-
Notifications
You must be signed in to change notification settings - Fork 15
Changelog
This section contains the changes happened in reNgine-ng.
Please ensure backwards compatibility before updating reNgine-ng.
Version | Backwards Compatible |
---|---|
2.1.0 | ✅ Compatible Need: - .env backup before upgrade & restore credentials after - Set correct permissions due to rootless |
2.0.7 | ✅ Compatible |
2.0.6 | ✅ Compatible |
2.0.5 | ✅ Compatible |
2.0.4 | ✅ Compatible |
2.0.3 | ✅ Compatible |
2.0.2 | ✅ Compatible |
2.0.1 | ✅ Compatible |
2.0.0 | ❌ Not Compatible |
1.3.6 | ✅ Compatible |
1.3.5 | ✅ Compatible |
1.3.4 | ✅ Compatible |
1.3.3 | ✅ Compatible |
1.3.2 | ✅ Compatible |
1.3.1 | ✅ Compatible |
1.3.0 | ✅ Compatible |
1.2.0 | ✅ Compatible |
1.1 | ❌ Not Compatible |
1.0.1 | ✅ Compatible up to 1.0 |
1.0 | ❌ Not Compatible |
0.5.3 | ✅ Compatible |
0.5.2 | ✅ Compatible |
0.5.1 | ✅ Compatible |
0.5 | ✅ Compatible |
0.4 | ✅ Compatible |
0.3 | ✅ Compatible |
0.2 | ✅ Compatible |
0.1 | ✅ Compatible |
Release date: November 6, 2024
- feat(release): update release/2.1.0 from upstream by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/86
- feat(ui): mask API keys in settings view by @yarysp in https://github.com/Security-Tools-Alliance/rengine-ng/pull/80
- feat(install): arm64 support by @yarysp in https://github.com/Security-Tools-Alliance/rengine-ng/pull/82
- ops(install): use python venv (pipx/poetry) to fix/prevent conflicting packages by @psyray & @Talanor in https://github.com/Security-Tools-Alliance/rengine-ng/pull/84
- build(install): migrate to GitHub Container Registry, optimize Docker setup, and update install scripts by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/139
- build(ci): build Docker image and upload to GitHub container registry by @AnonymousWP in https://github.com/Security-Tools-Alliance/rengine-ng/pull/138
- build(docker): add ARM support for Celery Dockerfile by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/161
- build(docker): improve makefile, docker verbosity & provide unit tests by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/155
- dev(django): install django extensions to have more commands by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/196
- feat(ui): disable update button in tool arsenal by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/200
- feat(todo): enhance todo functionality and error handling by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/198
- project(ui): confine users to projects and standardize slug usage by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/154
- feat(ui): bulk remove vulnerabilities by @0b3ud in https://github.com/Security-Tools-Alliance/rengine-ng/pull/168
- feat: reintroduce Lark notification fields in scanEngine by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/207
- feat: enhance IP retrieval with caching by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/215
- build(docker): refactor detection of OS and add support for RHEL distros by @AnonymousWP in https://github.com/Security-Tools-Alliance/rengine-ng/pull/211
- Release/2.1.0 by @AnonymousWP in https://github.com/Security-Tools-Alliance/rengine-ng/pull/1
- fix(docs): change art logo and fix doc link by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/137
- fix(cidr): add CIDR import by @pbehnke in https://github.com/Security-Tools-Alliance/rengine-ng/pull/141
- fix(ui): restore static files path & remove beat entrypoint useless code by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/145
- fix(conflicts): fix merge conflicts for branch release/2.1.0 by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/150
- fix(scan): subdomain import with suffix more than 4 chars by @yogeshojha in https://github.com/Security-Tools-Alliance/rengine-ng/pull/147
- build(ci): extract issue number from PR body by @AnonymousWP in https://github.com/Security-Tools-Alliance/rengine-ng/pull/153
- docs(readme): set badge to latest release automatically by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/158
- docs(readme): remove space after url by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/159
- fix(ui): permit to link tab URL and history back into it by @yogeshojha in https://github.com/Security-Tools-Alliance/rengine-ng/pull/164
- fix(celery): wafw00f install by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/166
- fix(ui): load default yaml config on add scan engine form by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/171
- fix(ui): tools settings page by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/169
- fix(oneforall): wrong s3 bucket reported by @Talanor in https://github.com/Security-Tools-Alliance/rengine-ng/pull/176
- fix(ssl): add SAN extension to the cert by @michschl in https://github.com/Security-Tools-Alliance/rengine-ng/pull/178
- fix(ui): stored XSS by @yogeshojha in https://github.com/Security-Tools-Alliance/rengine-ng/pull/180
- fix(install): revert changes of prebuilt chain by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/183
- fix(ui): fix 500 error on scan engine add by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/184
- build(install): improve root detection and set ownership on files by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/186
- fix(scan): fix clocked and scheduled scan not working by @yogeshojha in https://github.com/Security-Tools-Alliance/rengine-ng/pull/182
