bug: Vulnerabilities Discovered 0

[zinwelzl]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Test URL with lot of vulns, rengine 2.1.2. last update, Vulnerabilities Discovered 0.

All work great, but after today update, no vulns discovered.

Expected Behavior

Vulnerabilities Discovered should have vulns, this is my test site.

Steps To Reproduce

Full scan

Environment

- reNgine: 2.1.2

last update

Anything else?

No response

[github-actions]

👋 Hi @zinwelzl,
Issues is only for reporting a bug/feature request. Please read documentation before raising an issue https://rengine.wiki
For very limited support, questions, and discussions, please join reNgine Discord channel: https://discord.gg/azv6fzhNCE
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

[zinwelzl]

ZAP and others tools find more then 50 vulns, even there is more, but regine after update 0 vulns.

[zinwelzl]

https://ginandjuice.shop/ also no vulns with rengine, other tools find vuls

[lintianyuan666]

I found this bug too.No vulns found whit rengine,and no subdomain found too.

[jimmyn88]

Has anyone solved the problem?

[yogeshojha]

@lintianyuan666 no subdomains? which tools are you using in yaml for subdomain enum?

[lintianyuan666]

@lintianyuan666 no subdomains? which tools are you using in yaml for subdomain enum?

default tools.proberly subfinder

[jimmyn88]

Anyway, manually running Nuclei with the same command as reNgine, but replacing /usr/src/scan_results/juice-shop.herokuapp.com_10/urls_unfurled.txt with the URL (juice-shop.herokuapp.com), it successfully returns vulnerabilities. The issue seems to be that the urls_unfurled.txt file is empty.

[jimmyn88]

Can I ask how the file urls_unfurled.txt is generated? Which method does the platform use to make it?