What's New in reNgine 2.2.0¶
Upgrade Now
reNgine 2.2.0 introduces several exciting features and improvements to enhance your reconnaissance and vulnerability management capabilities. This update focuses on streamlining bug bounty program management, improving subdomain discovery, and enhancing overall user experience.
Introducing Bounty Hub: your central place to manage and import your bug bounty programs¶
Bounty Hub is a central platform for managing and importing bug bounty programs within reNgine. Here's what you can expect:
HackerOne Integration
-
Import HackerOne bug bounty programs directly into reNgine
-
Hackerone Programs are imported as Organizations
-
All in-scope domains, IPs, and URLs are automatically added as targets, Out of scope domains, IPs, and URLs will be skipped.
Sync Bookmarked Programs
You can also sync your hackerone bookmarked programs directly to reNgine. This will allow continous sync between your hackerone programs and reNgine
- One-click import of all your bookmarked HackerOne programs
Future Expansions
- Integration with Intigriti planned for upcoming versions
Bounty Hub Dashboard and programs
Individual Programs
All Imported/Synced Programs will appear as Organizations and all domains/IPs/URLs will be under targets
Introducing reNgine's Built-in Notification System¶
A new notification system keeps you informed about important events within reNgine.
When you login to reNgine's dashboard, you will be able to see the bell icon. You will receive all scan related notifications, system updates etc via this Notification!
As of now you will receive realtime notifications related to:
- reNgine updates
- New features
- Scan related notifications such as scan initiated, scan completed etc and their status
- Other Notification such as hackerone program imports etc.
Enhanced Subdomain Discovery with Chaos¶
Leverage the Chaos project's extensive dataset to uncover more subdomains, thereby significantly expanding your attack surface discovery.
Usage of chaos during subdomain enumeration will allow you access to billions of subdomains from Chaos Project's dataset.
Integration with existing subdomain enumeration tools is easy, you will just have to use chaos
as one of the tools in scan engine configuration under subdomain_discovery
How to use
API Key
Chaos requires you to have an api key from project discovery: https://cloud.projectdiscovery.io/
You will need to add this API key in API VAULT inside reNgine
Add chaos
in your scan engine configuration, you are all set to use Chaos!
subdomain_discovery: {
'uses_tools': ['subfinder', 'chaos'],
'enable_http_crawl': true,
'threads': 30,
'timeout': 5,
# other configs as usual
}
Introducing User Preference: Bug Bounty Mode¶
Bug Bounty Mode is a new User preference that will be available in reNgine 2.2.0 This allows non bug bounty users to keep bounty related features hidden. For example, if you are using reNgine for other purpose than bug bounty, you will not need hackerone reporting, bounty hub etc. During the onboarding you will be asked if you wish to enable bug bounty mode, however this can be changed later from dashboard.
** Enabling and disabling Bug Bounty Mode**
More such user preference will be available in the future version of reNgine that will allow you to tailor reNgine according to your use case.
Introducing Path Exclusion¶
with reNgine 2.2.0 you can now add path exclusions, for example /css
if provided as path exclusion to reNgine, it will not include any subdirectories or files while performing any scan.
You will see this option while you initiate scan on the target.
For example:
This allows you to enter paths or regex patterns to exclude from the scan. It Supports both exact path matching and regex patterns. Examples:
/admin
excludes paths starting with'/admin'
/images/.*\.jpg
excludes all .jpg files in the images directory/static/(?:css|js)/
excludes all contents of/static/css/
and/static/js/
Additional PDF Report Templates¶
We have added a new PDF report template for reNgine. Now you can download a fresh PDF report that is visually appealing with various charts.
Modal to generate PDF report has also been updated.
Modern Report New updated look of PDF report.
Regex support in Out of scope Subdomains¶
Regex support is now available in Out of scope subdomains.
Stop All Scans Killswitch¶
This feature will allow you to stop all running scans at once. You will find a new button called Stop Multiple Scans in scan history, this will allow you to stop all or multiple running scans.
Smart Rescans¶
While performing rescans, all the scan configurations such as out of scope subdomains, path, engine etc will be automatically imported and applied.
Improved Start Scan UI¶
You will now be able to run multiple scans, multiple organizations etc with same configuration. For example earlier it was not possible to use out of scope subdomains in multiple scans, or even organization scans, with reNgine 2.2.0 you will have more consistency in start scan UI.
Support for Multiple nuclei and gf pattern upload¶
reNgine now supports bulk uploads for nuclei and gf patterns.
API Key Protection¶
API keys are now masked in the settings view.
Other Performance Optimization¶
- Removed watchmedo usage in production for reduced overhead
- Removed external IP display from the web UI
- Automatic versioning implemented using GitHub Release Tags
- Clear changelog and update notifications within the application
Feedback Welcome
We value your input! If you have suggestions, encounter issues, or want to contribute, please visit our GitHub repository. Your feedback helps us continually improve reNgine.
We hope these new features and improvements significantly enhance your reconnaissance and vulnerability management capabilities.
(AI language models were used to write some parts of this section)