search

yogeshojha / rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
https://yogeshojha.github.io/rengine/
GNU General Public License v3.0
7.52k stars 1.14k forks source link

Feature - Showing new domain's title and status code in discord webhook is good #586

Open z7701858 opened 2 years ago

z7701858 commented 2 years ago

Is your feature request related to a problem? Please describe. I get the message from the discord webhook that a new domain was found, but I don't know the title and status code of the new domain, I need to return to rengine to see the title and status code of the new domain

Describe the solution you'd like Add the title and status code of the new domain to the information returned by rengine to discord webhhok

github-actions[bot] commented 2 years ago

👋 Hi @z7701858, Issues is only for reporting a bug/feature request. Please read documentation before raising an issue https://rengine.wiki For very limited support, questions, and discussions, please join reNgine Discord channel: https://discord.gg/azv6fzhNCE Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

xnl-h4ck3r commented 2 years ago

Hi @z7701858 If you want a work around to do this before the feature is added, you can edit the file ~/rengine/web/reNgine/tasks.py and change the code for new subdomain and interesting subdomains like below:

    # check for any subdomain changes and send notif if any
    if notification and notification[0].send_subdomain_changes_notif:
        newly_added_subdomain = get_new_added_subdomain(task.id, domain.id)
        if newly_added_subdomain:
            message = "**{} New Subdomains Discovered on domain {}**".format(newly_added_subdomain.count(), domain.name)
            for subdomain in newly_added_subdomain:
                httpx_cmd = "echo \"{}\" | httpx -silent -status-code -title -nc".format(subdomain.name) 
                domainStatusTitle = subprocess.getoutput(httpx_cmd) 
                if not domainStatusTitle:
                    domainStatusTitle =  "{} [No response] [No title]".format(subdomain.name)
                message += "\n• {}".format(domainStatusTitle) 
            send_notification(message)

        removed_subdomain = get_removed_subdomain(task.id, domain.id)
        if removed_subdomain:
            message = "**{} Subdomains are no longer available on domain {}**".format(removed_subdomain.count(), domain.name)
            for subdomain in removed_subdomain:
                message += "\n• {}".format(subdomain.name)
            send_notification(message)

    # check for interesting subdomains and send notif if any
    if notification and notification[0].send_interesting_notif:
        interesting_subdomain = get_interesting_subdomains(task.id, domain.id)
        print(interesting_subdomain)
        if interesting_subdomain:
            message = "**{} Interesting Subdomains Found on domain {}**".format(interesting_subdomain.count(), domain.name)
            for subdomain in interesting_subdomain:
                httpx_cmd = "echo \"{}\" | httpx -silent -status-code -title -nc".format(subdomain.name)
                domainStatusTitle = subprocess.getoutput(httpx_cmd)
                if not domainStatusTitle:
                    domainStatusTitle = "{} [No response] [No title]".format(subdomain.name)
                message += "\n• {}".format(domainStatusTitle)
            send_notification(message)

basically it's adding this code to each section before message += "\n• {}".format(subdomain.name)...

                httpx_cmd = "echo \"{}\" | httpx -silent -status-code -title -nc".format(subdomain.name) 
                domainStatusTitle = subprocess.getoutput(httpx_cmd) 
                if not domainStatusTitle:
                    domainStatusTitle =  "{} [No response] [No title]".format(subdomain.name)

and then changing the line message += "\n• {}".format(subdomain.name) to message += "\n• {}".format(domainStatusTitle)

The subs messages are sent before HTTPX is used to get the status amnd title shown in the portal, so you have to just do it on each sub at this point in the code. Hope this helps!