- fix(graph): de-duplicate dorks and vulnerabilities by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/188
- build(docker): replace staticfiles volume to prevent empty directory by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/199
- fix(custom_header): not correctly parsing parameters by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/172
- fix: change install_type value in .env-dist and add missing imports by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/201
- refactor: replace hardcoded API URLs with dynamic endpoint URLs by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/206
- refactor: update modal handling and improve CMS detection by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/210
- refactor: update delete functions to use URL endpoints by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/213
- refactor: update URL handling by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/214
- fix: apply github-advanced-security recommendations by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/220
- chore(deps): bump requests from 2.31.0 to 2.32.2 in /web by @dependabot in https://github.com/Security-Tools-Alliance/rengine-ng/pull/105
- chore(deps): bump django from 3.2.4 to 3.2.25 in /web by @dependabot in https://github.com/Security-Tools-Alliance/rengine-ng/pull/104
- build(ci): add CI for closing issues when PR is merged by @AnonymousWP in https://github.com/Security-Tools-Alliance/rengine-ng/pull/144
- build(ci): add write permissions by @AnonymousWP in https://github.com/Security-Tools-Alliance/rengine-ng/pull/163
- docs(readme): remove note by @AnonymousWP in https://github.com/Security-Tools-Alliance/rengine-ng/pull/167
- docs(readme): redirect install & update section to the wiki pages by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/185
- build(ci): build docker images for each tag, release, push by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/151
- build(images): restrict image creation, add correct tags and clean non tagged images by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/193
- build(ci): improve CodeQL configuration by @AnonymousWP in https://github.com/Security-Tools-Alliance/rengine-ng/pull/194
- ci(unit-tests): provide unit tests for UI by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/189
- refactor: improve robustness of nuclei result parsing by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/209
- refactor: update wordlists and configuration defaults by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/221
- @dependabot made their first contribution in https://github.com/Security-Tools-Alliance/rengine-ng/pull/105
- @0b3ud made their first contribution in https://github.com/Security-Tools-Alliance/rengine-ng/pull/168
- @pbehnke made their first contribution in https://github.com/Security-Tools-Alliance/rengine-ng/pull/141
- @Talanor made their first contribution in https://github.com/Security-Tools-Alliance/rengine-ng/pull/176
- @michschl made their first contribution in https://github.com/Security-Tools-Alliance/rengine-ng/pull/178
Full Changelog: https://github.com/Security-Tools-Alliance/rengine-ng/compare/v2.0.7...v2.1.0
Release date: August 14, 2024
- dev(debug): complete dev environment to debug/code easily by @yarysp in https://github.com/Security-Tools-Alliance/rengine-ng/pull/68
- build(ci): automate releases based on tags and labels by @AnonymousWP in https://github.com/Security-Tools-Alliance/rengine-ng/pull/111
- build(install/uninstall/update): improve usability, readability and overall user experience of output by @AnonymousWP in https://github.com/Security-Tools-Alliance/rengine-ng/pull/95
- feat(version): centralize version management in web/reNgine/version.txt by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/131
- feat(docker): add support for old docker-compose command by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/132
- fix(security): OS Command Injection vulnerability (x2) by @AnonymousWP in https://github.com/Security-Tools-Alliance/rengine-ng/pull/2
- feat: update to 2.0.6 from upstream by @yarysp in https://github.com/Security-Tools-Alliance/rengine-ng/pull/79
- ops(install): fix rengine install/uninstall by @yarysp in https://github.com/Security-Tools-Alliance/rengine-ng/pull/81
- fix(file_fuzz): subdomain_id key error by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/88
- refactor(scan): custom headers by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/90
- fix(security): rework scan working folder location to prevent leaks by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/92
- fix(scan): fix bad base path retrieval for results dir by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/94
- fix(scan): rework the alive endpoint and redirection operation by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/96
- fix(scan): check value returned for all subs saved by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/100
- fix(scan): rework http_crawl to update subdomain datas by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/102
- fix(ui): reset osint dork result id before display by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/103
- fix(scan): centralize and log subdomains creation by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/97
