### Install reNgine via Script Source: https://context7.com/yogeshojha/rengine/llms.txt Installs reNgine using a provided script. Requires cloning the repository and configuring environment variables in the .env file, including database passwords and optional admin credentials. The script handles the setup process, and a non-interactive option is available. ```bash # Clone the repository git clone https://github.com/yogeshojha/rengine && cd rengine # Configure environment variables nano .env # IMPORTANT: Change POSTGRES_PASSWORD for security # POSTGRES_PASSWORD=hE2a5@K&9nEY1fzgA6X # Optional: Set non-interactive admin credentials # DJANGO_SUPERUSER_USERNAME=rengine # DJANGO_SUPERUSER_EMAIL=rengine@example.com # DJANGO_SUPERUSER_PASSWORD=Sm7IJG.IfHAFw9snSKv # Adjust Celery worker scaling based on available RAM # 4GB: MAX_CONCURRENCY=10 # 8GB: MAX_CONCURRENCY=30 # 16GB: MAX_CONCURRENCY=50 # MAX_CONCURRENCY=80 # MIN_CONCURRENCY=10 # Run installation script sudo ./install.sh # For non-interactive install sudo ./install.sh -n # Access reNgine # https://127.0.0.1 (local) or https://your_vps_ip_address (VPS) ``` -------------------------------- ### Run reNgine Installation Script Source: https://github.com/yogeshojha/rengine/blob/master/README.md Executes the reNgine installation script. Supports both interactive and non-interactive modes. The non-interactive mode uses the '-n' flag and requires admin credentials to be pre-configured in .env. ```bash sudo ./install.sh # For non-interactive install: sudo ./install.sh -n ``` -------------------------------- ### Set Admin Credentials in .env for Non-Interactive Install Source: https://github.com/yogeshojha/rengine/blob/master/README.md Configures administrative credentials (username, email, password) directly in the .env file for a non-interactive reNgine installation. This is useful for automated setups. ```bash DJANGO_SUPERUSER_USERNAME=yourUsername DJANGO_SUPERUSER_EMAIL=YourMail@example.com DJANGO_SUPERUSER_PASSWORD=yourStrongPassword ``` -------------------------------- ### Advanced Query Language Examples Source: https://context7.com/yogeshojha/rengine/llms.txt Examples demonstrating the use of Rengine's advanced query language for filtering scan results and vulnerabilities. ```APIDOC ## Advanced Query Language Examples ### Description Examples demonstrating the use of Rengine's advanced query language for filtering scan results and vulnerabilities. ### Examples ```bash # Natural language-like filtering in subdomain search # Exact match: Find subdomains with HTTP status 200 ?search=http_status=200 # Exclusion: Find all except status 404 ?search=http_status!=404 # Greater than: Find large responses (> 100KB) ?search=content_length>100000 # Less than: Find quick responses ?search=content_length<5000 # Complex AND operation: Status 200 AND admin in name ?search=http_status=200&name=admin # Complex OR operation: PHP or Java technology ?search=technology=php|technology=java # Multiple conditions: Important subdomains with specific tech ?search=is_important=true&technology=wordpress&http_status=200 # Port filtering: Find SSH services ?search=port=22 # Negative pattern: Exclude test subdomains ?search=name!test # Endpoint filtering with GF patterns ``` ``` -------------------------------- ### Rengine Advanced Query Language Examples for Filtering Source: https://context7.com/yogeshojha/rengine/llms.txt Illustrates advanced filtering capabilities within Rengine's query language, mimicking natural language for searching subdomains. Examples include exact matches, exclusions, range queries (content length), complex AND/OR operations, port filtering, negative patterns, and endpoint filtering using GF patterns. ```bash # Natural language-like filtering in subdomain search # Exact match: Find subdomains with HTTP status 200 ?search=http_status=200 # Exclusion: Find all except status 404 ?search=http_status!404 # Greater than: Find large responses (> 100KB) ?search=content_length>100000 # Less than: Find quick responses ?search=content_length<5000 # Complex AND operation: Status 200 AND admin in name ?search=http_status=200&name=admin # Complex OR operation: PHP or Java technology ?search=technology=php|technology=java # Multiple conditions: Important subdomains with specific tech ?search=is_important=true&technology=wordpress&http_status=200 # Port filtering: Find SSH services ?search=port=22 # Negative pattern: Exclude test subdomains ?search=name!test # Endpoint filtering with GF patterns ``` -------------------------------- ### Sync All Bookmarked HackerOne Programs Source: https://context7.com/yogeshojha/rengine/llms.txt Synchronizes all bookmarked HackerOne programs with the specified project. This is a GET request that requires an API token for authorization and updates the project with the latest information from bookmarked programs. ```bash # Sync all bookmarked programs automatically curl -X GET "https://rengine.example.com/api/hackerone-programs/sync_bookmarked/?project_slug=bug-bounty" \ -H "Authorization: Token YOUR_API_TOKEN" ``` -------------------------------- ### Manage reNgine Docker Compose Services Source: https://context7.com/yogeshojha/rengine/llms.txt Provides make commands for managing reNgine's Docker services. These include starting, stopping, restarting, viewing logs, creating a superuser, applying migrations, and cleaning up Docker resources. Essential for development and deployment workflows. ```bash # Start all services make up # Builds and starts: db, web, proxy, redis, celery, celery-beat, ollama # Create superuser (after initial setup) make username # Interactive prompt for username, email, password # View logs with 1000 line tail make logs # Restart all services make restart # Stop all services without removing containers make stop # Stop and remove all containers make down # Update reNgine cd rengine && sudo ./update.sh # Apply database migrations make migrate # Change user password make changepassword # Complete cleanup (remove containers and volumes) make prune ``` -------------------------------- ### Initiate Report Modal Setup (JavaScript) Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/history.html Configures the 'generateReportModal' to initialize report generation options. It logs input parameters, sets default selections for report type and template, and dynamically enables/disables report type options based on scan availability. It also sets click handlers for generate and preview buttons. ```javascript function initiate_report(id, has_subdomain_scan, has_vulnerability_scan, domain_name) { console.log(has_subdomain_scan, has_vulnerability_scan, domain_name); //select full report type by default $('input[name="reportType"][value="full"]').prop('checked', true); $('input[name="excludeInfoFindings"]').prop('checked', true); $('#templateSelect').val('modern'); $('#generateReportModal').modal('show'); if (has_subdomain_scan) { $('input[name="reportType"][value="recon"]').prop('disabled', false); } else { $('input[name="reportType"][value="recon"]').prop('disabled', true); } if (has_vulnerability_scan) { $('input[name="reportType"][value="vuln"]').prop('disabled', false); } else { $('input[name="reportType"][value="vuln"]').prop('disabled', true); } $('#generateReportBtn').attr('onClick', `generate_report(${id}, '${domain_name}')`); $('#previewReportBtn').attr('onClick', `preview_report(${id}, '${domain_name}')`); } ``` -------------------------------- ### Get Bookmarked HackerOne Programs Source: https://context7.com/yogeshojha/rengine/llms.txt Retrieves only the HackerOne programs that have been bookmarked. This is useful for quickly accessing a curated list of relevant programs. Requires an API token for authorization. ```bash # Get bookmarked programs only curl -X GET "https://rengine.example.com/api/hackerone-programs/bookmarked_programs/" \ -H "Authorization: Token YOUR_API_TOKEN" ``` -------------------------------- ### Grant Execution Permissions to install.sh Source: https://github.com/yogeshojha/rengine/blob/master/README.md Grants execute permissions to the install.sh script if it's not already executable. This is a prerequisite for running the installation. ```bash chmod +x install.sh ``` -------------------------------- ### Configure .env file