MQ-xz · January 24, 2026 19:07
diff --git a/reNgine full scan engine.yml b/reNgine full scan engine.yml
 reNgine full scan engine (subdomains + passive & active)
 # YOYO model: passive discovery -> active enumeration/validation -> passive re-check/cleanup
 # This engine performs subdomain enumeration, URL fetching, passive scans first,
 # then active follow-ups (port scan, aggressive dir fuzzing, active vuln templates),
 # then a final passive validation pass to reduce false positives and re-collect endpoints.
 # Drop this file in web/config/default_scan_engines/ and load with the update scripts/management commands.

 custom_header: {
  'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0',
 }
 # Global defaults (uncomment/adjust as needed)
 # 'timeout': 10
 # 'threads': 30
 # 'rate_limit': 150
 # 'intensity': 'normal'
 # 'retries': 1

 # Subdomain discovery (enabled - passive then active)
 subdomain_discovery: {
  'uses_tools': ['subfinder', 'amass', 'crtsh', 'ctfr', 'tlsx', 'oneforall'],
  'threads': 30,
  'timeout': 10,
  # Control passive vs active enumeration inside subdomain discovery
  'run_passive': true,
  'run_active': true,
  # Optional amass configuration (uncomment to use)
  # 'use_amass_config': false,
  # 'amass_wordlist': 'deepmagic.com-prefixes-top50000'
 }

 # HTTP crawling / precrawl behaviour (controls which ports are probed during initial crawl)
 http_crawl: {
  'threads': 20,
  'follow_redirect': false,
  # initial precrawl with common ports, followed by deeper scans in active phase
  'precrawl_ports': [80, 443, 8080, 8443, 3000, 5000],
  'precrawl_uncommon_ports': false,
  'precrawl_all_ports': false,
  'precrawl_batch_size': 350
 }

 # OSINT (passive + optional active lookups)
 osint: {
  'discover': [
    'emails',
    'metainfo',
    'employees',
    'documents'
  ],
  'intensity': 'normal',
  'documents_limit': 100,
  'run_passive': true,
  'run_active': true
 }

 # WAF detection: passive header fingerprinting and active probing options
 waf_detection: {
  'run_passive': true,
  'run_active': true,
  'passive_tools': ['headers','wafw00f'],
  'active_tools': ['wafw00f-aggressive']
 }

 # Screenshots configuration
 screenshot: {
  'intensity': 'normal',
  'timeout': 10,
  'threads': 40,
  'take_on_passive': true,
  'take_on_active': true,
  'tools': ['aquatone','gowitness']
 }

 # Port scan configuration (supports passive discovery + active nmap/naabu)
 port_scan: {
  'timeout': 10,
  # default: top-100; can be a list of ports or range strings
  'ports': ['top-100'],
  'rate_limit': 150,
  'threads': 30,
  'passive': false,
  'run_passive': true,
  'run_active': true,
  'enable_nmap': true,
  # 'use_naabu_config': false,
  # 'nmap_cmd': '',
  # 'nmap_script': '',
  # 'nmap_script_args': ''
 }

 # Directory and files discovery (passive & active)
 dir_file_fuzz: {
  'auto_calibration': true,
  'rate_limit': 150,
  'extensions': [],
  'follow_redirect': false,
  'max_time': 0,
  'match_http_status': [200, 204, 301, 302, 403, 500],
  'recursive_level': 1,
  'stop_on_error': false,
  'timeout': 10,
  'threads': 20,
  'wordlist_name': 'default',
  'run_passive': true,
  'run_active': true,
  # Active mode uses larger wordlists / higher threads; passive uses small calibrated lists
 }

 # Fetch endpoints / URLs configuration
 fetch_url: {
  'uses_tools': ['gospider', 'hakrawler', 'waybackurls', 'katana', 'gau'],
  'remove_duplicate_endpoints': true,
  'duplicate_fields': ['content_length', 'page_title'],
  'follow_redirect': false,
  'gf_patterns': ['debug_logic','idor','interestingEXT','interestingparams','interestingsubs','lfi','rce','redirect','sqli','ssrf','ssti','xss'],
  'ignore_file_extensions': ['png','jpg','jpeg','gif','mp4','mpeg','mp3','css','woff','woff2'],
  'threads': 30,
  'run_passive': true,
  'run_active': true
 }

