reNgine - More than just a recon!

reNgine - More than just a recon!

๐Ÿ“… [ Archival Date ]
Jun 10, 2022 3:11 PM
โš ๏ธ [ ORIGIN SOURCE ]
๐Ÿท๏ธ [ Tags ]

Reconnaissance like no other!

reNgine performs deeper reconnaissance via highly configurable and streamlined pipeline process. Currently capable of performing Subdomain Discovery, Vulnerability Detection, IPs and Open Ports Identification, Directory and files fuzzing, Screenshot Gathering, Endpoints Gathering, and OSINT.

Support for Subscans!

reNgine is the only open-source tool to support subcans. You no longer need to wait for the entire pipeline to complete. Found an interesting subdomain and want to do port scan? Or found a interesting subdomain and want to further perform Vulnerability Scan and Port Scan? We gotchu!

Configurable Scan Engines!

Reconnaissance pipeline has to be configurable! And reNgine comes with highly configurable YAML based scan engines that allows you to design scan engine based on your preference. Only need Vulnerability Scanning? or just need Subdomain Discovery with 10 threads? We got you covered.

Continuous Monitoring

With support for Clocked Scans (Run reconnaissance exactly at X Hours and Y minutes) and Periodic Scans (Runs reconnaissance every X minutes/hours/days/week), continous monitoring will help you monitor your assets, both reconnaissance and vulnerabilities.

Tools Arsenal

Don't like our subdomain discovery tools? Wish to install any external tools? reNgine supports tools of your choice, update them, add them or remove simply from Tools Arsenal section.

Report Generation

Reports are an integral part of most VAPT process and reNgine comes with highly customizable PDF reports. Choose either Full Scan Report or just Reconnaissance Report or just Vulnerability Scan report. We have it! Configure executive summary, colors and much more!

Powerful Recon filtering!

reNgine supports advanced recon lookup queries such as name=admin&http_status=200 or cve_id=CVE-1234-5678! Combine multiple queries with operators such as &,| etc.

Recon data changes!

reNgine can also identify recon data changes. If any new vulnerabilities has been identified, or any subdomain no longer found, reNgine can detect the changes. reNgine can also send recon data changes notifications on your favourite notification channels.

Customizable Alerts!

Send scan related notifications on your favourite channel such as Discord, Slack or Telegram.


reNgine is a web application reconnaissance suite with focus on highly configurable streamlined recon process via Engines, recon data correlation, continuous monitoring, recon data backed by database and simple yet intuitive User Interface.

reNgine makes it easy for penetration testers and security auditors to gather reconnaissance data with minimal configuration.

reNgine just makes recon effortless.


reNgine is a web application reconnaissance suite with a focus on a highly configurable streamlined recon process. reNgine is backed by a database, with data correlation and organization, the custom query โ€œlikeโ€ language for recon data filtering, reNgine aims to address the shortcomings of traditional recon workflow.

Developers behind the reNgine understand that recon data can be huge, manually looking up for entries to attack could be cumbersome, with features like identifying Interesting Subdomains, it helps penetration testers focus on attack rather than recon.

reNgine is also focused on continuous monitoring. Penetration testers can choose to schedule the scan at periodic intervals, get notified on notification channels like Discord, Slack, and Telegram for any new subdomains or vulnerabilities identified, or any recon data changes.

Interoperability is something every recon tool needs, and reNgine is no different. Beginning reNgine 1.0, we additionally developed features such as import and export subdomains, endpoints, GF pattern matched endpoints, etc. This will allow you to use your favourite recon workflow in conjunction with reNgine.

PDF reports are something every individual or a team needs. Beginning reNgine 1.1, reNgine also comes with option to download PDF reports. One can also choose the type of report, Full Scan Report or just reconnaissance report. Also, we understand that PDF reports needs to be customizable. Choose the color of report you like, customize the executive summary, etc.

reNgine features Highly configurable scan engines based on YAML, that allows penetration testers to create as many recon engines as they want of their choice, configure as they wish, and use it against any targets for the scan. These engines allow penetration testers to use tools of their choice, the configuration of their choice. Out of the box, reNgine comes with several scan engines like Full Scan, Passive Scan, Screenshot gathering, OSINT Engine, etc.

