rengine icon indicating copy to clipboard operation
rengine copied to clipboard

Published 20 hours ago verified publisher icon yogeshojha

Feature - Adding module for Netlas.io, domainiq.com, builtwith.com and whoisxmlapi.com

Open 7onez opened this issue 2 years ago • 3 comments

These Netlas.io, domainiq.com, builtwith.com and whoisxmlapi.com API modules will help to gather information on a target and good for threat intel.

Thank you

7onez avatar Jul 29 '22 10:07 7onez

👋 Hi @7onez, Issues is only for reporting a bug/feature request. Please read documentation before raising an issue https://rengine.wiki For very limited support, questions, and discussions, please join reNgine Discord channel: https://discord.gg/azv6fzhNCE Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

github-actions[bot] avatar Jul 29 '22 10:07 github-actions[bot]

Hi @7onez Looks like most of these are paid, can you please help me with free-to-use APIs/service providers so that I can integrate? Paid tools are a problem because not everyone can afford to use them.

yogeshojha avatar Aug 19 '22 18:08 yogeshojha

Dear Yogeshojha/Rengine,

I think Netlas.io is a great option to be integrated since it's offering many free options for a free user account. Otherwise, I would love to see that Dalfox can be also integrated for XSS scan.

Thank you for the great work that you are doing for cybersec society. Best regards,

Hieu Ngo (Hieupc) - Cybersecurity researcher at Viet Nam's NCSC, APWG, VirusTotal, URLScan and Scamadviser

On Sat, Aug 20, 2022 at 1:55 AM Yogesh Ojha @.***> wrote:

Hi @7onez https://github.com/7onez Looks like most of these are paid, can you please help me with free-to-use APIs/service providers so that I can integrate? Paid tools are a problem because not everyone can afford to use them.

— Reply to this email directly, view it on GitHub https://github.com/yogeshojha/rengine/issues/676#issuecomment-1221004339, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARMUTPGSYIVQHT4VG4JAI4DVZ7KC5ANCNFSM55AJ3G5Q . You are receiving this because you were mentioned.Message ID: @.***>

7onez avatar Aug 31 '22 15:08 7onez

We can consider using paid tools that would be enable with an API key in the config.

But before this, let's answer these questions:

  • [ ] Which features do those services bring that we don't already have ?
  • [ ] Is there an Open-Source alternative that would fill the same purpose ?

Regarding dalfox, it looks pretty good, it seems well-maintained and feature-rich. We are currently using naabu for vulnerability scans and it has XSS templates, so we should find out which features dalfox has that naabu doesn't to see if it's a good candidate to be added to reNgine.

ocervell avatar Oct 19 '22 17:10 ocervell

For Netlas, it offers to search sensitive secrets or keywords inside HTML body by using: http.body (I found out the same time the Free account offers most of tools that a bug hunter needs). As far as I know, there is no alternative like this for open source. You can contact the owner of Netlas for more information: Artur Kotylevskiy email at: @.***

To me and many others that I know, Dalfox is way better than many other XSS scanners.

Please have some considerations.

Thank you,

Hieu Ngo

Best regards,

Hieu Ngo (Hieupc) - Cybersecurity researcher at Viet Nam's NCSC, APWG, VirusTotal, URLScan and Scamadviser

On Thu, Oct 20, 2022 at 12:03 AM Olivier Cervello @.***> wrote:

We can consider using paid tools that would be enable with an API key in the config.

But before this, let's answer these questions:

  • Which features do those services bring that we don't already have ?
  • Is there an Open-Source alternative that would fill the same purpose ?

Regarding dalfox, it looks pretty good, it seems well-maintained and feature-rich. We are currently using naabu for vulnerability scans and it has XSS templates, so we should find out which features dalfox has that naabu doesn't to see if it's a good candidate to be added to reNgine.

— Reply to this email directly, view it on GitHub https://github.com/yogeshojha/rengine/issues/676#issuecomment-1284317696, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARMUTPAQYT7PDB5SFNMRAY3WEASV7ANCNFSM55AJ3G5Q . You are receiving this because you were mentioned.Message ID: @.***>

7onez avatar Oct 30 '22 08:10 7onez

This is now a part of reNgine 2.0

Thank you :pray:

yogeshojha avatar Oct 25 '23 11:10 yogeshojha

Thank you for your response

On Wed, Oct 25, 2023, 6:55 PM Yogesh Ojha @.***> wrote:

Closed #676 https://github.com/yogeshojha/rengine/issues/676 as completed.

— Reply to this email directly, view it on GitHub https://github.com/yogeshojha/rengine/issues/676#event-10766283175, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARMUTPERUKFMPTHFRULYUTLYBD4Z3AVCNFSM55AJ3G52U5DIOJSWCZC7NNSXTWQAEJEXG43VMVCXMZLOORHG65DJMZUWGYLUNFXW4OZRGA3TMNRSHAZTCNZV . You are receiving this because you were mentioned.Message ID: @.***>

7onez avatar Oct 25 '23 12:10 7onez