 # Vulnerability scan options (nuclei + nikto + optional others)
 vulnerability_scan: {
  'run_nuclei': true,
  'run_nikto': true,
  'run_dalfox': false,
  'run_crlfuzz': false,
  'run_s3scanner': false,
  'concurrency': 50,
  'intensity': 'normal',
  'rate_limit': 25,
  'retries': 1,
  'timeout': 10,
  'fetch_llm_report': false,
  # Nuclei subconfig: separate passive/active templates
  'nuclei': {
    'use_nuclei_config': false,
    'run_passive_templates_first': true,
    'templates_passive': [],    # tag-list or specific templates for low-noise checks
    'templates_active': [],     # templates considered intrusive or high-noise
    'severities': ['unknown','info','low','medium','high','critical']
  }
 }

 # YOYO orchestration control (this hints the runner to perform the passive->active->passive cycle)
 yoyo: {
  'enabled': true,
  # phases: passive -> active -> validate-passive
  'phases': ['passive','active','passive-validate'],
  # pause between phases (seconds) to allow data aggregation and avoid bursts
  'pause_seconds_between_phases': 30,
  # whether to re-run fetch_url and screenshot in the final passive pass
  'final_passive_fetch_urls': true,
  'final_passive_screenshots': true
 }

 # Orchestration / runner hints
 orchestration: {
  'run_passive_first': true,
  'run_active': true,
  'scan_order': [
    'subdomain_discovery-passive',
    'fetch_url-passive',
    'osint-passive',
    'waf-passive',
    'screenshot-passive',
    'dir-fuzz-passive',
    'port-scan-passive',
    'vuln-nuclei-passive',
    'subdomain_discovery-active',
    'port-scan-active',
    'dir-fuzz-active',
    'vuln-nuclei-active',
    'screenshot-active',
    'fetch_url-active',
    'final-passive-validate'
  ],
  'max_total_runtime_seconds': 28800
 }
	reNgine full scan engine (subdomains + passive & active)
	# YOYO model: passive discovery -> active enumeration/validation -> passive re-check/cleanup
	# This engine performs subdomain enumeration, URL fetching, passive scans first,
	# then active follow-ups (port scan, aggressive dir fuzzing, active vuln templates),
	# then a final passive validation pass to reduce false positives and re-collect endpoints.
	# Drop this file in web/config/default_scan_engines/ and load with the update scripts/management commands.

	custom_header: {
	'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0',
	}
	# Global defaults (uncomment/adjust as needed)
	# 'timeout': 10
	# 'threads': 30
	# 'rate_limit': 150
	# 'intensity': 'normal'
	# 'retries': 1

	# Subdomain discovery (enabled - passive then active)
	subdomain_discovery: {
	'uses_tools': ['subfinder', 'amass', 'crtsh', 'ctfr', 'tlsx', 'oneforall'],
	'threads': 30,
	'timeout': 10,
	# Control passive vs active enumeration inside subdomain discovery
	'run_passive': true,
	'run_active': true,
	# Optional amass configuration (uncomment to use)
	# 'use_amass_config': false,
	# 'amass_wordlist': 'deepmagic.com-prefixes-top50000'
	}

	# HTTP crawling / precrawl behaviour (controls which ports are probed during initial crawl)
	http_crawl: {
	'threads': 20,
	'follow_redirect': false,
	# initial precrawl with common ports, followed by deeper scans in active phase
	'precrawl_ports': [80, 443, 8080, 8443, 3000, 5000],
	'precrawl_uncommon_ports': false,
	'precrawl_all_ports': false,
	'precrawl_batch_size': 350
	}

	# OSINT (passive + optional active lookups)
	osint: {
	'discover': [
	'emails',
	'metainfo',
	'employees',
	'documents'
	],
	'intensity': 'normal',
	'documents_limit': 100,
	'run_passive': true,
	'run_active': true
	}

