yogeshojha / rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
https://yogeshojha.github.io/rengine/
GNU General Public License v3.0
7.47k stars 1.13k forks source link

Bug - After modification of YAML, server gives out error 500 #588

Closed thistehneisen closed 11 months ago

thistehneisen commented 2 years ago

Issue Summary

For rEngine recommended, YAML was modified accordingly:

subdomain_discovery:
  uses_tools: [ amass-passive, assetfinder, sublist3r, subfinder, oneforall ]
  threads: 10
  use_amass_config: false
  use_subfinder_config: false

visual_identification:
  timeout: 10
  threads: 5

osint:
  discover: [ emails, metainfo, employees ]
  intensity: normal
  # intensity: deep
  dork: [ stackoverflow, 3rdparty, social_media, project_management, code_sharing, config_files, jenkins, wordpress_files, cloud_buckets, php_error, exposed_documents, struts_rce, db_files, traefik, git_exposed ]

port_scan:
  ports: [ top-100 ]
  rate: 1000
  use_naabu_config: false
  # exclude_ports: [80, 8080]

dir_file_search:
  extensions: [ php, git, yaml, conf, db, mysql, bak, asp, aspx, txt, conf, sql, json ]
  threads: 100
  recursive: false
  recursive_level: 1
  wordlist: default

fetch_url:
  uses_tools: [ gauplus, hakrawler, waybackurls, gospider ]
  intensity: normal
  # intensity: deep
  ignore_file_extension: [jpg, png, jpeg, gif]
  gf_patterns: [ debug_logic, idor, img-traversal, interestingEXT, interestingparams, interestingsubs, jsvar, lfi, rce, redirect, sqli, ssrf, ssti, xss]

vulnerability_scan:
  concurrency: 10
  rate_limit: 150
  timeout: 5
  retries: 1
  templates: [ all ]
  # custom_templates: []
  severity: [ critical, high, medium, low, info ]

Steps to Reproduce

  1. Modify the YAML to aforementioned
  2. Try to start rEngine Recommended engine for a target
  3. Get server error 500

Technical details

Ubuntu 20.04.4 LTS

github-actions[bot] commented 2 years ago

👋 Hi @thistehneisen, Issues is only for reporting a bug/feature request. Please read documentation before raising an issue https://rengine.wiki For very limited support, questions, and discussions, please join reNgine Discord channel: https://discord.gg/azv6fzhNCE Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

thistehneisen commented 2 years ago

Where can I view server logs to find out what is the cause behind the 500 error?

xnl-h4ck3r commented 2 years ago

Where can I view server logs to find out what is the cause behind the 500 error?

Hi @thistehneisen, you should be able to see them using cd ~/rengine; sudo make logs

thistehneisen commented 2 years ago

@xnl-h4ck3r thank you, seems like the problem might be with Redis service, any ideas what could cause it and how to fix it?

celery_1       | [2022-03-08 13:11:32,162: ERROR/MainProcess] consumer: Cannot connect to redis://redis:6379/0: Error -3 connecting to redis:6379. Temporary failure in name resolution..
celery_1       | Trying again in 32.00 seconds... (16/100)
celery_1       |
celery_1       | [2022-03-08 13:12:04,200: ERROR/MainProcess] consumer: Cannot connect to redis://redis:6379/0: Error -3 connecting to redis:6379. Temporary failure in name resolution..
celery_1       | Trying again in 32.00 seconds... (16/100)
celery_1       |
celery_1       | [2022-03-08 13:12:36,239: ERROR/MainProcess] consumer: Cannot connect to redis://redis:6379/0: Error -3 connecting to redis:6379. Temporary failure in name resolution..
celery_1       | Trying again in 32.00 seconds... (16/100)
celery_1       |
celery_1       | [2022-03-08 13:13:08,274: ERROR/MainProcess] consumer: Cannot connect to redis://redis:6379/0: Error -3 connecting to redis:6379. Temporary failure in name resolution..
celery_1       | Trying again in 32.00 seconds... (16/100)
xnl-h4ck3r commented 2 years ago

Hey @thistehneisen I'm not 100% sure. You could try cd ~/rengine; sudo make restart

harmony00x commented 2 years ago

@xnl-h4ck3r I tried that but unfortunately I got the same error 500 when launching scan

thistehneisen commented 2 years ago

@xnl-h4ck3r same here, after restart:

ubuntu@red:~/rengine$ sudo make restart
COMPOSE_DOCKER_CLI_BUILD=1 docker-compose -f docker-compose.yml restart db web proxy redis celery celery-beat tor
Restarting rengine_web_1         ... done
Restarting rengine_celery-beat_1 ... done
Restarting rengine_celery_1      ... done
Restarting rengine_proxy_1       ... done
Restarting rengine_tor_1         ... done
Restarting rengine_db_1          ... done
Restarting rengine_redis_1       ... done

The web is now responding:

502 Bad Gateway
nginx/1.21.4
Meetzanonymous commented 1 year ago

I am facing the same issue even after reinstalling rEngine.

psyray commented 11 months ago

Could you try on v2 and open a new issue if problem persists. Warning ! v2 YAML structure has changed and is not compatible with v1