search

Security-Tools-Alliance / rengine-ng

reNgine-ng is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.
GNU General Public License v3.0
12 stars 6 forks source link

feat(stability): improve reNgine stability and securiy #93

Open Talanor opened 1 month ago

Talanor commented 1 month ago

Expected feature

A lot of rengine's dependencies are installed, as root, outside of virtual environments, which inevitably leads to breakage due to incompatibilities every now and then.

Every standalone python tool should be installed via pipx whenever possible, or packaged using poetry and a custom pyproject.toml file. Ideally those should be reported upstream, but if not possible, such files should be maintained here.

Tools, and rengine, should not be ran as root. Tools should not auto update every celery container boot. It hogs up the load time and make things unstable. Without talking about library compatibility, what if the tool changes usage, etc.

My opinion is that until core stability is achieved, custom tools support & GUI upgrade should be dropped entirely.

Alternative solutions

No response

Anything else?

No response

Acknowledgements

Talanor commented 1 month ago

Addressed in #84

psyray commented 1 month ago

@Talanor I've updated the title to reflect the content of this issue

psyray commented 1 month ago

Really really good issue I want to do this since few months. Glad you propose this huge enhancement which will really make a step forward to reNgine. Thanks for your submission 👍 This one must definitively be released with 2.1.0.

For the upstream remark, Yogesh could use your PR and merge it.

Talanor commented 1 month ago

For the "upstream" I meant the tools that do not have a pyproject or equivalent ;)