for reNgine Source: https://github.com/yogeshojha/rengine/blob/master/README.md Edits the .env file to configure environment variables for reNgine. Essential for security by changing the POSTGRES_PASSWORD and optionally setting admin credentials for non-interactive installation. ```bash nano .env ``` -------------------------------- ### Custom Scan Engine Configuration Source: https://context7.com/yogeshojha/rengine/llms.txt Example configuration for a custom full reconnaissance engine using YAML format. ```yaml # Custom Full Reconnaissance Engine ``` -------------------------------- ### Python API for Rengine Scan Initiation and Management Source: https://context7.com/yogeshojha/rengine/llms.txt Demonstrates how to use the Python requests library to interact with the Rengine API for adding targets, checking scan status, and retrieving vulnerability data. It requires an API token and project slug for authentication and operation. The example workflow illustrates a typical usage pattern. ```python import requests import time # Configuration RENGINE_URL = "https://rengine.example.com" API_TOKEN = "your_api_token_here" PROJECT_SLUG = "project-alpha" headers = { "Authorization": f"Token {API_TOKEN}", "Content-Type": "application/json" } # Add target def add_target(domain): response = requests.post( f"{RENGINE_URL}/api/add/target/", headers=headers, json={ "domain_name": domain, "description": "Automated scan target", "slug": PROJECT_SLUG } ) return response.json() # Initiate scan (via web interface or use startScan.views.start_scan) # Note: Direct scan initiation requires accessing Django views # Use the web UI or create custom management command # Monitor scan status def check_scan_status(project_slug): response = requests.get( f"{RENGINE_URL}/api/scan_status/?project={project_slug}", headers=headers ) return response.json() # Query results def get_vulnerabilities(project_slug, severity="critical"): response = requests.get( f"{RENGINE_URL}/api/listVulnerability/", headers=headers, params={ "project": project_slug, "search": f"severity={severity}" } ) return response.json() # Example workflow if __name__ == "__main__": # Step 1: Add target result = add_target("example.com") print(f"Target added: {result}") # Step 2: Monitor scans (assuming scan initiated via UI) while True: status = check_scan_status(PROJECT_SLUG) scanning = status['scans']['scanning'] if not scanning: break print(f"Scans running: {len(scanning)}") time.sleep(30) # Step 3: Retrieve critical vulnerabilities vulns = get_vulnerabilities(PROJECT_SLUG, severity="critical") print(f"Found {vulns['count']} critical vulnerabilities") for vuln in vulns['results'][:5]: print(f"- {vuln['name']}: {vuln['http_url']}") ``` -------------------------------- ### Get HackerOne Program Details with In-Scope Assets Source: https://context7.com/yogeshojha/rengine/llms.txt Fetches detailed information about a specific HackerOne program, including its name, bounty status, and a list of in-scope assets. The program is identified by its unique slug. Requires an API token. ```bash # Get program details with in-scope assets curl -X GET "https://rengine.example.com/api/hackerone-programs/example-program/program_details/" \ -H "Authorization: Token YOUR_API_TOKEN" ``` -------------------------------- ### Clone reNgine Repository Source: https://github.com/yogeshojha/rengine/blob/master/README.md Clones the reNgine repository from GitHub and navigates into the project directory. This is the first step for setting up reNgine. ```bash git clone https://github.com/yogeshojha/rengine && cd rengine ``` -------------------------------- ### Render Scan Start Date Cell Source: https://github.com/yogeshojha/rengine/blob/master/web/targetApp/templates/target/list.html Renders a badge indicating the humanized start date of a scan, or a 'Never Scanned Before' message if the scan has not started. This is useful for displaying scan status in a table. ```javascript function(data, type, row) { var content = '
'; if (data) { content += `${row.start_scan_date_humanized}`; } else { content += 'Never Scanned Before'; } content += '
