### Install reNgine via Script
Source: https://context7.com/yogeshojha/rengine/llms.txt
Installs reNgine using a provided script. Requires cloning the repository and configuring environment variables in the .env file, including database passwords and optional admin credentials. The script handles the setup process, and a non-interactive option is available.
```bash
# Clone the repository
git clone https://github.com/yogeshojha/rengine && cd rengine
# Configure environment variables
nano .env
# IMPORTANT: Change POSTGRES_PASSWORD for security
# POSTGRES_PASSWORD=hE2a5@K&9nEY1fzgA6X
# Optional: Set non-interactive admin credentials
# DJANGO_SUPERUSER_USERNAME=rengine
# DJANGO_SUPERUSER_EMAIL=rengine@example.com
# DJANGO_SUPERUSER_PASSWORD=Sm7IJG.IfHAFw9snSKv
# Adjust Celery worker scaling based on available RAM
# 4GB: MAX_CONCURRENCY=10
# 8GB: MAX_CONCURRENCY=30
# 16GB: MAX_CONCURRENCY=50
# MAX_CONCURRENCY=80
# MIN_CONCURRENCY=10
# Run installation script
sudo ./install.sh
# For non-interactive install
sudo ./install.sh -n
# Access reNgine
# https://127.0.0.1 (local) or https://your_vps_ip_address (VPS)
```
--------------------------------
### Run reNgine Installation Script
Source: https://github.com/yogeshojha/rengine/blob/master/README.md
Executes the reNgine installation script. Supports both interactive and non-interactive modes. The non-interactive mode uses the '-n' flag and requires admin credentials to be pre-configured in .env.
```bash
sudo ./install.sh
# For non-interactive install:
sudo ./install.sh -n
```
--------------------------------
### Set Admin Credentials in .env for Non-Interactive Install
Source: https://github.com/yogeshojha/rengine/blob/master/README.md
Configures administrative credentials (username, email, password) directly in the .env file for a non-interactive reNgine installation. This is useful for automated setups.
```bash
DJANGO_SUPERUSER_USERNAME=yourUsername
DJANGO_SUPERUSER_EMAIL=YourMail@example.com
DJANGO_SUPERUSER_PASSWORD=yourStrongPassword
```
--------------------------------
### Advanced Query Language Examples
Source: https://context7.com/yogeshojha/rengine/llms.txt
Examples demonstrating the use of Rengine's advanced query language for filtering scan results and vulnerabilities.
```APIDOC
## Advanced Query Language Examples
### Description
Examples demonstrating the use of Rengine's advanced query language for filtering scan results and vulnerabilities.
### Examples
```bash
# Natural language-like filtering in subdomain search
# Exact match: Find subdomains with HTTP status 200
?search=http_status=200
# Exclusion: Find all except status 404
?search=http_status!=404
# Greater than: Find large responses (> 100KB)
?search=content_length>100000
# Less than: Find quick responses
?search=content_length<5000
# Complex AND operation: Status 200 AND admin in name
?search=http_status=200&name=admin
# Complex OR operation: PHP or Java technology
?search=technology=php|technology=java
# Multiple conditions: Important subdomains with specific tech
?search=is_important=true&technology=wordpress&http_status=200
# Port filtering: Find SSH services
?search=port=22
# Negative pattern: Exclude test subdomains
?search=name!test
# Endpoint filtering with GF patterns
```
```
--------------------------------
### Rengine Advanced Query Language Examples for Filtering
Source: https://context7.com/yogeshojha/rengine/llms.txt
Illustrates advanced filtering capabilities within Rengine's query language, mimicking natural language for searching subdomains. Examples include exact matches, exclusions, range queries (content length), complex AND/OR operations, port filtering, negative patterns, and endpoint filtering using GF patterns.
