search

yogeshojha / rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
https://yogeshojha.github.io/rengine/
GNU General Public License v3.0
7.48k stars 1.13k forks source link

bug: Detection of alive hosts #1172

Open psyray opened 9 months ago

psyray commented 9 months ago

Is there an existing issue for this?

Current Behavior

@yogeshojha @AnonymousWP

According to this issue #1056 and some investigation on my side, I think we have a problem with the detection of alive hosts.

I explain

This piece of code is used to check if an endpoint is alive https://github.com/yogeshojha/rengine/blob/52b4baa4a63586ba959b8e4a56a1ac79452493fd/web/reNgine/common_func.py#L338-L340

The main problem with this check is that it is used as the base check to launch scan like

So the method get_http_urls is mandatory to launch scan of the above type.

The main problem comes from the is_alive method of the Endpoint class in the startScan model https://github.com/yogeshojha/rengine/blob/52b4baa4a63586ba959b8e4a56a1ac79452493fd/web/startScan/models.py#L374-L375

As you can see, if, in those conditions :

No base url is returned, so no scan is launched.

It's problematic because dir_file_fuzz could be launched even if the base endpoint returned 404, and it's the same thing for fetch_url and vulnerability_scan

So we need to rework this part to always send to some tools the base URL, and also correctly set the

Expected Behavior

From the moment we have a subdomain, that have an IP, and give some HTTP response, we must run :

Steps To Reproduce

Try to launch a scan on a website that have the base URL responding HTTP status code >= 500 or 404

Environment

- reNgine: 2.0.2
- OS: debian
- Python: 3.10

Workaround

As a workaround to launch scan :

Modifying those 2 values could be needed

github-actions[bot] commented 9 months ago

👋 Hi @psyray, Issues is only for reporting a bug/feature request. Please read documentation before raising an issue https://rengine.wiki For very limited support, questions, and discussions, please join reNgine Discord channel: https://discord.gg/azv6fzhNCE Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

Talanor commented 5 months ago

@psyray Do you have any update or ETA on this?