- fix(tools): update git tools at startup by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/98
- fix(scan): add some iterable checks to prevent TypeError by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/113
- fix(screenshot): get only some columns from csv file by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/114
- fix(ui): escape vulnerability request/response in db and display in ui by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/118
- fix(fetch_url): fix unwanted subdomain and rework fetch_url task by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/126
- build(ci): fix missing write permissions by @AnonymousWP in https://github.com/Security-Tools-Alliance/rengine-ng/pull/135
- chore(issue-templates): refactor issue forms by @AnonymousWP in https://github.com/Security-Tools-Alliance/rengine-ng/pull/61
- docs(readme): fix links and images by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/65
- docs: update expired Discord invitation link with non expiring one by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/109
- docs: refactor documentation by @AnonymousWP in https://github.com/Security-Tools-Alliance/rengine-ng/pull/115
- build(deps): bump Django deps to fix security issues by @psyray in https://github.com/Security-Tools-Alliance/rengine-ng/pull/133
- @AnonymousWP made their first contribution in https://github.com/Security-Tools-Alliance/rengine-ng/pull/2
Full Changelog: https://github.com/Security-Tools-Alliance/rengine-ng/compare/v2.0.3...v2.0.7
Release Date: May 11, 2024
- Fix installation error and celery workers having issues with httpcore
- remove duplicate gospider references by @Talanor in https://github.com/yogeshojha/rengine/pull/1245
- Fix "subdomain" s3 bucket by @Talanor in https://github.com/yogeshojha/rengine/pull/1244
- Fix Txt File Var Declaration by @specters312 in https://github.com/yogeshojha/rengine/pull/1239
- Bug Correction: When dumping and loading customscanengines by @TH3xACE in https://github.com/yogeshojha/rengine/pull/1224
- Fix/infoga removal by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1249
- Fix #1241 by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1251
- @Talanor made their first contribution in https://github.com/yogeshojha/rengine/pull/1245
- @specters312 made their first contribution in https://github.com/yogeshojha/rengine/pull/1239
- @TH3xACE made their first contribution in https://github.com/yogeshojha/rengine/pull/1224
Full Changelog: https://github.com/yogeshojha/rengine/compare/v2.0.5...v2.0.6
Release Date: April 20, 2024
- Fix #1234 reNgine-ng unable to load celery tasks due to mismatched celery and redis versions
Release Date: April 18, 2024
- chore: update version number to 2.0.3 by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1180
- Fix various ffuf bugs by @yarysp in https://github.com/yogeshojha/rengine/pull/1199
- Set and update default YAML config with all latest vars by @yarysp in https://github.com/yogeshojha/rengine/pull/1200
- Add checks for placeholder in custom tool task by @yarysp in https://github.com/yogeshojha/rengine/pull/1201
- Whatportis - Replace purge by truncate to prevent port import error by @yarysp in https://github.com/yogeshojha/rengine/pull/1203
- ops(installation): fix nano not being installed when absent by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1143
- Complete dev environment to debug/code easily by @yarysp in https://github.com/yogeshojha/rengine/pull/1196
- Revert "Complete dev environment to debug/code easily" by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1225
- Update README.md | Fixed 1 broken link to the regine.wiki by @jostasik in https://github.com/yogeshojha/rengine/pull/1226
- Fix uninitialised variable cmd in custom_subdomain_tools by @cpandya2909 in https://github.com/yogeshojha/rengine/pull/1207
- [FIX] security: OS Command Injection vulnerability (x2) #1219 by @0xtejas in https://github.com/yogeshojha/rengine/pull/1227
- @yarysp made their first contribution in https://github.com/yogeshojha/rengine/pull/1199
- @jostasik made their first contribution in https://github.com/yogeshojha/rengine/pull/1226
- @cpandya2909 made their first contribution in https://github.com/yogeshojha/rengine/pull/1207
- @0xtejas made their first contribution in https://github.com/yogeshojha/rengine/pull/1227
Full Changelog: https://github.com/yogeshojha/rengine/compare/v2.0.3...v2.0.4
Release Date: January 25, 2024
- CI: update GitHub action versions by @jxdv in https://github.com/yogeshojha/rengine/pull/1136
- Fixed (subdomain_discovery | ERROR | local variable 'use_amass_config' referenced before assignment) by @Deathpoolxrs in https://github.com/yogeshojha/rengine/pull/1149
- chore: update LICENSE by @jxdv in https://github.com/yogeshojha/rengine/pull/1153
- Fix subdomains list empty in Target by @psyray in https://github.com/yogeshojha/rengine/pull/1166
- Fix top menu text overflow in low resolution by @psyray in https://github.com/yogeshojha/rengine/pull/1167
- Update auto comment workflow due to deprecation warnings by @ErdemOzgen in https://github.com/yogeshojha/rengine/pull/1126
- Change Redirect URL after login to prevent 500 error by @psyray in https://github.com/yogeshojha/rengine/pull/1124
- fix-1030: Add missing slug on target summary link by @psyray in https://github.com/yogeshojha/rengine/pull/1123