'; return content; } ``` -------------------------------- ### Get Search History Source: https://context7.com/yogeshojha/rengine/llms.txt Retrieves the search history for the authenticated user. ```APIDOC ## GET /api/search/history/ ### Description Retrieves the search history for the authenticated user. ### Method GET ### Endpoint /api/search/history/ ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example ```bash curl -X GET "https://rengine.example.com/api/search/history/" -H "Authorization: Token YOUR_API_TOKEN" ``` ### Response #### Success Response (200) (Response structure not provided in the input text) #### Response Example (Response example not provided in the input text) ``` -------------------------------- ### Update reNgine Source: https://github.com/yogeshojha/rengine/blob/master/README.md Updates reNgine by navigating to the project directory and running the update script. Includes a step to grant execute permissions if needed. ```bash cd rengine && sudo ./update.sh # If update.sh lacks execution permissions: sudo chmod +x update.sh ``` -------------------------------- ### Initialize DataTable and Tooltip - JavaScript Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/detail_scan.html Initializes the DataTable with specific configurations for rendering and callbacks. It includes settings for column definitions, initialization completion, draw callbacks for tooltip initialization, and row creation for styling. ```javascript initComplete: function(settings, json) { api = this.api(); // column visibility vulnerability_datatable_col_visibility(vulnerability_table); $(".dtrg-group th:contains('No group')").remove(); }, drawCallback: function (settings) { drawCallback_api = this.api(); $('.badge').tooltip({ template: '' }) $('.bs-tooltip').tooltip(); setTimeout(function() { $(".dtrg-group th:contains('No group')").remove(); }, 1); }, createdRow: function( row, data, dataIndex ) { if (!data['open_status']){ $(row).addClass('table-success text-strike'); } } ``` -------------------------------- ### Get Search History Source: https://context7.com/yogeshojha/rengine/llms.txt Retrieves the search history from the Rengine API. Requires an API token for authentication. ```bash curl -X GET "https://rengine.example.com/api/search/history/" \ -H "Authorization: Token YOUR_API_TOKEN" ``` -------------------------------- ### Initialize PerfectScrollbar and Tooltips (JavaScript) Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/detail_scan.html Initializes PerfectScrollbar for scrollable containers and applies tooltips to elements with the 'data-toggle="tooltip"' attribute. These are common UI enhancements for improved user experience. ```javascript $(document).ready(function() { // Init const ps = new PerfectScrollbar(document.querySelector('.mt-container')); const ps1 = new PerfectScrollbar(document.querySelector('.endpoint-search')); $('\\[data-toggle="tooltip"\\]').tooltip(); }); ``` -------------------------------- ### Get GPT Attack Surface Suggestions Source: https://context7.com/yogeshojha/rengine/llms.txt Obtains GPT-generated attack surface suggestions for a given subdomain. Requires the subdomain ID for context. ```bash # Get GPT attack surface suggestions for subdomain curl -X GET "https://rengine.example.com/api/tools/gpt_get_possible_attacks/?subdomain_id=1523" \ -H "Authorization: Token YOUR_API_TOKEN" ``` -------------------------------- ### Initialize Data Table and Tooltips Source: https://github.com/yogeshojha/rengine/blob/master/web/targetApp/templates/target/list.html Initializes a data table with custom rendering functions, tooltips, and multi-selection capabilities. It also sets up a form submission handler for the table's checkboxes and applies tooltips to elements with the 'data-toggle=tooltip' attribute. ```javascript var table = $('#table').DataTable({ // ... table configuration ... drawCallback: function() { $('.badge').tooltip({ template: '' }) $('.bs-tooltip').tooltip(); } }); multiCheck(table); // Handle form submission event $('#frm-example').on('submit', function(e){ var form = this; table.$('input[type="checkbox" ]').each(function(){ if(!