search

Security-Tools-Alliance / rengine-ng

reNgine-ng is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.
GNU General Public License v3.0
19 stars 8 forks source link

feat(scan): Improve internal network scan #125

Open psyray opened 1 month ago

psyray commented 1 month ago

Expected feature

I've scanned my home network.

It misses a prebuilt scan engine for this subdomain discovery is useless, OSINT also image

There also a little problem

  1. We add an internal range
  2. We check the hostname we want
  3. We have multiple target
  4. We want to print report, we need to check on each target -> pain .... And 1 report by target

What about adding hostnames/ips found to a target as subdomain ? This one need some work I think, because there's some checks for the target owning the sub (domain name)

For this one maybe let the user choose, with a choice like "Import each IP/hostname as a target" or "Import each IP/hostname as a subdomain of the given target" with a text field saving the target name

But the problem of subdomain not member of a TLD is problematic It's a different way to manage target, at local domain level.

If it's an active directory no problem we could add the domain name (> 4 chars when https://github.com/Security-Tools-Alliance/rengine-ng/issues/9 will be merged)

But if it's a network without a domain it's problematic

Maybe set an option at the target level to deactivate the restriction on the TLD

Alternative solutions

No response

Anything else?

No response

Acknowledgements