- @Deathpoolxrs made their first contribution in https://github.com/yogeshojha/rengine/pull/1149
- @ErdemOzgen made their first contribution in https://github.com/yogeshojha/rengine/pull/1126
Full Changelog: https://github.com/yogeshojha/rengine/compare/v2.0.2...v2.0.3
Release Date: December 8, 2023
- Added tooltip text to dashboard total vulnerabilities tooltip by @luizmlo in https://github.com/yogeshojha/rengine/pull/1029
- ops(
uninstall.sh
): add missing volumes and echo messages by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/977 - Fix no results in target subdomain list by @psyray in https://github.com/yogeshojha/rengine/pull/1036
- Fix Tool Settings Broken Link by @aqhmal in https://github.com/yogeshojha/rengine/pull/1021
- Fix subdomains list empty in Target by @psyray in https://github.com/yogeshojha/rengine/pull/1053
- Raise page limit to 500 for popup list by @psyray in https://github.com/yogeshojha/rengine/pull/1051
- Add directories count on Directories list by @psyray in https://github.com/yogeshojha/rengine/pull/1050
- ops(docker-compose): upgrade to 2.23.0 by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1023
- Fix endpoints list and count by @psyray in https://github.com/yogeshojha/rengine/pull/1041
- Fix failing visualization when dorks are present by @psyray in https://github.com/yogeshojha/rengine/pull/1045
- Fix note not saving by @psyray in https://github.com/yogeshojha/rengine/pull/1047
- Count only not done todos in subdomains list by @psyray in https://github.com/yogeshojha/rengine/pull/1048
- Fix user agent definition keyword by @psyray in https://github.com/yogeshojha/rengine/pull/1054
- Upgrade project discovery tool at CT build by @psyray in https://github.com/yogeshojha/rengine/pull/1055
- Add a check to not load datatables twice by @psyray in https://github.com/yogeshojha/rengine/pull/1039
- Nmap port scan fails when Naabu return no port by @psyray in https://github.com/yogeshojha/rengine/pull/1067
- chore(issue-templates): incorrect label name by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1066
- Endpoints list popup empty by @psyray in https://github.com/yogeshojha/rengine/pull/1070
- Add missing domain id value in subscan by @psyray in https://github.com/yogeshojha/rengine/pull/1069
- Fixes for #1033, #1026, #1027 by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1071
- Temporary fix to prevent celery beat crash by @psyray in https://github.com/yogeshojha/rengine/pull/1072
- fix: ffuf ANSI code processing preventing task to finish by @ocervell in https://github.com/yogeshojha/rengine/pull/1058
- Update views.py by @Vijayragha1 in https://github.com/yogeshojha/rengine/pull/1074
- Fix crash on saving endpoint (FFUF related only) by @psyray in https://github.com/yogeshojha/rengine/pull/1063
- chore(issue-templates): fix incorrect description by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1078
- IOError -> OSError by @jxdv in https://github.com/yogeshojha/rengine/pull/1081
- Add directories count on Directories list by @psyray in https://github.com/yogeshojha/rengine/pull/1090
- chore(issue-template): don't allow blank issues by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1089
- Fix bad nuclei config name by @psyray in https://github.com/yogeshojha/rengine/pull/1098
- disallow empty password by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1105
- fix attribute error on scan history #1103 by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1104
- issue-633: added already-in-org filter to target dropdown in org form by @SeanOverton in https://github.com/yogeshojha/rengine/pull/1106
- Update Dockerfile to fix silicon incompatability by @SubGlitch1 in https://github.com/yogeshojha/rengine/pull/1107
- Add source for nmap scan by @psyray in https://github.com/yogeshojha/rengine/pull/1108
- Spelling mistake in hackerone.html by @Linuxinet in https://github.com/yogeshojha/rengine/pull/1112
- fix(version): incorrect number in art by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1111
- Fix report generation when
Ignore Informational Vulnerabilities
checked by @psyray in https://github.com/yogeshojha/rengine/pull/1100 - fix(tool_arsenal): incorrect regex version numbers by @AnonymousWP in https://github.com/yogeshojha/rengine/pull/1086
- @luizmlo made their first contribution in https://github.com/yogeshojha/rengine/pull/1029 🥳
- @aqhmal made their first contribution in https://github.com/yogeshojha/rengine/pull/1021 🥳
- @C0wnuts made their first contribution in https://github.com/yogeshojha/rengine/pull/973 🥳
- @ocervell made their first contribution in https://github.com/yogeshojha/rengine/pull/1058 🥳
- @Vijayragha1 made their first contribution in https://github.com/yogeshojha/rengine/pull/1074 🥳
- @jxdv made their first contribution in https://github.com/yogeshojha/rengine/pull/1081 🥳
- @SeanOverton made their first contribution in https://github.com/yogeshojha/rengine/pull/1106 🥳
- @SubGlitch1 made their first contribution in https://github.com/yogeshojha/rengine/pull/1107 🥳
- @Linuxinet made their first contribution in https://github.com/yogeshojha/rengine/pull/1112 🥳
Full Changelog: https://github.com/yogeshojha/rengine/compare/v2.0.1...v2.0.2
Once again excellent work on reNgine-ng v2.0.2 by @AnonymousWP, @psyray, @ocervell and everybody else! 🚀
Release Date: October 24, 2023
2.0.1 fixes a ton of issues in reNgine-ng 2.0.