```bash
# Natural language-like filtering in subdomain search
# Exact match: Find subdomains with HTTP status 200
?search=http_status=200
# Exclusion: Find all except status 404
?search=http_status!404
# Greater than: Find large responses (> 100KB)
?search=content_length>100000
# Less than: Find quick responses
?search=content_length<5000
# Complex AND operation: Status 200 AND admin in name
?search=http_status=200&name=admin
# Complex OR operation: PHP or Java technology
?search=technology=php|technology=java
# Multiple conditions: Important subdomains with specific tech
?search=is_important=true&technology=wordpress&http_status=200
# Port filtering: Find SSH services
?search=port=22
# Negative pattern: Exclude test subdomains
?search=name!test
# Endpoint filtering with GF patterns
```
--------------------------------
### Sync All Bookmarked HackerOne Programs
Source: https://context7.com/yogeshojha/rengine/llms.txt
Synchronizes all bookmarked HackerOne programs with the specified project. This is a GET request that requires an API token for authorization and updates the project with the latest information from bookmarked programs.
```bash
# Sync all bookmarked programs automatically
curl -X GET "https://rengine.example.com/api/hackerone-programs/sync_bookmarked/?project_slug=bug-bounty" \
-H "Authorization: Token YOUR_API_TOKEN"
```
--------------------------------
### Manage reNgine Docker Compose Services
Source: https://context7.com/yogeshojha/rengine/llms.txt
Provides make commands for managing reNgine's Docker services. These include starting, stopping, restarting, viewing logs, creating a superuser, applying migrations, and cleaning up Docker resources. Essential for development and deployment workflows.
```bash
# Start all services
make up
# Builds and starts: db, web, proxy, redis, celery, celery-beat, ollama
# Create superuser (after initial setup)
make username
# Interactive prompt for username, email, password
# View logs with 1000 line tail
make logs
# Restart all services
make restart
# Stop all services without removing containers
make stop
# Stop and remove all containers
make down
# Update reNgine
cd rengine && sudo ./update.sh
# Apply database migrations
make migrate
# Change user password
make changepassword
# Complete cleanup (remove containers and volumes)
make prune
```
--------------------------------
### Initiate Report Modal Setup (JavaScript)
Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/history.html
Configures the 'generateReportModal' to initialize report generation options. It logs input parameters, sets default selections for report type and template, and dynamically enables/disables report type options based on scan availability. It also sets click handlers for generate and preview buttons.
```javascript
function initiate_report(id, has_subdomain_scan, has_vulnerability_scan, domain_name) {
console.log(has_subdomain_scan, has_vulnerability_scan, domain_name);
//select full report type by default
$('input[name="reportType"][value="full"]').prop('checked', true);
$('input[name="excludeInfoFindings"]').prop('checked', true);
$('#templateSelect').val('modern');
$('#generateReportModal').modal('show');
if (has_subdomain_scan) {
$('input[name="reportType"][value="recon"]').prop('disabled', false);
} else {
$('input[name="reportType"][value="recon"]').prop('disabled', true);
}
if (has_vulnerability_scan) {
$('input[name="reportType"][value="vuln"]').prop('disabled', false);
} else {
$('input[name="reportType"][value="vuln"]').prop('disabled', true);
}
$('#generateReportBtn').attr('onClick', `generate_report(${id}, '${domain_name}')`);
$('#previewReportBtn').attr('onClick', `preview_report(${id}, '${domain_name}')`);
}
```
--------------------------------
### Get Bookmarked HackerOne Programs
Source: https://context7.com/yogeshojha/rengine/llms.txt
Retrieves only the HackerOne programs that have been bookmarked. This is useful for quickly accessing a curated list of relevant programs. Requires an API token for authorization.
```bash
# Get bookmarked programs only
curl -X GET "https://rengine.example.com/api/hackerone-programs/bookmarked_programs/" \
-H "Authorization: Token YOUR_API_TOKEN"
```
--------------------------------
### Grant Execution Permissions to install.sh
Source: https://github.com/yogeshojha/rengine/blob/master/README.md
Grants execute permissions to the install.sh script if it's not already executable. This is a prerequisite for running the installation.
```bash
chmod +x install.sh
```
--------------------------------
### Configure .env file for reNgine
Source: https://github.com/yogeshojha/rengine/blob/master/README.md
Edits the .env file to configure environment variables for reNgine. Essential for security by changing the POSTGRES_PASSWORD and optionally setting admin credentials for non-interactive installation.
```bash
nano .env
```
--------------------------------
### Custom Scan Engine Configuration
Source: https://context7.com/yogeshojha/rengine/llms.txt
Example configuration for a custom full reconnaissance engine using YAML format.