$.contains(document, this)){ if(this.checked){ $(form).append( $('') .attr('type', 'hidden') .attr('name', this.name) .val(this.value) ); } } }); e.preventDefault(); }); $(' [data-toggle=tooltip]').tooltip(); ``` -------------------------------- ### Fetch Subscan Results Source: https://context7.com/yogeshojha/rengine/llms.txt Retrieves the results of a specific subscan, identified by its subscan ID. This GET request requires an API token for authentication and returns details about the subscan's status and its findings. ```bash # Fetch subscan results curl -X GET "https://rengine.example.com/api/fetch/results/subscan/?subscan_id=101" \ -H "Authorization: Token YOUR_API_TOKEN" ``` -------------------------------- ### Initialize and Configure Subdomain DataTable Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/detail_scan.html Initializes a DataTable for subdomains with various configuration options. This includes defining the DOM structure for table controls, setting up complete and draw callbacks for post-initialization and redrawing actions, and defining a row callback to add a 'table-danger' class to important subdomains. It also handles column visibility based on local storage settings. ```javascript subdomain_datatables = $("#subdomain_table").DataTable({ "processing": true, "serverSide": true, "ajax": { "url": "/api/v1/subdomain", "type": "POST", "data": { "project": "${project_id}" } }, "columns": [ { "data": "id" }, { "data": "name" }, { "data": "screenshot" }, { "data": "takeover" }, { "data": "http_status" }, { "data": "page_title" }, { "data": "ip" }, { "data": "ports" }, { "data": "content_length" }, { "data": "server" }, { "data": "response_time" }, { "data": "tags" }, { "data": "history" }, { "data": "cert" }, { "data": "waf" }, { "data": "notes" }, { "data": "action" } ], columnDefs: [ { targets: 0, visible: false, searchable: false, }, { targets: 1, render: function(data, type, row) { return ` `; } } ], "dom": "<'dt--top-section'<'row'<'col-12 mb-3 mb-sm-0 col-sm-4 col-md-3 col-lg-4 d-flex justify-content-sm-start justify-content-center'l><'dt--pages-count col-12 col-sm-6 col-md-4 col-lg-4 d-flex justify-content-sm-middle justify-content-center'i><'dt--pagination col-12 col-sm-2 col-md-5 col-lg-4 d-flex justify-content-sm-end justify-content-center'p>>>" + "<'table-responsive'tr>" + "<'dt--bottom-section'<'row'<'col-12 mb-3 mb-sm-0 col-sm-4 col-md-3 col-lg-4 d-flex justify-content-sm-start justify-content-center'l><'dt--pages-count col-12 col-sm-6 col-md-4 col-lg-4 d-flex justify-content-sm-middle justify-content-center'i><'dt--pagination col-12 col-sm-2 col-md-5 col-lg-4 d-flex justify-content-sm-end justify-content-center'p>>>", "initComplete": function(settings, json) { api = this.api(); subdomain_datatable_col_visibility(subdomain_datatables); $(".dtrg-group th:contains('No group')").remove(); }, "drawCallback": function () { $(".badge").tooltip({ template: '' }) $(".bs-tooltip").tooltip(); $(".dtrg-group").remove(); drawCallback_api = this.api(); setTimeout(function() { $(".dtrg-group th:contains('No group')").remove(); }, 1); }, "rowCallback": function( row, data, dataIndex ) { if (data['is_important']){ $(row).addClass('table-danger'); } } }); ``` -------------------------------- ### Get Severity Badge (JavaScript) Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/vulnerabilities.html Returns a severity badge based on the provided data. The function determines the badge color based on numerical ranges, assigning 'info', 'warning', or 'danger'. It is used for rendering CVSS scores. ```javascript function ( data, type, row ) { if (data) { if (data > 0.1 && data <= 3.9) { badge = 'info'; } else if (data > 3.9 && data <= 6.9) { badge = 'warning'; } else if (data > 6.9 && data <= 8.9) { badge = 'danger'; } else { badge = 'danger'; } return `${data}`; } return ''; } ``` -------------------------------- ### List Accessible HackerOne Programs Source: https://context7.com/yogeshojha/rengine/llms.txt Fetches a list of all HackerOne programs accessible with the provided API token. The results can be sorted by creation date ('age') in ascending or descending