Fixes:
- Prevent duplicating Nuclei vulns for subdomain #1012 @psyray
- Fixes for empty subdomain returned during nuclei scan #1011 @psyray
- Add all the missing slug in scanEngine view & other places #1005 @psyray
- Foxes for missing vulscan script #1004 @psyray
- Fixes for missing slug in report settings saving #1003
- Fixes for Nmap Parsing Error #1001 #1002 @psyray
- Fix nmap script ports iterable args #1000 @psyray
- Iterate over hostnames when multiple #1002 @psyray
- Gau install #998, change gauplus to gau @psyray
- Add missing slug parameter in schedule scan #996 @psyray
- Add missing slug parameter in schedule scan #996, fixes #940, #937, #897, #764 @psyray
- Add stack trace into make logs if DEBUG True #994 @psyray
- Fix dirfuzz base64 name display #993 #992 @psyray
- Fix target subdomains list not loading #991 @psyray
- Change WORDLIST constant value #987, fixes #986@psyray
- fix(notification_settings): submitting results in error 502 #981 fixes #970 @psyray
- Fixes with documentation and installation/update/uninstall scripts @anonymousWP
- Fix file directory popup not showing in detailed scan #912 @psyray
@AnonymousWP and @psyray have been phenomenal in fixing these bugs. Thanks to both of you! ❤️ 🚀
Release Date: Sept 30, 2023
Added
- Projects: Projects allow you to efficiently organize their web application reconnaissance efforts. With this feature, you can create distinct project spaces, each tailored to a specific purpose, such as personal bug bounty hunting, client engagements, or any other specialized recon task.
- Roles and Permissions: assign distinct roles to your team members: Sys Admin, Penetration Tester, and Auditor—each with precisely defined permissions to tailor their access and actions within the reNgine-ng ecosystem.
- GPT-powered Report Generation: With the power of OpenAI's GPT, reNgine-ng now provides you with detailed vulnerability descriptions, remediation strategies, and impact assessments.
- API Vault: This feature allows you to organize your API keys such as OpenAI or Netlas API keys.
- GPT-powered Attack Surface Generation
- URL gathering now is much more efficient, removing duplicate endpoints based on similar HTTP Responses, having the same content_lenth, or page_title. Custom duplicate fields can also be set from the scan engine configuration.
- URL Path filtering while initiating scan: For instance, if we want to scan only endpoints starting with https://example.com/start/, we can pass the /start as a path filter while starting the scan. @ocervell
- Expanding Target Concept: reNgine-ng 2.0 now accepts IPs, URLS, etc as targets. (#678, #658) Excellent work by @ocervell
- A ton of refactoring on reNgine-ng's core to improve scan efficiency. Massive kudos to @ocervell
- Created a custom celery workflow to be able to run several tasks in parallel that are not dependent on each other, such OSINT task and subdomain discovery will run in parallel, and directory and file fuzzing, vulnerability scan, screenshot gathering etc. will run in parallel after port scan or url fetching is completed. This will increase the efficiency of scans and instead of having one long flow of tasks, they can run independently on their own. @ocervell
- Refactored all tasks to run asynchronously @ocervell
- Added a stream_command that allows to read the output of a command live: this means the UI is updated with results while the command runs and does not have to wait until the task completes. Excellent work by @ocervell
- Pwndb is now replaced by h8mail. @ocervell
- Group Scan Results: reNgine-ng 2.0 allows to group of subdomains based on similar page titles and HTTP status, and also vulnerability grouping based on the same vulnerability title and severity.
- Added Support for Nmap: reNgine-ng 2.0 allows to run Nmap scripts and vuln scans on ports found by Naabu. @ocervell
- Added support for Shared Scan Variables in Scan Engine Configuration:
-
enable_http_crawl
: (true/false) You can disable it to be more stealthy or focus on something different than HTTP -
timeout
: set timeout for all tasks -
rate_limit
: set rate limit for all tasks -
retries
: set retries for all tasks -
custom_header
: set the custom header for all tasks
-
- Added Dalfox for XSS Vulnerability Scan
- Added CRLFuzz for CRLF Vulnerability Scan
- Added S3Scanner for scanning misconfigured S3 buckets
- Improve OSINT Dork results, now detects admin panels, login pages and dashboards
- Added Custom Dorks
- Improved UI for vulnerability results, clicking on each vulnerability will open up a sidebar with vulnerability details.
- Added HTTP Request and Response in vulnerability Results
- Under Admin Settings, added an option to allow add/remove/deactivate additional users
- Added Option to Preview Scan Report instead of forcing to download
- Added Katana for crawling and spidering URLs
- Added Netlas for Whois and subdomain gathering
- Added TLSX for subdomain gathering
- Added CTFR for subdomain gathering
- Added historical IP in whois section
- Added Pagination on Large datatables such as subdomains, endpoints, vulnerabilities etc #949 @psyray
Fixes
- GF patterns do not run on 404 endpoints (#574 closed)
- Fixes for retrieving whois data (#693 closed)
- Related/Associated Domains in Whois section is now fixed
- Fixed missing lightbox css & js on target screenshot page #947 #948 @psyray
- Issue in Port-scan: int object is not subscriptable Fixed #939, #938 @AnonymousWP
Removed
- Removed pwndb and tor related to it.
- Removed tor for pwndb
Release Date: March 2, 2023
- Fixed installation errors. Fixed #824, #823, #816, #809, #803, #801, #798, #797, #794, #791 .