Our focus has always been on finding the right recon data with very minimal effort. After having several discussions with fellow hackers/pentesters, screenshots gallery was a must, reNgine also comes with a screenshot gallery, and what's exciting than having a screenshot gallery with filters, filter screenshots with HTTP status, technology, ports, and services.

We also want our fellow hackers to stay ahead of the game, reNgine also comes with automatic vulnerability reporting (currently only Hackerone is supported, other platforms may come soon). This allows hackers to define their own vulnerability report template and reNgine will do the rest of the job to report vulnerability as soon as it is identified.

โญ Features

reNgine is packed with features that no any open other source tool provides. Here are some list of cool features supported by reNgine:

  • Reconnaissance: Subdomain Discovery, IP and Open Ports Identification, Endpoints Discovery, Directory and Files fuzzing, Screenshot gathering, Vulnerability scan using Nuclei, WHOIS Identification etc.
  • Highly configurable YAML based Scan Engines
  • Support for Parallel Scans and Subscans
  • Automatically report Vulnerabilities to Hackerone
  • Recon Data visualization
  • OSINT Capabilities (Metainfo Gathering, Employees Gathering, Email Address with option to look password in leaked database, dorks etc)
  • Customizable Alerts/Notification on Slack, Discord and Telegram
  • Perform Advanced Query lookup using natural language alike and, or, not operations
  • Recon Notes and Todos
  • Clocked Scans (Run reconnaissance exactly at X Hours and Y minutes) and Periodic Scans (Runs reconnaissance every X minutes/hours/days/week)
  • Proxy Support
  • Screenshot Gallery with Filters
  • Powerful recon data filtering with auto suggestions
  • Recon Data changes, finds new/removed subdomains/endpoints
  • Tag targets into Organization
  • Identify Interesting Subdomains
  • Custom GF patterns and custom Nuclei Templates
  • Edit tool related configuration files (Nuclei, Subfinder, Naabu, amass)
  • Add external tools from Github/Go
  • Interoperable with other tools, Import/Export Subdomains/Endpoints
  • Import Targets via IP and/or CIDRs
  • Report Generation
  • Toolbox : Comes bundled with most commonly used tools such as whois lookup, CMS detector, CVE lookup etc.
  • Identification of related domains and related TLDs for targets
  • Find actionable insights such as Most Common Vulnerability, Most Common CVE ID, Most Vulnerable Target/Subdomain etc.

๐Ÿš€ Getting Started

โšก Usage Guide

If have already installed reNgine, and want to learn how to use, head to โšก Usage.

๐Ÿ’ป Developer's Guide

If you wish to add new features or want to contribute to reNgine, head to Developer's Guide

๐Ÿ™‹ Need Help

If โšก Usage documentation is not sufficient, and you still need help, head to ๐Ÿ’ Discord section. This section contains instructions on how to join reNgine discord server.

๐Ÿ“น Community published blogs/videos

Community may have published blogs/videos on your own language. Please check the community published blogs/videos here.

๐Ÿ›ก๏ธ Reporting Security Issues

If you have found any security issues on reNgine, we recommend reporting them immediately. reNgine also has it's bug bounty program and is your chance to get paid for security issues.

Guide on How to report security issues is available.

๐Ÿค– Changelogs

If you want to know the latest changes in reNgine, head to ๐Ÿค– Changelog.

There are many other great reconnaissance framework, you may use reNgine in conjunction with these tools. But, they themselves are great, and may sometimes even produce better results than reNgine.


Over the last few years I have been working insane on reNgine to bring new features with the only goal to make this as De-facto standard for reconnaissance. Most of my out of office hours and weeknds are spent on working on reNgine. I do this with addition to my primary job. I am happy to have received such an overwhelming support from community. But to keep this project alive, I am seeking financial support.

It takes a considerable amount of time to add new features and make sure everything is working. A donation is your way saying: reNgine is awesome

Any support is greatly appreciated! Thank you!


reNgine is licensed under the GNU General Public License v3.0