Black Hat USA attendees were given a firsthand look at the new and improved ReNgine, which includes several new features for penetration testers and red teamers.
ReNgine is a highly customizable open source reconnaissance framework that works with other utilities to scan domains, list endpoints, and search directories.
Security professionals can use the tool to create a pipeline that pulls together more complex queries from scan engines and present the results in a single window.
With 4,500 stars on GitHub, ReNgine has continued to grow in popularity over recent months – thanks in no small part to the steady addition of new features to assist pen testers with their daily tasks.
The tool’s developer is Yogesh Ojha, a security pro working on web and mobile applications. His goal is to automate some of the more time-consuming research operations, as well as bringing open source hacking tools together.
“There are several open source recon tools in the market,” Ojha told The Daily Swig. “What sets ReNgine apart from the other tools is the easy-to-use web interface, ability to customize the scan engines according to the targets, the UI/UX, and easy integration on VPS with minimal setup.”
New features
Launched in time for Black Hat USA, and showcased during the Arsenal sessions on Wednesday (August 10), ReNgine version 1.3.0 includes several new features.
First up is a unique subscan feature that allows users to scan any target subdomains further.
“Once subdomain scanning is done, you can choose one or multiple subdomains and send for further port scans, vulnerability scans, or any scans available,” Ojha explained.
“The added benefit of the subscan feature is that, for larger targets like google.com you need not wait for the entire scan to complete. One can simply perform a subdomain scan and perform further sub scans on those subdomains.”
ReNgine 1.3.0 also comes bundled with a highly customizable PDF report feature, which allows users to choose the type, look, and feel of the report.
Meanwhile, a new toolbox feature for ReNgine allows pen testers to integrate tools like WHOIS lookup and WAF Detector without the need to add a URL/domain as targets. More toolboxes are on the way.
Among the various UI/UX improvements in ReNgine 1.1, column filtering “was one of the most asked for features”, Ojha said.
“Column filtering allows users to focus on what’s important in the subdomains, endpoints, and vulnerability result table section. This allows users to hide and unhide certain columns.”
Ojha added: “In a nutshell, the newer upgrade of ReNgine makes it more than just a recon tool. The latest update aims to fix the gap in the traditional recon tools and probably a much better alternative for some of the commercial recon and vulnerability assessment tools.
Source: https://portswigger.net/daily-swig/rengine-upgrade-new-subscan-feature-pdf-reports-expanded-toolbox-showcased-at-black-hat-usa