Release Date: December 29, 2022
- Fixed #769, #768, #766, #761, Thanks to, @bin-maker, @carsonchan12345, @paweloque, @opabravo
Release Date: November 16, 2022
- Fixed #748 , #743 , #738, #739
Release Date: October 9, 2022
- Fixed #723, Upgraded Go to 1.18.2
Release Date: August 20, 2022
- Fixed #683 For Filtering GF tags
- Fixed #669 Where Directory UI had to be collapsed
Release Date: August 12, 2022
- Fix for #643 Downloading issue for Subdomain and Endpoints
- Fix for #627 Too many Targets causes issues while loading datatable
- Fix version Numbering issue
Release Date: July 19, 2022
- Added Geographic Distribution of Assets Map
- Fixed WHOIS Provider Changed
- Fixed Dark UI Issues
- Fixed HTTPX Issue
Release Date: May 27, 2022
Added
- Naabu Exclude CDN Port Scanning
- Added WAF Detection
Fixes
- Fix #630 Character Name too Long Issue
- [Security] Fixed several instances of Command Injections, CVE-2022-28995, CVE-2022-1813
- Hakrawler Fixed - #623
- Fixed XSS on Hackerone report via Markdown
- Fixed XSS on Import Target using malicious filename
- Stop Scan Fixed #561
- Fix installation issue due to missing curl
- Updated docker-compose version
Release Date: Apr 24, 2022
-
Redeigned UI
-
Added Subscan Feature
Subscan allows further scanning any subdomains. Assume from a normal recon process you identified a subdomain that you wish to do port scan. Earlier, you had to add that subdomain as a target. Now you can just select the subdomain and initiate subscan.
-
Ability to Download reconnaissance or vulnerability report
-
Added option to customize report, customization includes the look and feel of report, executive summary etc.
-
Add IP Address from IP
-
WHOIS Addition on Detail Scan and fetch whois automatically on Adding Single Targets
-
Universal Search Box
-
Addition of Quick Add menus
-
Added ToolBox Feature
ToolBox will feature most commonly used recon tools. One can use these tools to identify whois, CMSDetection etc without adding targets. Currently, Whois, CMSDetector and CVE ID lookup is supported. More tools to follow up.
-
Notify New Releases on reNgine-ng if available
-
Tools Arsenal Section to feature preinstalled and custom tools
-
Ability to Update preinstalled tools from Tools Arsenal Section
-
Ability to download/add custom tools
-
Added option for Custom Header on Scan Engine
-
Added CVE_ID, CWE_ID, CVSS Score, CVSS Metrics on Vulnerability Section, this also includes lookup using cve_id, cwe_id, cvss_score etc
-
Added curl command and references on Vulnerability Section
-
Added Columns Filtering Option on Subdomain, Vulnerability and Endpoints Tables
-
Added Error Handling for Failed Scans, reason for failure scan will be displayed
-
Added Related Domains using WHOIS
-
Added Related TLDs
-
Added HTTP Status Breakdown Widget
-
Added CMS Detector
-
Updated Visualization
-
Option to Download Selected Subdomains
-
Added additional Nuclei Templates from https://github.com/geeknik/the-nuclei-templates
-
Added SSRF check from Nagli Nuclei Template
-
Added option to fetch CVE_ID details
-
Added option to Delete Multiple Scans
-
Added ffuf as Directory and Files fuzzer
-
Added widgets such as Most vulnerable Targets, Most Common Vulnerabilities, Most Common CVE IDs, Most Common CWE IDs, Most Common Vulnerability Tags
Release Date: Aug 29, 2021
Changelog
- Fixed #482 Endpoints and Vulnerability Datatable were showing results of other targets due to the scan_id parameter
- Fixed #479 where the scan was failing due to recent httpx release, change was in the JSON output
- Fixed #476 where users were unable to click on Clocked Scan (Reported only on Firefox)
- Fixed #442 where an extra slash was added in Directory URLs
- Fixed #337 where users were unable to link custom wordlist
- Fixed #436 Checkbox in Notification Settings were not working due to same name attribute, now fixed
- Fixed #439 Hakrawler crashed if the deep mode was activated due to -plain flag
- Fixed #437 If Out of Scope subdomains were supplied, the scan was failing due to None value
- Fixed #424 Multiple Targets couldn't be scanned
Improvements
- Enhanced install script, check for if docker is running service or not #468
Security
- Fixed Cross Site Scripting
- Fixed Cross Site Scripting reported on Huntr #478 https://www.huntr.dev/bounties/ac07ae2a-1335-4dca-8d55-64adf720bafb/
Release Date: Aug 15, 2021
After several months of work, I am excited to announce reNgine-ng 1.0. In a nutshell, 1.0, is feature-packed with a lot of exciting features that are sure to ease your recon game.
You may watch the trailer here
-
Introducing Dark Mode, a feature you all have been asking for, is finally here.
-
Recon Data visualization
Recon Data visualization is the representation of recon data like subdomain, ips, endpoints, ports, vulnerabilities etc into the visual format like Trees and Charts.