```yaml
# Custom Full Reconnaissance Engine
```
--------------------------------
### Python API for Rengine Scan Initiation and Management
Source: https://context7.com/yogeshojha/rengine/llms.txt
Demonstrates how to use the Python requests library to interact with the Rengine API for adding targets, checking scan status, and retrieving vulnerability data. It requires an API token and project slug for authentication and operation. The example workflow illustrates a typical usage pattern.
```python
import requests
import time
# Configuration
RENGINE_URL = "https://rengine.example.com"
API_TOKEN = "your_api_token_here"
PROJECT_SLUG = "project-alpha"
headers = {
"Authorization": f"Token {API_TOKEN}",
"Content-Type": "application/json"
}
# Add target
def add_target(domain):
response = requests.post(
f"{RENGINE_URL}/api/add/target/",
headers=headers,
json={
"domain_name": domain,
"description": "Automated scan target",
"slug": PROJECT_SLUG
}
)
return response.json()
# Initiate scan (via web interface or use startScan.views.start_scan)
# Note: Direct scan initiation requires accessing Django views
# Use the web UI or create custom management command
# Monitor scan status
def check_scan_status(project_slug):
response = requests.get(
f"{RENGINE_URL}/api/scan_status/?project={project_slug}",
headers=headers
)
return response.json()
# Query results
def get_vulnerabilities(project_slug, severity="critical"):
response = requests.get(
f"{RENGINE_URL}/api/listVulnerability/",
headers=headers,
params={
"project": project_slug,
"search": f"severity={severity}"
}
)
return response.json()
# Example workflow
if __name__ == "__main__":
# Step 1: Add target
result = add_target("example.com")
print(f"Target added: {result}")
# Step 2: Monitor scans (assuming scan initiated via UI)
while True:
status = check_scan_status(PROJECT_SLUG)
scanning = status['scans']['scanning']
if not scanning:
break
print(f"Scans running: {len(scanning)}")
time.sleep(30)
# Step 3: Retrieve critical vulnerabilities
vulns = get_vulnerabilities(PROJECT_SLUG, severity="critical")
print(f"Found {vulns['count']} critical vulnerabilities")
for vuln in vulns['results'][:5]:
print(f"- {vuln['name']}: {vuln['http_url']}")
```
--------------------------------
### Get HackerOne Program Details with In-Scope Assets
Source: https://context7.com/yogeshojha/rengine/llms.txt
Fetches detailed information about a specific HackerOne program, including its name, bounty status, and a list of in-scope assets. The program is identified by its unique slug. Requires an API token.
```bash
# Get program details with in-scope assets
curl -X GET "https://rengine.example.com/api/hackerone-programs/example-program/program_details/" \
-H "Authorization: Token YOUR_API_TOKEN"
```
--------------------------------
### Clone reNgine Repository
Source: https://github.com/yogeshojha/rengine/blob/master/README.md
Clones the reNgine repository from GitHub and navigates into the project directory. This is the first step for setting up reNgine.
```bash
git clone https://github.com/yogeshojha/rengine && cd rengine
```
--------------------------------
### Render Scan Start Date Cell
Source: https://github.com/yogeshojha/rengine/blob/master/web/targetApp/templates/target/list.html
Renders a badge indicating the humanized start date of a scan, or a 'Never Scanned Before' message if the scan has not started. This is useful for displaying scan status in a table.
```javascript
function(data, type, row) {
var content = '
';
return content;
}
```
--------------------------------
### Get Search History
Source: https://context7.com/yogeshojha/rengine/llms.txt
Retrieves the search history for the authenticated user.
```APIDOC
## GET /api/search/history/
### Description
Retrieves the search history for the authenticated user.
### Method
GET
### Endpoint
/api/search/history/
### Parameters
#### Path Parameters
None
#### Query Parameters
None
#### Request Body
None
### Request Example
```bash
curl -X GET "https://rengine.example.com/api/search/history/"
-H "Authorization: Token YOUR_API_TOKEN"
```
### Response
#### Success Response (200)
(Response structure not provided in the input text)
#### Response Example
(Response example not provided in the input text)
```
--------------------------------
### Update reNgine
Source: https://github.com/yogeshojha/rengine/blob/master/README.md
Updates reNgine by navigating to the project directory and running the update script. Includes a step to grant execute permissions if needed.
