengine/issues/738, https://github.com/yogeshojha/rengine/issues/739

Fix #732, Upgraded Go to 1.1.8.2