-
Improved correlation among recon data
A considerable amount of effort has been spent on making sure that the correlation between recon data is consistent. With this improved correlation, you will now be able to identify recon data like, how many of the subdomains uses X as technology, how many of the subdomains use X.X.X.X as IP, etc. This also means that you will be able to see the number of vulnerabilities that a subdomain has, right from the subdomain table.
-
Ability to identify Interesting Subdomains.
reNgine-ng uses certain keywords like admin, cpanel, ftp, dashboard to find what is interesting for you. Users will also be able to add their own keywords and choose conditions like, "A subdomain in an interesting subdomain if it matches this keyword but also HTTP status is 200". This allows you to identify what's the most important subdomains to attack against and super useful if you have a very large number of subdomains.
-
Ability to Automatically report Vulnerabilities to Hackerone with customizable vulnerability report.
I am excited about the possibilities of Hackerone api, this feature allows you to automatically report the vulnerability to HackerOne if a Critical or High vulnerability is found. Stay ahead of the game! What's exciting is that you also have an option to edit the vulnerability report. To prevent spamming triagers, I've made sure that only Critical and High vulnerabilities are reported. While you will still have an option to manually report the rest of the vulnerabilities.
-
Introducing OSINT Capabilities
OSINT is one of the most required features in any recon engine, and beginning 1.0, reNgine-ng comes with OSINT capabilities. This includes support for Dorking, Employees, Emails, Leaked Passwords, etc to be searched.
-
Recon Todo
A good recon engine also requires a Todo feature, the idea is that you will be able to recon, add your recon todo or notes right inside reNgine-ng. You will have an option to add todo for your Scan History, for your particular subdomain, or just a TODO! Anything is supported. You can also prioritize by making the Todo important.
-
Proxy Support
Proxies are an integral part of any web scraping. Every website has a limit to the certain number of requests for a certain period of time from a particular IP Address that it will allow, exceeding the limit will block incoming requests from such IP Address for a specific period of time. And this is especially true for Dorking and other OSINT reNgine-ng does. After certain Dorking attempts Google is likely to ban your IP for a certain period of time. So using a proxy was a must. Introducing proxy support for reNgine-ng, you will have an option to add hundreds of proxies, and reNgine-ng will pick one of them randomly during the scan.
-
GF support
GF is an awesome tool for pattern matching in URLs! A lot of fellow hackers wanted GF support in reNgine-ng. We now bring GF support with an option to upload your own custom GF template.
-
Screenshot Gallery with Filters
This probably was the most requested feature in reNgine-ng. A recon engine is incomplete without a screenshot gallery. I am also excited to let you know that, the screenshot gallery also comes with filters, you will have an option to add filters like HTTP status, IP Address, Port, Services, and Technology. And, filters will also come with an autosuggestion feature.
-
Powerful recon data filtering with auto-suggestions
Recon data filtering was one of the most important features in reNgine-ng, recon data is huge, and we do not want you to get lost, or spend a lot of time looking for the right recon data. So, presenting you, recon data filtering with autosuggestions. You will now be able to see a search bar in Subdomains Table, URLs, Vulnerabilities Table which will auto-suggest the col names. You can combine multiple queries using &, |, etc.
[!NOTE]
`gf_patterns=lfi&http_status=200&content_length>0`
The possibilities are endless...
-
Recon Data changes, finds new/removed subdomains/endpoints
reNgine-ng will now compare your last two scans to find out the recon data changes. You will have an option to send the changes to your notification channels as well. Super helpful while doing continuous monitoring on a target. Inside the scan dashboard, you will now see a separate section for Recon Data changes, which will identify any added or removed subdomains or endpoints.
-
Tagging of targets into Organization
There are times when you wish to perform a scan for all the targets that belong to an organization. reNgine-ng 1.0 allows you to tag multiple targets to an organization and initiate or schedule scans with one click.
-
Support for custom GF patterns and Nuclei Templates
While nuclei was a part of the earlier release, but there wasn't any easy way to upload your custom nuclei templates. Now, you will have an option to add your custom GF or Nuclei templates right from the UI. You will also have an option to view the template.
-
Support for editing tool-related configuration files (Nuclei, Subfinder, Naabu, amass)
Tools like Nuclei, Subfinder uses configuration files to pass API keys and certain tool-related settings. We now bring an option to directly edit tool-related configuration files right from reNgine-ng UI. This means you will also be able to view them.
-
Option to Mark Subdomains as important
This is a tiny little feature that will allow you to mark any subdomain as important! Watch out for a star icon on the subdomains table, you'll be able to mark them as important.
-
Separate tab for Directory scan results
It is true that directory scan results were breaking the subdomains table, from a UX perspective, it was not a really good idea to show everything in the subdomains table. So, a new tab has been added just for directory scan results.
-
Option to Import and Export Subdomains and export endpoints
Interoperability is something every recon tool needs, and reNgine-ng is no different. You will now be able to import subdomains from your private recon tools to any scan before you initiate. You will see this option to import the subdomain just after you choose the scan engine. In the same section, you will also see an option to exclude subdomains.
We also now allow you to download subdomains, or just download subdomains marked as important, or just download subdomains that are interesting. This also applies to endpoints, you can download all endpoints, just download any endpoints that have certain GF patterns matched.
