ReNgine is a very complete recon tool that can be very helpful to centralize all your recon in one site.

Its main website defines it as: «The only web application recon tool you will ever need!«

Currently is capable of performing:

• Subdomain Discovery
• Vulnerability Detection
• IPs and Open Ports Identification
• Directory and files fuzzing
• Screenshot Gathering
• Endpoints Gathering
• OSINT

Although reNgine can be installed in a local machine, it is recommended to be installed in a VPS.

Here, I will show how I installed it in a Digital Ocean VPS.

According to the documentation the recommended specifications for the VPS droplet are:

• Minimum: 80GB NVMe, 4GB RAM and 2 CPU.
• Recommended 160GB, 8GB RAM and 4 CPU.

Taking into account that if lower specs are used, the performance of the app will be noted.
(According to my tests no less than 2 GB RAM should be used)

The installation is pretty straightforward.
(This installation will be based on a 2 GB RAM droplet)

A more detailed documetation can be found here. https://rengine.wiki/install/quick/

Installation

$ ssh root@vps_ip
$ git clone https://github.com/yogeshojha/rengine && cd rengine

Cloning into 'rengine'...
remote: Enumerating objects: 18878, done.
remote: Counting objects: 100% (1627/1627), done.
remote: Compressing objects: 100% (794/794), done.
remote: Total 18878 (delta 892), reused 1535 (delta 813), pack-reused 17251
Receiving objects: 100% (18878/18878), 251.88 MiB | 27.65 MiB/s, done.
Resolving deltas: 100% (11952/11952), done.

Edit the configuration file .env according to your needs:

• SSL specific configuration
• Database configurations
• Celery CONCURRENCY Autoscaling

At least you should modify the Postgres DB password and the concurrency value.
On a 2 GB RAM droplet I used:

MIN_CONCURRENCY=5
MAX_CONCURRENCY=10

$ sudo ./install.sh

This script will install automatically all dependencies required by reNgine.

root@ubuntu-rengine:~/rengine# ./install.sh

          _   _       _              _   _
 _ __ ___| \ | | __ _(_)_ __   ___  / | / |
| '__/ _ \  \| |/ _` | | '_ \ / _ \ | | | |
| | |  __/ |\  | (_| | | | | |  __/ | |_| |
|_|  \___|_| \_|\__, |_|_| |_|\___| |_(_)_|
                |___/
Before running this script, please make sure Docker is running and you have made changes to .env file.
Changing the postgres username & password from .env is highly recommended.
Are you sure, you made changes to .env file (y/n)? y
Continiuing Installation!

#########################################################################
Please note that, this installation script is only intended for Linux
For Mac and Windows, refer to the official guide https://rengine.wiki
#########################################################################

Installing reNgine and it's dependencies
...

reNgine is installed!!!

#########################################################################
Creating an account
#########################################################################
COMPOSE_DOCKER_CLI_BUILD=1 docker-compose -f docker-compose.yml exec web python3 manage.py createsuperuser
          _   _       _              _   _
 _ __ ___| \ | | __ _(_)_ __   ___  / | / |
| '__/ _ \  \| |/ _` | | '_ \ / _ \ | | | |
| | |  __/ |\  | (_| | | | | |  __/ | |_| |
|_|  \___|_| \_|\__, |_|_| |_|\___| |_(_)_|
                |___/


You have 29 unapplied migration(s). Your project may not work properly until you apply the migrations for app(s): startScan, targetApp.
Run 'python manage.py migrate' to apply them.
Username (leave blank to use 'root'): 
Email address: 
Password:
Password (again):
Superuser created successfully.
Thank you for installing reNgine, happy recon!!
root@ubuntu-rengine:~/rengine#

Now if you go to https://vps_ip,

Note:

When I finished the installation I got this message:

«You have 29 unapplied migration(s). Your project may not work properly until you apply the migrations for app(s): startScan, targetApp.
Run ‘python manage.py migrate’ to apply them.»