```bash
cd rengine && sudo ./update.sh
# If update.sh lacks execution permissions:
sudo chmod +x update.sh
```
--------------------------------
### Initialize DataTable and Tooltip - JavaScript
Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/detail_scan.html
Initializes the DataTable with specific configurations for rendering and callbacks. It includes settings for column definitions, initialization completion, draw callbacks for tooltip initialization, and row creation for styling.
```javascript
initComplete: function(settings, json) { api = this.api(); // column visibility vulnerability_datatable_col_visibility(vulnerability_table); $(".dtrg-group th:contains('No group')").remove(); }, drawCallback: function (settings) { drawCallback_api = this.api(); $('.badge').tooltip({ template: '
' }) $('.bs-tooltip').tooltip(); setTimeout(function() { $(".dtrg-group th:contains('No group')").remove(); }, 1); }, createdRow: function( row, data, dataIndex ) { if (!data['open_status']){ $(row).addClass('table-success text-strike'); } }
```
--------------------------------
### Get Search History
Source: https://context7.com/yogeshojha/rengine/llms.txt
Retrieves the search history from the Rengine API. Requires an API token for authentication.
```bash
curl -X GET "https://rengine.example.com/api/search/history/" \
-H "Authorization: Token YOUR_API_TOKEN"
```
--------------------------------
### Initialize PerfectScrollbar and Tooltips (JavaScript)
Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/detail_scan.html
Initializes PerfectScrollbar for scrollable containers and applies tooltips to elements with the 'data-toggle="tooltip"' attribute. These are common UI enhancements for improved user experience.
```javascript
$(document).ready(function() {
// Init
const ps = new PerfectScrollbar(document.querySelector('.mt-container'));
const ps1 = new PerfectScrollbar(document.querySelector('.endpoint-search'));
$('\\[data-toggle="tooltip"\\]').tooltip();
});
```
--------------------------------
### Get GPT Attack Surface Suggestions
Source: https://context7.com/yogeshojha/rengine/llms.txt
Obtains GPT-generated attack surface suggestions for a given subdomain. Requires the subdomain ID for context.
```bash
# Get GPT attack surface suggestions for subdomain
curl -X GET "https://rengine.example.com/api/tools/gpt_get_possible_attacks/?subdomain_id=1523" \
-H "Authorization: Token YOUR_API_TOKEN"
```
--------------------------------
### Initialize Data Table and Tooltips
Source: https://github.com/yogeshojha/rengine/blob/master/web/targetApp/templates/target/list.html
Initializes a data table with custom rendering functions, tooltips, and multi-selection capabilities. It also sets up a form submission handler for the table's checkboxes and applies tooltips to elements with the 'data-toggle=tooltip' attribute.
```javascript
var table = $('#table').DataTable({
// ... table configuration ...
drawCallback: function() {
$('.badge').tooltip({
template: '
'
})
$('.bs-tooltip').tooltip();
}
});
multiCheck(table);
// Handle form submission event
$('#frm-example').on('submit', function(e){
var form = this;
table.$('input[type="checkbox" ]').each(function(){
if(!$.contains(document, this)){
if(this.checked){
$(form).append( $('')
.attr('type', 'hidden')
.attr('name', this.name)
.val(this.value)
);
}
}
});
e.preventDefault();
});
$(' [data-toggle=tooltip]').tooltip();
```
--------------------------------
### Fetch Subscan Results
Source: https://context7.com/yogeshojha/rengine/llms.txt
Retrieves the results of a specific subscan, identified by its subscan ID. This GET request requires an API token for authentication and returns details about the subscan's status and its findings.
```bash
# Fetch subscan results
curl -X GET "https://rengine.example.com/api/fetch/results/subscan/?subscan_id=101" \
-H "Authorization: Token YOUR_API_TOKEN"
```
--------------------------------
### Initialize and Configure Subdomain DataTable
Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/detail_scan.html
Initializes a DataTable for subdomains with various configuration options. This includes defining the DOM structure for table controls, setting up complete and draw callbacks for post-initialization and redrawing actions, and defining a row callback to add a 'table-danger' class to important subdomains. It also handles column visibility based on local storage settings.