order. Requires authentication. ```bash # List all accessible HackerOne programs curl -X GET "https://rengine.example.com/api/hackerone-programs/?sort_by=age&sort_order=desc" \ -H "Authorization: Token YOUR_API_TOKEN" ``` -------------------------------- ### Fetching Latest Tool Versions with jQuery Source: https://github.com/yogeshojha/rengine/blob/master/web/scanEngine/templates/scanEngine/settings/tool_arsenal.html This JavaScript code, written using jQuery, is executed when the DOM is ready. It initializes tooltips and then iterates through installed tools to fetch their latest version information using the `get_external_tool_current_version` function. ```javascript $(document).ready(function() { $("body").tooltip({ selector: '[data-toggle=tooltip]' }); // fetch latest version information {% for tool in installed_tools %} get_external_tool_current_version('{{tool.id}}', '{{tool.name}}_current'); {% endfor %} }); ``` -------------------------------- ### Initialize S3 Buckets DataTable Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/detail_scan.html This snippet initializes a DataTables instance for displaying S3 bucket information. It configures sorting, DOM structure for pagination and information display, and includes custom Vietnamese language options for pagination controls. ```javascript var s3_table = $('#s3-datatable').DataTable({ "order": [[0, 'asc']], "dom": "<'dt--top-section'<'row'<'col-12 mb-3 mb-sm-0 col-sm-4 col-md-3 col-lg-4 d-flex justify-content-sm-start justify-content-center'l><'dt--pages-count col-12 col-sm-6 col-md-4 col-lg-4 d-flex justify-content-sm-middle justify-content-center'i><'dt--pagination col-12 col-sm-2 col-md-5 col-lg-4 d-flex justify-content-sm-end justify-content-center'p>>>" + "<'table-responsive'tr>" + "<'dt--bottom-section'<'row'<'col-12 mb-3 mb-sm-0 col-sm-4 col-md-3 col-lg-4 d-flex justify-content-sm-start justify-content-center'l><'dt--pages-count col-12 col-sm-6 col-md-4 col-lg-4 d-flex justify-content-sm-middle justify-content-center'i><'dt--pagination col-12 col-sm-2 col-md-5 col-lg-4 d-flex justify-content-sm-end justify-content-center'p>>>", "oLanguage": { "oPaginate": { "sPrevious": '7.0 ``` -------------------------------- ### Import Multiple HackerOne Programs as Targets Source: https://context7.com/yogeshojha/rengine/llms.txt Imports multiple HackerOne programs into a specified project by their handles. This operation initiates an asynchronous task and returns an HTTP 202 Accepted status upon success. Requires an API token and JSON content type. ```bash # Import multiple HackerOne programs as targets curl -X POST "https://rengine.example.com/api/hackerone-programs/import_programs/?project_slug=bug-bounty" \ -H "Authorization: Token YOUR_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "handles": ["example-program", "another-program", "third-program"] }' ``` -------------------------------- ### JavaScript DataTables Initialization for Vulnerabilities Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/vulnerabilities.html Initializes a DataTables instance to display vulnerability results. It configures pagination, search, column definitions, and server-side processing. The AJAX URL is dynamically set based on GET parameters like 'domain', 'vulnerability_name', or 'subdomain'. ```javascript var vuln_ajax_url = '/api/listVulnerability/?project={{current_project.slug}}&format=datatables'; if(request.GET.domain) { vuln_ajax_url = '/api/listVulnerability/?project={{current_project.slug}}&format=datatables&domain={{request.GET.domain}}'; } else if(request.GET.vulnerability_name) { vuln_ajax_url = '/api/listVulnerability/?project={{current_project.slug}}&format=datatables&vulnerability_name={{request.GET.vulnerability_name}}'; } else if(request.GET.subdomain) { vuln_ajax_url = '/api/listVulnerability/?project={{current_project.slug}}&format=datatables&subdomain={{request.GET.subdomain}}'; } var vulnerability_table = $('#vulnerability_results').DataTable({ "destroy": true, "oLanguage": { "oPaginate": { "sPrevious": '', "sNext": '' }, "sInfo": "Showing page _PAGE_ of _PAGES_", "sSearch": '', "sSearchPlaceholder": "Search...", "sLengthMenu": "Results : _MENU_", }, "processing": true, "dom": "<'dt--top-section'<'row'<'col-12 mb-3 mb-sm-0 col-sm-4 col-md-3 col-lg-4 d-flex justify-content-sm-start justify-content-center'l><'dt--pages-count col-12 col-sm-6 col-md-4 col-lg-4 d-flex justify-content-sm-middle justify-content-center'i><'dt--pagination col-12 col-sm-2 col-md-5 col-lg-4 d-flex justify-content-sm-end justify-content-center'p>>>" + "<'table-responsive'tr>" + "<'dt--bottom-section'<'row'<'col-12 mb-3 mb-sm-0 col-sm-4 col-md-3 col-lg-4 d-flex justify-content-sm-start justify-content-center'l><'dt--pages-count col-12 col-sm-6 col-md-4 col-lg-4 d-flex justify-content-sm-middle justify-content-center'i><'dt--pagination col-12 col-sm-2 col-md-5 col-lg-4 d-flex justify-content-sm-end justify-content-center'p>>>", "stripeClasses": [], "lengthMenu": vuln_datatable_length_menu, "pageLength": vuln_datatable_page_length, 'serverSide': true, "ajax": { 'url': vuln_ajax_url }, "order": [[ 7, "desc" ]], "rowGroup": { "startRender": function(rows, group) { return group + ' (' + rows.count() + ' Vulnerabilities)'; } }, "columns": vuln_datatable_columns, "columnDefs": [ { "orderable": false, "targets": [16] }, { "targets": [2, 4, 5, 6, 8, 9, 10, 12, 13, 14, 17, 18, 19], "visible": false, "searchable": true }, { "targets": [20, 21, 22, 23, 24, 25, 26, 27], "visible": false, "searchable": false }, {"className": "text-center", "targets": []}, { "render": function ( data, type, row ) { if(row['open_status']){ return `
c
`; } else { return `
c
`; } }, "targets": 0 }, { "render": function ( data, type, row ) { if (data) { return `  ${data.toUpperCase()}  `; } }, "targets": 1 }, { "render": function ( data, type, row ) { if (data) { return `  ${data.toUpperCase()}  `; } }, "targets": 2 }, { "render": function ( data, type, row ) { var tags = ''; var cvss_metrics_badge ``` -------------------------------- ### Displaying Tools in Django Template Source: https://github.com/yogeshojha/rengine/blob/master/web/scanEngine/templates/scanEngine/settings/tool_arsenal.html This Django template code iterates through installed tools and conditionally displays their information based on whether they are default or custom tools. It includes links for managing tools and displaying details like name, description, and version. ```html {% extends 'base/base.html' %} {% load static %} {% load custom_tags %} {% block title %} Tool Arsenal {% endblock title %} {% block custom_js_css_link %} {% endblock custom_js_css_link %} {% block breadcrumb_title %}* [Settings](#) * Tool Arsenal {% endblock breadcrumb_title %} {% block page_title %} Tool Arsenal {% endblock page_title %} {% block main_content %} [Add new tool]({% url 'add_tool' current_project.slug %}) All Default Custom {% for tool in installed_tools %} {% if tool.is_default %} {% else %} {% endif %} {% if tool.is_default %} Default Tool {% else %} Custom Tool [Uninstall Tool](javascript:uninstall_tool({{tool.id}}, '{{tool.name}}')) [Modify Tool]({% url 'update_tool_in_arsenal' current_project.slug tool.id %}) {% endif %} {% if tool.logo_url %} ![logo]({{tool.logo_url}}) {% endif %} #### {{tool.name}} {% if tool.is_subdomain_gathering %} Subdomain Enumeration Tool {% endif %} {% if tool.active_passive %} {{tool.active_passive}} {% endif %} [Github]({{tool.github_url}}) {% if tool.license_url %} [License]({{tool.license_url}}) {% endif %} ##### Current Installed Version * * * {{tool.description}} Check Update {% endfor %} {% endblock main_content %} ``` -------------------------------- ### Initialize Directory Table with DataTables Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/detail_scan.html This JavaScript code initializes a DataTables instance to display directory information. It fetches data from an API endpoint, configures table columns, and handles features like pagination, searching, and sorting. The code also includes custom rendering for specific columns to display data in a user-friendly format, including badges for HTTP status codes and links to directory URLs. The table displays scan results for subdomain directories. ```javascript { "language": { "oPaginate": { "sPrevious": '', "sNext": '' }, "sInfo": "Showing page \_PAGE\_ of \_PAGES\_", "sSearch": '', "sSearchPlaceholder": "Search...", "sLengthMenu": "Results : \_MENU\_", }, "processing": true, "stripeClasses": [], "lengthMenu": [20, 50, 100, 500, 1000], "pageLength": 20, 'serverSide': true, "ajax": '/api/listDatatableSubdomain/?project={{current_project.slug}}&scan_id={{scan_history_id}}&format=datatables&only_directory', "order": [[ 5, "desc" ]], "columns": [ {'data': 'id'}, {'data': 'name'}, {'data': 'http_status'}, {'data': 'page_title'}, {'data': 'directories'}, {'data': 'http_url'}, {'data': 'is_interesting'}, ], "columnDefs": [ { "targets": [ 5, 6], "visible": false, "searchable": false, }, { "targets":0, "width":"20px", "className":"", "orderable":!1, render:function(e, a, t, n) { return'
\nc
'; }}, { "render": function ( data, type, row ) { if (row['http_url']) { interesting_badge = ''; if(row['is_interesting']) { interesting_badge = `Interesting`; } return `${data}`+interesting_badge+`
`; } return `${data}` + interesting_badge; }, "targets": 1 }, { "render": function ( data, type, row ) { // display badge based on http status // green for http status 2XX, orange for 3XX and warning for everything else if (data >= 200 && data < 300) { return ""+data+""; } else if (data == 0){ // datatable throws error when no data is returned return ""; } return `${data}`; }, "targets": 2, }, { "render": function ( data, type, row ) { if (data){ return htmlEncode(data); } return ""; }, "targets": 3, }, { "render": function ( data, type, row ) { if (data) { data = data.reverse(); var html_treeview = ''; if (data.length > 1) { // has been scanned multiple times html_treeview += `

Directory Scan has been performed ${data.length} times.

`; } html_treeview += `'; return html_treeview; } return ''; }, "targets": 4, } ] } ``` -------------------------------- ### Generate Report and Download (JavaScript) Source: https://github.com/yogeshojha/rengine/blob/master/web/startScan/templates/startScan/history.html Generates a report by sending a POST request to '/scan/create_report/:id' with specified options. It uses SweetAlert to show a 'Generating Report' message and then processes the response as a PDF blob for auto-download. Includes CSRF token and handles network errors. ```javascript function generate_report(id, domain_name) { var report_type = $('input[name="reportType"]:checked').val(); var is_ignore_info_vuln = $('#excludeInfoFindings').is(":checked"); var report_template = $('#templateSelect').val(); var url = `/scan/create_report/${id}?report_type=${report_type}&download`; url += `&report_template=${report_template}`; if (is_ignore_info_vuln) { url += `&ignore_info_vuln` } $('#generateReportModal').modal('hide'); swal.queue([{ title: 'Generating Report!', text: `Please wait until we generate a report for you!`, padding: '2em', onOpen: function() { swal.showLoading() return fetch(url, { method: 'POST', credentials: "same-origin", headers: { "X-CSRFToken": getCookie("csrftoken") } }) .then(function(response) { return response.blob(); }) .then(function(blob) { const file = new Blob([blob], {type: 'application/pdf'}); // process to auto download it const fileURL = URL.createObjectURL(file); const link = document.createElement('a'); link.href = fileURL; link.download = domain_name + ".pdf"; link.click(); swal.close(); }) .catch(function() { swal.insertQueueStep({ type: 'error', title: 'Oops! Unable to generate report!' }) }) } }]); } ``` -------------------------------- ### Advanced Vulnerability Filtering with Custom Operators Source: https://context7.com/yogeshojha/rengine/llms.txt Performs advanced filtering of vulnerabilities using custom operators. This example filters for vulnerabilities with 'critical' severity and names containing 'XSS' within a specified project. URL encoding is used for the search parameters. Requires an API token. ```bash # Filter: severity=critical AND name contains "XSS" curl -X GET "https://rengine.example.com/api/listVulnerability/?project=project-alpha&search=severity%3Dcritical%26name%3DXSS" \ -H "Authorization: Token YOUR_API_TOKEN" ```