Initially, I tried to heed that message and tried to test the application by scanning some targets but none worked fine. All scans I started were stuck at «Pending» status.

At that point, I started to search for more information and I didn’t find out much info about that issue in the reNgine documentation.

When I ran the command suggested by the installation script I got this error message:

root@ubuntu-rengine:~/rengine/web# python3 manage.py migrate

          _   _       _              _   _
 _ __ ___| \ | | __ _(_)_ __   ___  / | / |
| '__/ _ \  \| |/ _` | | '_ \ / _ \ | | | |
| | |  __/ |\  | (_| | | | | |  __/ | |_| |
|_|  \___|_| \_|\__, |_|_| |_|\___| |_(_)_|
                |___/

Traceback (most recent call last):
  File "/root/rengine/web/manage.py", line 14, in main
    from django.core.management import execute_from_command_line
ModuleNotFoundError: No module named 'django'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/root/rengine/web/manage.py", line 25, in <module>
    main()
  File "/root/rengine/web/manage.py", line 16, in main
    raise ImportError(
ImportError: Couldn't import Django. Are you sure it's installed and available on your PYTHONPATH environment variable? Did you forget to activate a virtual environment?

After some more investigation on how reNgine works, I tried this:

root@ubuntu-rengine:~/rengine# docker-compose -f docker-compose.yml exec web python3 manage.py migrate

          _   _       _              _   _
 _ __ ___| \ | | __ _(_)_ __   ___  / | / |
| '__/ _ \  \| |/ _` | | '_ \ / _ \ | | | |
| | |  __/ |\  | (_| | | | | |  __/ | |_| |
|_|  \___|_| \_|\__, |_|_| |_|\___| |_(_)_|
                |___/

Operations to perform:
  Apply all migrations: admin, auth, contenttypes, dashboard, django_celery_beat, recon_note, scanEngine, sessions, startScan, targetApp
Running migrations:
  No migrations to apply.

Usage

For a detailed documentation about reNgine usage you can go to
https://rengine.wiki/usage/

In short:

• Add a target

• Initiate a scan

• Configure your scan

• Start the scan

After the scan is finished you can check the results from the Scan History.

Useful CLI commands

make up --> Build and start all services.
make username --> Generate Username (Use only after make up).
make down --> Down all services.
make stop --> Stop all services.
make restart --> Restart all services.
make logs --> Tail all logs with -n 1000.

Update

Quick update:
full update details + update documentation can be found here.

make down && git pull && make build && make up

Backup

More backup information can be found here.

Backup database

sudo docker exec -t rengine_db_1 pg_dumpall -c -U {DB_USER} > rengine_dump_.sql

Restore reNgine

sudo docker stop rengine_web_1
sudo docker exec -i rengine_db_1 psql -U {DB_USER} postgres -c "DROP DATABASE rengine;"
sudo docker exec -i rengine_db_1 psql -U {DB_USER} postgres -c "CREATE DATABASE rengine;"
cat {/path/to/rengine_dump_.sql} | sudo docker exec -i rengine_db_1 psql -U {DB_USER} -d rengine

reNgine has many more configurations and options that will boost its performance and utility.
One of these options is the notifications.

It is capable of sending notifications from the scans to different apps. (Slack, Discord and Telegram)
In this case, I tried the Telegram option out even though the reNgine documentation recommends using Discord.
That could be done in a further blog post.

It was my first attempt at creating a Telegram bot, so I used the link suggested by the documentation.

Create a Telegram bot using BotFather and Get the Api Token

After following that documentation I still had some doubts about what was the «Bot Chat ID» I needed.
After some more Googling, I found this other resource that helped me in that topic.

After setting up Bot token and Bot Chat ID values, rengine will send to your Telegram a test message to confirm everything works fine.

From this point there is just one remaining thing to do….start to scan and scan. 🙂

Happy hunting!

recon reNgine tools