-
Clean your scan results and screenshots
I understand most of you run reNgine-ng on your VPS, and it is very understandable that you wish to clean scan results, screenshots to save up some space. reNgine-ng now allows you to clean up your scan data and/or screenshots.
-
Enhanced and Customizable Scan alert with support for Slack, Discord & Telegram, also send recon data directly to Discord
Notification in the earlier version of reNgine-ng was not very efficient, and support was only for slack. reNgine-ng 1.0 comes with support for Slack, Discord, and Telegram. You will also have an option to customize what kind of notification to be sent, only want vulnerability-related notifications? You can choose that, only want subdomains changes? You can choose them as well. You also have an option to upload these scan data directly to your discord.
-
You can view the complete changelog here: https://github.com/yogeshojha/rengine/blob/master/CHANGELOG.md
There are a lot more tiny improvements that I worked on for several months that are sure to give you a better experience, and let you stay ahead in the recon game! I really appreciate any feedback and suggestions.
Release Date: Feb 25 2021
- Build error for Naabu v2 Fixed
- Added rate support for Naabu
Release Date: Feb 23 2021
Release Date: Feb 19 2021
Features
- Added Discord Support for Notification Web hooks
Release Date: 29 Nov 2020
-
Nuclei Integration: v0.5 is primarily focused on vulnerability scanner using Nuclei. This was a long pending due and we've finally integrated it.
-
Powerful search queries across endpoints, subdomains and vulnerability scan results: reNgine-ng reconnaissance data can now be queried using operators like <,>,&,| and !, namely greater than, less than, and, or, and not. This is extremely useful in querying the recon data. More details can be found at Instructions to perform Queries on Recon data
-
Out of scope options: Many of you have been asking for out of scope option. Thanks to Valerio Brussani for his pull request which made it possible for out of scope options. Please check the documentation on how to define out of scope options.
-
Official Documentation(WIP): We often get asked on how to use reNgine-ng. For long, we had no official documentation. Finally, I've worked on it and we have the official documentation at rengine.wiki
The documentation is divided into two parts, for Developers and for Penetration Testers. For developers, it's a work in progress. I will keep you all updated throughout the process.
-
Redefined Dashboard: We've also made some changes in the Dashboard. The additions include vulnerability scan results, most vulnerable targets, most common vulnerabilities.
-
Global Search: This feature has been one of the most requested features for reNgine-ng. Now you can search all the subdomains, endpoints, and vulnerabilities.
-
OneForAll Support: reNgine-ng now supports OneForAll for subdomain discovery, it is currently in beta. I am working on how to integrate OneForAll APIKeys and Configuration files.
-
Configuration Support for subfinder: You will now have ability to add configurations for subfinder as well.
-
Timeout option for aquatone: We added timeout options in yaml configuration as a lot of screenshots were missing. You can now define timeout for http, scan and screenshots for timeout in milliseconds.
-
Design Changes A lot of design changes has happened in reNgine-ng. Some of which are:
-
Endpoints Results and Vulnerability Scan Results are now displayed as a separate page, this is to separate the results and decrease the page load time.
-
Checkbox next to Subdomains and Vulnerability report list to change the status, this allows you to mark all subdomains and vulnerabilities that you've already completed working on.
-
Sometimes due to timeout, aquatone was skipping the screenshots and due to that, navigations between screenshots was little annoying. We have fixed it as well.
-
Ability to delete multiple targets and initiate multiple scans.
-
Subdomain Takeover (Removed): As we decided to use Nuclei for Vulnerability Scanner, and also, since Subjack wasn't giving enough results, I decided to remove Subjack. The subdomain Takeover will now be part of Nuclei Vulnerability Scanner.
Release Date: 2020-10-08
Features
- Background tasks migrated to Celery and redis
- Periodic and clocked scan added
- Ability to Stop and delete the scan
- CNAME and IP address added on detail scan
- Content type added on Endpoints section
- Ability to initiate multiple scans at a time
Release Date: 2020-07-21
Features
- YAML based Customization Engine
- Ability to add wordlists
- Login Feature
Release Date: 2020-07-11
Features
- Directory Search Enabled
- Fetch URLS using hakrawler
- Subdomain takeover using Subjack
- Add Bulk urls
- Delete Scan functionality
Fix
- Windows Installation issue fixed
- Scrollbar Issue on small screens fixed
Release Date: 2020-07-08
reNgine-ng is released
- Home - Introduction to reNgine-ng with workflows and features
- Installation - Install reNgine-ng in different ways
- Usage - Common usage and best practices
- Backup-Restore - Backup and restore reNgine-ng easily
- Dependencies - Information about used third-party libraries and tools
- Security - Security best practices and reporting issues
- Support - Troubleshooting guide and common issues
- Changelog - Complete changelog
- Community - Get help on social networks
- Contributing - How to contribute to the project
- Presentations - Materials regarding reNgine presented at conferences
- Screenshots - Collection of screenshots demonstrating features