1. Understanding ReNgine

ReNgine 2.0 is a collection of tools designed not only for reconnaissance but also equipped with an intuitive graphical user interface, making it particularly suitable for beginners. I recommend utilizing a VPN on your Windows desktop before launching a scan to prevent your IP from being banned across the internet, especially when conducting scans beyond reconnaissance.

2. Setting Up Windows Subsystem for Linux (WSL 2)

WSL 2 runs with Hyper-V Virtualization, so you might need to enable that in the BIOS, if you haven’t.

• Open the Terminal as an Administrator, copy and paste

wsl --install

• Set WSL default version to avoid future problems

wsl --set-default-version 2

• At this point you can install the below Ubuntu version, which worked for me or Kali Linux directly from the Microsoft Store

• Ubuntu 22.04.3 LTS - Official app in the Microsoft Store
• Kali Linux - Official app in the Microsoft Store

3. Installing ReNgine on WSL

• Install Docker Desktop on Windows

• Open it and go the Setting, then make sure “Use the WSL 2 based engine” is enabled

• The options in the Resources tab should appear as follows, with the integration enabled on the system you installed (in this case, Ubuntu 22.04).

• Now to open the Linux System with the Terminal (install the new Terminal in Case you haven’t)
• Open Terminal and from there you can select the System

• Within the Ubuntu instance, use the following command to install prerequisites, clone the GitHub repository, navigate to it, and modify the “POSTGRES_PASSWORD” in the dotenv file using:

sudo apt update && sudo apt upgrade && sudo apt install make && sudo apt install build-essential && git clone https://github.com/yogeshojha/rengine && cd rengine && nano .env

• Inside the dotenv file edit the maximum concurrency to your machines RAM

• Finally running the install script and enter username and a safe password when prompted

chmod +x && sudo ./install.sh

• ReNgine is now accessible through your web browser at https://127.0.0.1
• While you’re in the /rengine folder in the linux terminal you can run the command sudo make stop, to stop the instance and sudo make up to start it

4. Configuring ReNgine

As for Configuration its highly recommended to provide an OpenAI API key at the API Vault in ReNgine’s Settings.

• Simply create one at https://platform.openai.com/api-keys

5. Running Your First ReNgine Scan

• Select Quick Add

• Add your target, for example a domain

• Specify a Scan Engine or make a custom one

• Optionally import additional Subdomains and add Out-of-Scope Subdomains, as well as Filtering, before initiating the Scan

6. Tips for Effective Bug Hunting

• Mainly use reNgine for Recon, not relying on automated Vulnerability Scans
• Use a customized Scan Engine
• Add your Discord WebHook for additional functionality like Notifications

Conclusion

ReNgine on Windows WSL offers a user-friendly solution for bug hunting reconnaissance. Its seamless integration and security measures make it a valuable asset for cybersecurity enthusiasts.

Additional Resources

• reNgine
• Critical Thinking - Bug Bounty Podcast

Getting Started with Recon Automation using ReNgine on Windows (WSL): Installation Guide was originally published in System Weakness on Medium, where people are continuing the conversation by highlighting and responding to this story.

Introduction

Google Dorking, or Bing Dorking, represents a technique leveraging search engines to uncover sensitive files and intriguing endpoints like login panels. These endpoints often get indexed through various channels, such as User-Generated content.

Background

Participating in Bug Bounty and Vulnerability Disclosure Programs underscores the importance of uncovering vulnerabilities that Pentesters may have missed due to time constraints. Google Dorking, a component of the passive Reconnaissance Phase, enables the identification of potential vulnerabilities without direct interaction with the target. Success with dorking, however, depends on the target, particularly when only a few pages are indexed.

Discovery of Vulnerabilities

The nature of these vulnerabilities can range from an organization being obligated to publish financial documents to a misconfiguration, which becomes a potential vulnerability vector when disclosing sensitive information. Determining the relevance of a vulnerability to the organization’s Threat Model involves defining the impact, explaining what adversaries can achieve.

Manual Google Dorking Process

1. Specify the target domain using site:example.com or the organization name with an optional © symbol, “© OrganizationName“

2. Check for various file formats using ext: and the or operator|

site:example.com ext:log | ext:txt | ext:pdf | ext:docx | ext:docm | ext:dot | ext:dotx | ext:odt | ext:rtf | ext:xls | ext:xlsx

3. Narrow the search for special terms in the files like “confidential” “internal”

site:example.com "confidential" ext:log | ext:txt | ext:pdf | ext:docx | ext:docm | ext:dot | ext:dotx | ext:odt | ext:rtf | ext:xls | ext:xlsx

4. If no sensitive files are found, search for other interesting endpoints using inurl: and intitle:

site:example.com inurl:login | intitle:login | intitle:dashboard | inurl:dashboard

5. Finally, it’s worth checking Bing for interesting endpoints, especially if the target is running Windows IIS.

site:example.com "login"

Risk Assessment

Potential risks of vulnerabilities, such as information disclosure of Personally Identifiable Information (PII) through files, can lead to significant fines by authorities, reputational damage, and more, depending on the scale and sensitivity.

Mitigation

Mitigating vulnerabilities identified through Google Dorking requires organizations to implement Attack Surface Management, in addition to Pentesting, VDPs/BBPs, and advising employees not to publish sensitive links on social media.

Lessons Learned

• Include Google and Bing Dorking among the initial steps in your methodology
• Adjust your Dorking keywords depending on the target
• Check Bing Dorking for any target with Windows IIS technology (Good Tip by Orwa Atyat)

Conclusion

While the vulnerability vectors I discovered weren’t groundbreaking, they provided me with valuable insights and leads on vulnerabilities.

Other Resources

• OffSec's Exploit Database Archive
• Mass Google Dorking Techniques for Bug Bounty
• Orwa Atyat - Medium