Intro
Relatively recently, a fresh update of the reNgine search engine was released on GitHub. Among the many new functions, one that interested us the most was searching using Netlas. This article will tell you how to install and configure reNgine, what this framework can find, and, most importantly, how to use it in conjunction with Netlas.
Installing
The GitHub repository for reNgine includes installation instructions. It is quite simple and can be done with a few commands:
git clone https://github.com/yogeshojha/rengine && cd rengine
sudo ./install.sh
In addition, before running the installation script, you can change the framework configuration. To do this, enter the command nano .env and edit the opened file. Recommendations for setting it up can also be found in the repository.
After you install the framework and create an account, go to your browser and open the localhost (or 127.0.0.1) tab. Here you will be asked to enter your password and log in, after which you will finally be taken to reNgine.
If there was a reboot of your device between installation and launch, you will need to start Docker again. This is done with the following command in ./rengine directory:
sudo docker-compose up
Moreover, if you want to rebuild reNgine, use sudo docker-compose build.
After that, go to localhost as well.
Usage
Start
Therefore, after authorization, you will see the following screen:
Here you can configure the project name and add other users, assigning them one of three roles: Sys Admin (super-user), Penetration (a user who can configure and initiate scans), and Auditor (a user who can download and view reports). In addition, there is the capability to enter two API keys: for Netlas and OpenAI.
What are these keys? With Netlas, I think there will be no problems. It is necessary so that reNgine can access our database during scans. As for OpenAI, their API key is designed to generate reports on your scans. Yes, reNgine can generate convenient reports using neural networks.
So, enter your key for Netlas (if you do not know where to get it, look at one of my past articles, for example, this one), enter the key for OpenAI if you want to receive beautiful reports, and you can start.
Scan settings
After creating a project, you are taken to the “Dashboard” tab. What do we see here?
The “Dashboard” tab lists the key metrics of your scan. Now I only have zeros here, but it is a matter of time. The number of subdomains found, responses received, vulnerabilities detected, and their level of criticality will be displayed here.
The “Projects” tab is not without interest:
Here the utility stores all the projects you have created, providing convenient management.
“Todo” contains all the notes you decide to take as you work.
Also interesting is the “Scan Engine” tab. It contains scan settings.
By default, six engines are available, which you can see in the image above, but users can also add their own, flexibly customizing reNgine for themselves.
The “Settings” tab contains all kinds of settings (which, in general, is logical). There you can also enter API keys for Netlas and OpenAI (in Settings→API Vault), as well as update the tools that are part of the framework.
The remaining tabs will be discussed in the next paragraph.
Scanning
To start scanning, you need to go to the “Targets” tab. Initially, it is empty, so let’s add new targets.
The main type of target that reNgine accepts is the domain name. Let’s add the long-suffering target.com as a victim of our research.
We can enter any number of domains in this field, as well as give them a description or load them from a file (TXT or CSV). In addition, the tool can accept IP addresses as input, which will be transferred to domains at any case thanks to DNS records.
Having added the required number of targets (in our case, one), you can start scanning. To do this, click on the “Initiate Scan” button.
Next, you need to select which scanning pattern will be used. Their names speak for themselves, so I will not go into details. Let’s just choose the recommended template.
Now, we can configure the scope by adding already-known subdomains as well as those that the scanner should ignore. However, we will assume that now we are interested in all available information about the target, so we will simply leave these fields empty.
The last point is setting up filters. We will not enter anything here either.
Click “Start Scan.” and now all that is left is to wait for it to complete. At the same time, the “Scan History” tab has already been updated: now it contains a summary of the running scan.
The numbers will be updated periodically, and the app will find new points of interest and add them to our results. Finally, the moment will come when reNgine will turn to Netlas.
Gradually, the number of found objects will increase. For example, the following image shows the results of an hour of scanning.
Now all that remains is to wait until the end and be acquainted with the collected data, which, in addition to subdomains and vulnerabilities, may include files, links to login pages, administration panels, and so on.
Conclusion
reNgine is a very powerful framework that allows you to perform a full scan of any host in a relatively short period of time. Although it is of primary value to pen testers and bug bounters, this tool can also be useful in the OSINT field. Thanks to integration with Netlas, its capabilities in terms of data search have become even more extensive.
That is all I have. Good luck!