```javascript
subdomain_datatables = $("#subdomain_table").DataTable({
"processing": true,
"serverSide": true,
"ajax": {
"url": "/api/v1/subdomain",
"type": "POST",
"data": {
"project": "${project_id}"
}
},
"columns": [
{
"data": "id"
}, {
"data": "name"
}, {
"data": "screenshot"
}, {
"data": "takeover"
}, {
"data": "http_status"
}, {
"data": "page_title"
}, {
"data": "ip"
}, {
"data": "ports"
}, {
"data": "content_length"
}, {
"data": "server"
}, {
"data": "response_time"
}, {
"data": "tags"
}, {
"data": "history"
}, {
"data": "cert"
}, {
"data": "waf"
}, {
"data": "notes"
}, {
"data": "action"
}
],
columnDefs: [
{
targets: 0,
visible: false,
searchable: false,
}, {
targets: 1,
render: function(data, type, row) {
return `
'
})
$(".bs-tooltip").tooltip();
$(".dtrg-group").remove();
drawCallback_api = this.api();
setTimeout(function() {
$(".dtrg-group th:contains('No group')").remove();
}, 1);
},
"rowCallback": function( row, data, dataIndex ) {
if (data['is_important']){
$(row).addClass('table-danger');
}
}
});
```
--------------------------------
### Get Severity Badge (JavaScript)
Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/vulnerabilities.html
Returns a severity badge based on the provided data. The function determines the badge color based on numerical ranges, assigning 'info', 'warning', or 'danger'. It is used for rendering CVSS scores.
```javascript
function ( data, type, row ) {
if (data) {
if (data > 0.1 && data <= 3.9) {
badge = 'info';
} else if (data > 3.9 && data <= 6.9) {
badge = 'warning';
} else if (data > 6.9 && data <= 8.9) {
badge = 'danger';
} else {
badge = 'danger';
}
return `${data}`;
}
return '';
}
```
--------------------------------
### List Accessible HackerOne Programs
Source: https://context7.com/yogeshojha/rengine/llms.txt
Fetches a list of all HackerOne programs accessible with the provided API token. The results can be sorted by creation date ('age') in ascending or descending order. Requires authentication.
```bash
# List all accessible HackerOne programs
curl -X GET "https://rengine.example.com/api/hackerone-programs/?sort_by=age&sort_order=desc" \
-H "Authorization: Token YOUR_API_TOKEN"
```
--------------------------------
### Fetching Latest Tool Versions with jQuery
Source: https://github.com/yogeshojha/rengine/blob/master/web/scanEngine/templates/scanEngine/settings/tool_arsenal.html
This JavaScript code, written using jQuery, is executed when the DOM is ready. It initializes tooltips and then iterates through installed tools to fetch their latest version information using the `get_external_tool_current_version` function.
```javascript
$(document).ready(function() {
$("body").tooltip({ selector: '[data-toggle=tooltip]' });
// fetch latest version information
{% for tool in installed_tools %}
get_external_tool_current_version('{{tool.id}}', '{{tool.name}}_current');
{% endfor %}
});
```
--------------------------------
### Initialize S3 Buckets DataTable
Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/detail_scan.html
This snippet initializes a DataTables instance for displaying S3 bucket information. It configures sorting, DOM structure for pagination and information display, and includes custom Vietnamese language options for pagination controls.
```javascript
var s3_table = $('#s3-datatable').DataTable({ "order": [[0, 'asc']], "dom": "<'dt--top-section'<'row'<'col-12 mb-3 mb-sm-0 col-sm-4 col-md-3 col-lg-4 d-flex justify-content-sm-start justify-content-center'l><'dt--pages-count col-12 col-sm-6 col-md-4 col-lg-4 d-flex justify-content-sm-middle justify-content-center'i><'dt--pagination col-12 col-sm-2 col-md-5 col-lg-4 d-flex justify-content-sm-end justify-content-center'p>>>" + "<'table-responsive'tr>" + "<'dt--bottom-section'<'row'<'col-12 mb-3 mb-sm-0 col-sm-4 col-md-3 col-lg-4 d-flex justify-content-sm-start justify-content-center'l><'dt--pages-count col-12 col-sm-6 col-md-4 col-lg-4 d-flex justify-content-sm-middle justify-content-center'i><'dt--pagination col-12 col-sm-2 col-md-5 col-lg-4 d-flex justify-content-sm-end justify-content-center'p>>>", "oLanguage": { "oPaginate": { "sPrevious": '