What's New in reNgine 2.2.0

Introducing Bounty Hub: your central place to manage and import your bug bounty programs

Bounty Hub is a central platform for managing and importing bug bounty programs within reNgine. Here's what you can expect:

HackerOne Integration

• Import HackerOne bug bounty programs directly into reNgine

• Hackerone Programs are imported as Organizations

• All in-scope domains, IPs, and URLs are automatically added as targets, Out of scope domains, IPs, and URLs will be skipped.

Sync Bookmarked Programs

You can also sync your hackerone bookmarked programs directly to reNgine. This will allow continous sync between your hackerone programs and reNgine

• One-click import of all your bookmarked HackerOne programs

Future Expansions

• Integration with Intigriti planned for upcoming versions

Bounty Hub Dashboard and programs

Individual Programs

All Imported/Synced Programs will appear as Organizations and all domains/IPs/URLs will be under targets

Introducing reNgine's Built-in Notification System

A new notification system keeps you informed about important events within reNgine.

When you login to reNgine's dashboard, you will be able to see the bell icon. You will receive all scan related notifications, system updates etc via this Notification!

As of now you will receive realtime notifications related to:

• reNgine updates
• New features
• Scan related notifications such as scan initiated, scan completed etc and their status
• Other Notification such as hackerone program imports etc.

Enhanced Subdomain Discovery with Chaos

Leverage the Chaos project's extensive dataset to uncover more subdomains, thereby significantly expanding your attack surface discovery.

Usage of chaos during subdomain enumeration will allow you access to billions of subdomains from Chaos Project's dataset.
Integration with existing subdomain enumeration tools is easy, you will just have to use chaos as one of the tools in scan engine configuration under subdomain_discovery

How to use

Chaos requires you to have an api key from project discovery: https://cloud.projectdiscovery.io/

You will need to add this API key in API VAULT inside reNgine

Add chaos in your scan engine configuration, you are all set to use Chaos!

subdomain_discovery: {
  'uses_tools': ['subfinder', 'chaos'],
  'enable_http_crawl': true,
  'threads': 30,
  'timeout': 5,
  # other configs as usual
}

Introducing User Preference: Bug Bounty Mode

Bug Bounty Mode is a new User preference that will be available in reNgine 2.2.0 This allows non bug bounty users to keep bounty related features hidden.
For example, if you are using reNgine for other purpose than bug bounty, you will not need hackerone reporting, bounty hub etc.
During the onboarding you will be asked if you wish to enable bug bounty mode, however this can be changed later from dashboard.

** Enabling and disabling Bug Bounty Mode**

More such user preference will be available in the future version of reNgine that will allow you to tailor reNgine according to your use case.

Introducing Path Exclusion

with reNgine 2.2.0 you can now add path exclusions, for example /css if provided as path exclusion to reNgine, it will not include any subdirectories or files while performing any scan.

You will see this option while you initiate scan on the target.

For example:

This allows you to enter paths or regex patterns to exclude from the scan.
It Supports both exact path matching and regex patterns. Examples:

• /admin excludes paths starting with '/admin'
• /images/.*\.jpg excludes all .jpg files in the images directory
• /static/(?:css|js)/ excludes all contents of /static/css/ and /static/js/

Additional PDF Report Templates

We have added a new PDF report template for reNgine. Now you can download a fresh PDF report that is visually appealing with various charts.

Modal to generate PDF report has also been updated.

Modern Report
New updated look of PDF report.

Regex support in Out of scope Subdomains

Regex support is now available in Out of scope subdomains.

Stop All Scans Killswitch

This feature will allow you to stop all running scans at once.
You will find a new button called Stop Multiple Scans in scan history, this will allow you to stop all or multiple running scans.

Smart Rescans

While performing rescans, all the scan configurations such as out of scope subdomains, path, engine etc will be automatically imported and applied.

Improved Start Scan UI

You will now be able to run multiple scans, multiple organizations etc with same configuration. For example earlier it was not possible to use out of scope subdomains in multiple scans, or even organization scans, with reNgine 2.2.0 you will have more consistency in start scan UI.

Support for Multiple nuclei and gf pattern upload

reNgine now supports bulk uploads for nuclei and gf patterns.

API Key Protection

API keys are now masked in the settings view.

Other Performance Optimization

• Removed watchmedo usage in production for reduced overhead
• Removed external IP display from the web UI
• Automatic versioning implemented using GitHub Release Tags
• Clear changelog and update notifications within the application