search

yogeshojha / rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
https://yogeshojha.github.io/rengine/
GNU General Public License v3.0
7.53k stars 1.14k forks source link

bug: theHarvester not picking up api-keys configured in Tool Settings #1451

Open b1k3 opened 1 month ago

b1k3 commented 1 month ago

Is there an existing issue for this?

Current Behavior

When running a scan Harvester is not picking up any API keys configured within the Tool Setting page of the application

Expected Behavior

When configuring the settings for theHarvester within Tool Settings of the GUI and then running a scan it should utilise the API keys provided.

Steps To Reproduce

  1. Log into reNgine GUI
  2. Go to Settings > Tools Settings.
  3. Double Click on the configuration for theHarvester
  4. Enter the yaml configuration as required:
apikeys:
  bevigil:
    key:

  binaryedge:
    key:

  bing:
    key:

  bufferoverun:
    key:

  censys:
    id:
    secret:

  criminalip:
    key:

  fullhunt:
    key:

  github:
    key:

  hunter:
    key:

  hunterhow:
    key:

  intelx:
    key:

  netlas:
    key:

  onyphe:
    key:

  pentestTools:
    key:

  projectDiscovery:
    key:

  rocketreach:
    key:

  securityTrails:
    key: <key goes here>

  shodan:
    key:

  tomba:
    key:
    secret:

  virustotal:
    key: <key goes here>
  1. Click Save Changes
  2. Configure Target
  3. Run Scan (Tested OSINT Scan)

Environment

- reNgine: 2.2.0
- OS: Ubuntu 24.04
- Python: 3.12.3
- Docker Engine: 27.3.1
- Docker Compose: N/A
- Browser: Chrome 129.0.6668.70

Anything else?

When the scan runs and theHarvester is run, it attempts to pick up the api-keys.yaml file from /root/.theHarvester/api-keys.yaml as per screenshot below:

image

When connecting to the celery container and checking the file, no keys are saved in this file.

Connecting to the celery docker container rengine-celery-1 using sudo docker exec -it rengine-celery-1 /bin/bash, I located that the file in the below location /usr/src/github/theHarvester/api-keys.yaml is the file updated by the GUI.

As a work around I've copied the /usr/src/github/theHarvester/api-keys.yaml to the one in the /root/.theHarvester/ location.

github-actions[bot] commented 1 month ago

Hey @b1k3! πŸ‘‹ Thanks for flagging this bug! πŸ›πŸ”

You're our superhero bug hunter! πŸ¦Έβ€β™‚οΈπŸ¦Έβ€β™€οΈ Before we suit up to squash this bug, could you please:

πŸ“š Double-check our documentation: https://rengine.wiki πŸ•΅οΈ Make sure it's not a known issue πŸ“ Provide all the juicy details about this sneaky bug

Once again - thanks for your vigilance! πŸ› οΈπŸš€