whatisgithub

What is rengine?

yogeshojha/rengine — explained in plain English

Analysis updated 2026-06-24

8,644HTMLAudience · ops devopsComplexity · 3/5LicenseSetup · moderate

In one sentence

A web-based reconnaissance tool for penetration testers that automates subdomain discovery, port scanning, and vulnerability detection through a visual interface, with continuous monitoring and HackerOne integration.

Mindmap

mindmap
  root((reNgine))
    What it does
      Recon automation
      Web-based interface
      Vuln detection
    Scan Types
      Subdomain discovery
      Port scanning
      Directory fuzzing
      Screenshots
    Features
      Continuous monitoring
      HackerOne integration
      PDF report export
    Setup
      Docker install
      YAML scan engines
      Custom profiles
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Automate subdomain discovery, port scanning, and vulnerability detection against an authorized target domain

USE CASE 2

Schedule recurring scans to continuously monitor targets and get notified when new subdomains appear

USE CASE 3

Import HackerOne bug bounty programs to organize recon targets and track findings in one interface

USE CASE 4

Export scan results as a PDF report for client deliverables or personal records

What is it built with?

PythonDockerYAMLHTML

How does it compare?

yogeshojha/renginemrnerf/awesome-3d-gaussian-splattingjstherightway/js-the-right-way
Stars8,6448,6058,694
LanguageHTMLHTMLHTML
Setup difficultymoderateeasyeasy
Complexity3/51/51/5
Audienceops devopsresearcherdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 1h+

Requires Docker, intended only for authorized penetration testing on targets you have permission to scan.

Free to use and modify, but any software you distribute that includes this code must also be open source under the same GPLv3 license.

So what is it?

reNgine is a web application reconnaissance tool built for penetration testers, security researchers, and bug bounty hunters. Reconnaissance is the phase of a security assessment where you gather information about a target, such as discovering subdomains, open ports, file paths, and potential vulnerabilities, before attempting to test for weaknesses. reNgine automates much of that information-gathering work through a web-based interface rather than requiring users to manually run and stitch together many separate command-line tools. The tool is organized around the concept of scan engines, which are configuration profiles written in YAML that define what to scan, which tools to run, how fast to run them, and what to look for. You can create custom engines for different situations or use the pre-built ones that ship with the project. Scans cover subdomain discovery, screenshot capture, endpoint collection, directory fuzzing, and vulnerability detection. Results from all these checks are stored in a database, so you can filter and search through findings using a query language rather than sorting through raw text files. A continuous monitoring feature lets you schedule recurring scans against the same targets and get notified when new subdomains or changes appear. The interface also connects with bug bounty platforms, specifically HackerOne, so you can import your active programs directly. Reports can be exported as PDFs. The project has been presented at security conferences including Black Hat Arsenal multiple times, which gives some indication of its standing within the security community. Installation is done through Docker, which packages all the dependencies together, and the README points to a dedicated documentation site for detailed setup steps. The tool is open source under the GPLv3 license. It is aimed at people doing authorized security testing work, not general audiences. Some comfort with Docker and web security concepts is assumed.

Copy-paste prompts

Prompt 1
Walk me through installing reNgine using Docker on Ubuntu, including how to access the web interface and create my first scan target.
Prompt 2
Using reNgine, how do I create a custom YAML scan engine profile that runs subdomain enumeration first, then captures screenshots of discovered hosts?
Prompt 3
How do I use reNgine's query language to filter all scan results and find only subdomains that have port 8080 or 8443 open?
Prompt 4
How do I connect reNgine to my HackerOne account to automatically import my active bug bounty program targets for reconnaissance?
Prompt 5
How do I set up continuous monitoring in reNgine so it alerts me via notification when a new subdomain appears on a target I'm tracking?

Frequently asked questions

What is rengine?

A web-based reconnaissance tool for penetration testers that automates subdomain discovery, port scanning, and vulnerability detection through a visual interface, with continuous monitoring and HackerOne integration.

What language is rengine written in?

Mainly HTML. The stack also includes Python, Docker, YAML.

What license does rengine use?

Free to use and modify, but any software you distribute that includes this code must also be open source under the same GPLv3 license.

How hard is rengine to set up?

Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.

Who is rengine for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.