reNgine: Open-source automated reconnaissance framework for web applications

reNgine is an open-source automated reconnaissance framework for web applications that focuses on a highly configurable and streamlined recon process.


Developing reNgine

reNgine was developed to overcome the constraints of conventional reconnaissance tools. It is a good choice for bug bounty hunters, penetration testers, and corporate security teams, automating and refining their information collection processes.

“reNgine was created as part of a personal automation project. Using various open-source tools to pipeline the recon process wasn’t necessarily new, not something reNgine invented; many open-source tools back then did the job. But they were all missing the major component of reconnaissance, i.e., correlation between the recon data, and most importantly, most of these tools used during the reconnaissance process gave outputs in different file formats such as JSON, XML, TXT, etc. Doing the correlation between those data was a huge task,” Yogesh Ojha, developer of reNgine, told Help Net Security.

Key features

The point of creating automation tools is to save time doing reconnaissance, both pre- and post-reconnaissance. reNgine shows various actionable insights in charts, maps, visualization trees, etc., to help find the correct reconnaissance data.

“We also have another unique feature called Projects, which allows you to organize your recon data with minimal effort. With this feature, you can create distinct project spaces tailored to a specific purpose, such as personal bug bounty hunting, client engagements, or any other specialized recon task. Each project gets a separate dashboard, and all the scan results will be separated from each project, while scan engines and configuration will be shared across all projects,” Ojha added.

Future plans and download

“Currently, I am working on bringing LLM integration to reNgine. With the rise of LLM models such as Llama3 and Llama2, I expect it will help with reconnaissance reports. We do have support for OpenAI GPT report and attack surface generator, but that requires paid API keys. Not every user can afford that, while some prefer using custom-trained models and others may prefer using models such as Llama2-uncensored. I’m introducing a ‘model toolkit’ feature that allows you to install custom LLM models and use them against the attack surface generator or vulnerability report generator. This will also enable the usage of various GPT versions, such as GPT 3.5 and GPT 4. At the moment, it is hardcoded to use GPT3.5,” Ojha concluded.

reNgine is available for free on GitHub.

Must read:

Don't miss