[RR Request]: reNgine 2.0.0

Open Source Project name

reNgine

What is your project?

reNgine is the go-to web application reconnaissance suite designed to simplify and streamline the reconnaissance process for security professionals, penetration testers, and bug bounty hunters. With its highly configurable engines, data correlation capabilities, continuous monitoring, database-backed reconnaissance data, GPT powered report, and an intuitive user interface, reNgine redefines how you gather critical information about your target web applications.

Version

2.0

Date

October 7 2023

Description of breaking changes

Breaking Changes

Release Trailer: https://www.youtube.com/watch?v=VwkOWqiWW5g

Projects: Projects allow you to efficiently organize their web application reconnaissance efforts. With this feature, you can create distinct project spaces, each tailored to a specific purpose, such as personal bug bounty hunting, client engagements, or any other specialized recon task.
Roles and Permissions: assign distinct roles to your team members: Sys Admin, Penetration Tester, and Auditor—each with precisely defined permissions to tailor their access and actions within the reNgine ecosystem.
GPT-powered Report Generation: With the power of OpenAI's GPT, reNgine now provides you with detailed vulnerability descriptions, remediation strategies, and impact assessments.
API Vault: This feature allows you to organize your API keys such as OpenAI or Netlas API keys.
GPT-powered Attack Surface Generation
URL gathering now is much more efficient, removing duplicate endpoints based on similar HTTP Responses, having the same content_lenth, or page_title. Custom duplicate fields can also be set from the scan engine configuration.
URL Path filtering while initiating scan: For instance, if we want to scan only endpoints starting with https://example.com/start/, we can pass the /start as a path filter while starting the scan
Expanding Target Concept: reNgine 2.0 now accepts IPs, URLS, etc as targets.
Created a custom celery workflow to be able to run several tasks in parallel that are not dependent on each other, such OSINT task and subdomain discovery will run in parallel, and directory and file fuzzing, vulnerability scan, screenshot gathering etc. will run in parallel after port scan or url fetching is completed. This will increase the efficiency of scans and instead of having one long flow of tasks, they can run independently on their own.
Group Scan Results: reNgine 2.0 allows to group of subdomains based on similar page titles and HTTP status, and also vulnerability grouping based on the same vulnerability title and severity.
Added Support for Nmap: reNgine 2.0 allows to run Nmap scripts and vuln scans on ports found by Naabu.
Added Dalfox for XSS Vulnerability Scan
Added CRLFuzz for CRLF Vulnerability Scan
Added S3Scanner for scanning misconfigured S3 buckets
Improve OSINT Dork results, now detects admin panels, login pages and dashboards
Added Custom Dorks
Improved UI for vulnerability results, clicking on each vulnerability will open up a sidebar with vulnerability details.
Added HTTP Request and Response in vulnerability Results
Under Admin Settings, added an option to allow add/remove/deactivate additional users
Added Katana for crawling and spidering URLs
Added Netlas for Whois and subdomain gathering
Added TLSX for subdomain gathering
Added CTFR for subdomain gathering

Anything else to add?

No response

github / release-radar