	# WAF detection: passive header fingerprinting and active probing options
	waf_detection: {
	'run_passive': true,
	'run_active': true,
	'passive_tools': ['headers','wafw00f'],
	'active_tools': ['wafw00f-aggressive']
	}

	# Screenshots configuration
	screenshot: {
	'intensity': 'normal',
	'timeout': 10,
	'threads': 40,
	'take_on_passive': true,
	'take_on_active': true,
	'tools': ['aquatone','gowitness']
	}

	# Port scan configuration (supports passive discovery + active nmap/naabu)
	port_scan: {
	'timeout': 10,
	# default: top-100; can be a list of ports or range strings
	'ports': ['top-100'],
	'rate_limit': 150,
	'threads': 30,
	'passive': false,
	'run_passive': true,
	'run_active': true,
	'enable_nmap': true,
	# 'use_naabu_config': false,
	# 'nmap_cmd': '',
	# 'nmap_script': '',
	# 'nmap_script_args': ''
	}

	# Directory and files discovery (passive & active)
	dir_file_fuzz: {
	'auto_calibration': true,
	'rate_limit': 150,
	'extensions': [],
	'follow_redirect': false,
	'max_time': 0,
	'match_http_status': [200, 204, 301, 302, 403, 500],
	'recursive_level': 1,
	'stop_on_error': false,
	'timeout': 10,
	'threads': 20,
	'wordlist_name': 'default',
	'run_passive': true,
	'run_active': true,
	# Active mode uses larger wordlists / higher threads; passive uses small calibrated lists
	}

	# Fetch endpoints / URLs configuration
	fetch_url: {
	'uses_tools': ['gospider', 'hakrawler', 'waybackurls', 'katana', 'gau'],
	'remove_duplicate_endpoints': true,
	'duplicate_fields': ['content_length', 'page_title'],
	'follow_redirect': false,
	'gf_patterns': ['debug_logic','idor','interestingEXT','interestingparams','interestingsubs','lfi','rce','redirect','sqli','ssrf','ssti','xss'],
	'ignore_file_extensions': ['png','jpg','jpeg','gif','mp4','mpeg','mp3','css','woff','woff2'],
	'threads': 30,
	'run_passive': true,
	'run_active': true
	}

	# Vulnerability scan options (nuclei + nikto + optional others)
	vulnerability_scan: {
	'run_nuclei': true,
	'run_nikto': true,
	'run_dalfox': false,
	'run_crlfuzz': false,
	'run_s3scanner': false,
	'concurrency': 50,
	'intensity': 'normal',
	'rate_limit': 25,
	'retries': 1,
	'timeout': 10,
	'fetch_llm_report': false,
	# Nuclei subconfig: separate passive/active templates
	'nuclei': {
	'use_nuclei_config': false,
	'run_passive_templates_first': true,
	'templates_passive': [], # tag-list or specific templates for low-noise checks
	'templates_active': [], # templates considered intrusive or high-noise
	'severities': ['unknown','info','low','medium','high','critical']
	}
	}

	# YOYO orchestration control (this hints the runner to perform the passive->active->passive cycle)
	yoyo: {
	'enabled': true,
	# phases: passive -> active -> validate-passive
	'phases': ['passive','active','passive-validate'],
	# pause between phases (seconds) to allow data aggregation and avoid bursts
	'pause_seconds_between_phases': 30,
	# whether to re-run fetch_url and screenshot in the final passive pass
	'final_passive_fetch_urls': true,
	'final_passive_screenshots': true
	}

	# Orchestration / runner hints
	orchestration: {
	'run_passive_first': true,
	'run_active': true,
	'scan_order': [
	'subdomain_discovery-passive',
	'fetch_url-passive',
	'osint-passive',
	'waf-passive',
	'screenshot-passive',
	'dir-fuzz-passive',
	'port-scan-passive',
	'vuln-nuclei-passive',
	'subdomain_discovery-active',
	'port-scan-active',
	'dir-fuzz-active',
	'vuln-nuclei-active',
	'screenshot-active',
	'fetch_url-active',
	'final-passive-validate'
	],
	'max_total_runtime_seconds': 28800
	}
No results found