Recon framework presents the results of website and endpoint scans in a single window

ReNgine: Open source recon tool automates intel-gathering process for pen testers

Security teams working with web applications now have access to an open source reconnaissance tool for enumeration and to help run penetration tests.

ReNgine is a reconnaissance framework that works with other open source tools to scan domains, list endpoints, and search directories.

Offensive security professionals can use the tool to create a pipeline that pulls together more complex queries from scan engines and present the results in a single window.

The tool’s developer is Yogesh Ojha, a pen tester working on web and mobile applications. His goal is to automate some of the more time consuming research tasks, as well as bringing open source recon tools together.

“The first version of ReNgine had very limited functionality and was restricted to only basic reconnaissance,” Ojha told The Daily Swig.

“Over the period, we brought in several features like customizable scan engines, a YAML-based configuration engine, and custom wordlists. We also integrated several other open source tools to improve the process.”

ReNgine upgrade

According to Ojha, ReNgine has been well received by the security community, gaining over 1,000 stars on its GitHub repository.

He is now working to integrate vulnerability scans from Nuclei by Projectdiscovery.

This, he says, will make ReNgine “the all-in-one solution for discovering low-hanging fruit and reconnaissance for web application penetration testing”.

Other recent upgrades to ReNgine include periodic, and scheduled, scans. The tool also offers thread-based scans in its task queue, using Celery and Redis. This, Ojha says, allows for real-time processing.

Read more of the latest open source software security news

“There are several open source recon tools in the market,” he added. “What sets ReNgine apart from the other tools is the easy to use web interface, ability to customize the scan engines according to the targets, the UI/UX, and easy integration on VPS with minimal setup.

“The user interface and how the recon results are displayed are what loved by most of our users.”

Other pen testers welcomed the tool’s development.

“The tool is a framework to allow for basic enumeration and to assist penetration testers in mapping out an attack surface against a target,” Jed Kafetz, senior security consultant at security firm Redscan told The Daily Swig.

“The tool looks highly configurable with the YAML-based configuration and presents data in a simple and clear to use way, whilst keeping a copy of the RAW data files.”

And the open source nature of ReNgine adds to user confidence.

“The source code of the tool is publicly available, which is vital to pen testers, as it enables the code to be checked for malware,” said Kafetz.

READ MORE Latest web hacking tools – Q3 2020

“Typically, a lot of ethical hacking tools are open source, but it is imperative that testers obtain tools from trusted sources, or have the ability to review the code, since running untrusted tools could have severe consequences.”

But reconnaissance, and recon tools, do not always receive the attention they deserve, cautions Stuart Peck, director of cybersecurity strategy at ZeroDayLab, and an open source intelligence (OSINT) expert.

“Recon is an often-overlooked tool,” he told The Daily Swig. “Really good recon will find credentials or developer accounts that are open, or devices giving admin access. It is incredibly valuable way to understand the attack surface of the organization.

“With OSINT you can understand what is happening off a website, understand the context of apps and the potential scope of what you are running and inspect for vulnerabilities in the app. Open source intelligence is the Swiss Army Knife of infosec.”

YOU MIGHT ALSO LIKE Discord desktop app vulnerable to RCE via chained exploit