A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
General • Servers • Vulnerabilities • Exploits • Attack surface • Code • Mail addresses • Domains • URLs • DNS • Certificates • WiFi networks • Device Info • Credentials • Hidden Services • Social Networks • Phone numbers • Threat Intelligence • Web History
### General Search Engines - [Google](https://www.google.com/) - [Bing](https://www.bing.com/) - [Yahoo!](http://www.yahoo.com/) - [Yandex](https://yandex.com/) - [Ask](https://www.ask.com/) - [Baidu](https://www.baidu.com/) - [You](https://you.com/) - [SearXNG](https://searx.be/?q=) - [EXALead](http://www.exalead.com/search/web/) ### Servers - [Shodan](https://shodan.io) - Search Engine for the Internet of Everything - [Censys Search](https://search.censys.io/) - Search Engine for every server on the Internet to reduce exposure and improve security. - [Onyphe.io](https://www.onyphe.io/) - Cyber Defense Search Engine for open-source and cyber threat intelligence data - [ZoomEye](https://www.zoomeye.org/) - Global cyberspace mapping - [GreyNoise](https://viz.greynoise.io/) - The source for understanding internet noise - [Natlas](https://natlas.io/) - Scaling Network Scanning - [Netlas.io](https://netlas.io/) - Discover, Research and Monitor any Assets Available Online - [FOFA](https://fofa.info/) - Cyberspace mapping ### Vulnerabilities - [NIST NVD](https://nvd.nist.gov/vuln/search) - National Vulnerability Database - [MITRE CVE](https://cve.mitre.org/cve/search_cve_list.html) - Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities - [GitHub Advisory Database](https://github.com/advisories) - Security vulnerability database inclusive of CVEs and GitHub originated security advisories - [cloudvulndb.org](https://www.cloudvulndb.org/) - The Open Cloud Vulnerability & Security Issue Database - [osv.dev](https://osv.dev/list) - Open Source Vulnerabilities - [Vulners.com](https://vulners.com/) - Your Search Engine for Security Intelligence - [opencve.io](https://www.opencve.io/cve) - Easiest way to track CVE updates and be alerted about new vulnerabilities - [security.snyk.io](https://security.snyk.io/) - Open Source Vulnerability Database - [Mend Vulnerability Database](https://www.mend.io/vulnerability-database/) - The largest open source vulnerability DB - [Rapid7 - DB](https://www.rapid7.com/db/) - Vulnerability & Exploit Database - [CVEDetails](https://www.cvedetails.com/) - The ultimate security vulnerability datasource - [VulnIQ](https://vulniq.com/) - Vulnerability intelligence and management solution - [SynapsInt](https://synapsint.com/) - The unified OSINT research tool - [Aqua Vulnerability Database](https://avd.aquasec.com/) - Vulnerabilities and weaknesses in open source applications and cloud native infrastructure - [Vulmon](https://vulmon.com/) - Vulnerability and exploit search engine - [VulDB](https://vuldb.com/) - Number one vulnerability database - [ScanFactory](https://in.scanfactory.io/cvemon.html) - Realtime Security Monitoring - [Trend Micro Zero Day Initiative](https://www.zerodayinitiative.com/advisories/published/) - Publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers - [Google Project Zero](https://bugs.chromium.org/p/project-zero/issues/list?can=1&q=&sort=-id&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary) - Vulnerabilities including Zero Days - [Trickest CVE Repository](https://github.com/trickest/cve) - Gather and update all available and newest CVEs with their PoC. ### Exploits - [Exploit-DB](https://www.exploit-db.com/) - Exploit Database - [Sploitus](https://sploitus.com/) - Convenient central place for identifying the newest exploits - [Rapid7 - DB](https://www.rapid7.com/db/) - Vulnerability & Exploit Database - [Vulmon](https://vulmon.com/) - Vulnerability and exploit search engine - [packetstormsecurity.com](https://packetstormsecurity.com/) - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers - [0day.today](https://0day.today/) - Ultimate database of exploits and vulnerabilities - [LOLBAS](https://lolbas-project.github.io/) - Living Off The Land Binaries, Scripts and Libraries - [GTFOBins](https://gtfobins.github.io/) - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems - [Payloads All The Things](https://swisskyrepo.github.io/PayloadsAllTheThingsWeb/) - A list of useful payloads and bypasses for Web Application Security - [XSS Payloads](http://www.xss-payloads.com/) - The wonderland of JavaScript unexpected usages, and more - [exploitalert.com](https://www.exploitalert.com/search-results.html) - Database of Exploits - [Reverse Shell generator](https://www.revshells.com/) - Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode. ### Attack Surface - [FullHunt.io](https://fullhunt.io/) - Attack surface database of the entire Internet - [BinaryEdge](https://www.binaryedge.io/) - We scan the web and gather data for you - [Censys ASM](https://censys.io/) - Attack Surface Management Solutions - [RedHunt Labs](https://redhuntlabs.com/) - Discover your Attack Surface, Continuously - [SecurityTrails](https://securitytrails.com/) - The Total Internet Inventory - [overcast-security.com](https://overcast-security.com/) - We make tracking your external attack surface easy - [IPInfo.io](https://ipinfo.io/) - The trusted source for IP address data - [IPData.co](https://ipdata.co/) - IP Geolocation and Threat Intelligence API - [NetworksDB](https://networksdb.io/) - information about the public IPv4 and IPv6 addresses, networks and domains owned by companies and organisations across the world ### Code Search Engines - [GitHub Code Search](https://cs.github.com/) - Search globally across all of GitHub, or scope your search to a particular repository or organization - [grep.app](https://grep.app/) - Search across a half million git repos - [publicwww.com](https://publicwww.com/) - Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code - [SearchCode](https://searchcode.com/) - Search 75 billion lines of code from 40 million projects - [NerdyData](https://www.nerdydata.com/) - Find companies based on their website's tech stack or code - [RepoSearch](http://codefinder.org/) - Source code search engine that helps you find implementation details, example usages or just analyze code - [SourceGraph](https://about.sourcegraph.com/) - Understand and search across your entire codebase - [HotExamples](https://hotexamples.com/) - Search code examples from over 1 million projects - [WP Directory](https://wpdirectory.net/) - Lightning fast regex searching of code in the WordPress Plugin and Theme Directories ### Mail Addresses - [Hunter.io](https://hunter.io/) - Find professional email addresses in seconds - [PhoneBook](https://phonebook.cz/) - Lists all domains, email addresses, or URLs for the given input domain - [IntelligenceX](https://intelx.io/) - Search engine and data archive - [Reacher.email](https://reacher.email/) - Open-Source Email Verification - [RocketReach](https://rocketreach.co/) - Your first-degree connection to any professional - [email-format.com](https://www.email-format.com/) - Find the email address formats in use at thousands of companies - [EmailHippo](https://tools.emailhippo.com/) - Email address verification technology - [ThatsThem](https://thatsthem.com/reverse-email-lookup) - Reverse email lookup - [verify-email.org](https://verify-email.org/) - Checks whether the mailbox exists or not - [Melissa - Emailcheck](https://www.melissa.com/v2/lookups/emailcheck/email/) - Check email addresses and verify they are live - [VoilaNorbert](https://www.voilanorbert.com/) - I can find anyone's email address - [SynapsInt](https://synapsint.com/) - The unified OSINT research tool - [skymem.info](http://www.skymem.info/) - Find email addresses of companies and people - [findemails.com](https://www.findemails.com/) - Find Anyone's Email Address in Seconds ### Domains - [PhoneBook](https://phonebook.cz/) - Lists all domains, email addresses, or URLs for the given input domain - [IntelligenceX](https://intelx.io/) - Search engine and data archive - [Omnisint](https://omnisint.io/subdomain-enumeration) - Subdomain enumeration - [Riddler](https://riddler.io/) - Allows you to search in a high quality dataset - [RobTex](https://www.robtex.com/) - Various kinds of research of IP numbers, Domain names, etc - [CentralOps - DomainDossier](https://centralops.net/co/DomainDossier.aspx) - Investigate domains and IP addresses - [DomainIQ](https://www.domainiq.com/) - Comprehensive Domain Intelligence - [whois.domaintools.com](https://whois.domaintools.com/) - Industry’s fastest domain discovery engine and broadest, most accurate data - [grayhatwarfare.com - domains](https://shorteners.grayhatwarfare.com/domains) - How to search URLs exposed by Shortener services - [whoisology.com](https://whoisology.com/) - Deep Connections Between Domain Names & Their Owners - [who.is](https://who.is/) - WHOIS Search, Domain Name, Website, and IP Tools - [pentest-tools.com](https://pentest-tools.com/information-gathering/find-subdomains-of-domain) - Discover subdomains and determine the attack surface of an organization - [BuiltWith](https://builtwith.com/) - Find out what websites are Built With - [MoonSearch](http://moonsearch.com/) - Backlinks checker & SEO Report - [sitereport.netcraft.com](https://sitereport.netcraft.com/) - Find out the infrastructure and technologies used by any site - [SynapsInt](https://synapsint.com/) - The unified OSINT research tool - [spyonweb.com](https://spyonweb.com/) - Find out related websites - [statscrop.com](https://www.statscrop.com/) - Millions of amazing websites across the web are being analyzed with StatsCrop - [securityheaders.com](https://securityheaders.com/) - Scan your site now - [visualsitemapper.com](http://www.visualsitemapper.com/) - Create a visual map of your site - [similarweb.com](https://www.similarweb.com/) - The easiest and fastest tool to find out what's really going on online - [buckets.grayhatwarfare.com](https://buckets.grayhatwarfare.com/) - Public buckets - [C99.nl](https://api.c99.nl/) - Over 57 quality API's and growing! - [PassiveTotal](https://www.riskiq.com/products/passivetotal/) - Security intelligence that scales security operations and response - [wannabe1337.xyz](https://wannabe1337.xyz/) - Online Tools - [subdomainfinder.c99.nl](https://subdomainfinder.c99.nl/) - Scanner that scans an entire domain to find as many subdomains as possible - [AnubisDB](https://jonlu.ca/anubis/) - Subdomain enumeration and information gathering tool - [WhoisXMLAPI](https://www.whoisxmlapi.com/) - Domain & IP Data Intelligence for Greater Enterprise Security ### URLs - [PhoneBook](https://phonebook.cz/) - Lists all domains, email addresses, or URLs for the given input domain - [IntelligenceX](https://intelx.io/) - Search engine and data archive - [URLScan](https://urlscan.io/) - A sandbox for the web - [HackerTarget](https://hackertarget.com/ip-tools/) - Collect information about IP Addresses, Networks, Web Pages and DNS records - [MOZ Link Explorer](https://moz.com/link-explorer) - The world's best backlink checker with over 40 trillion links - [shorteners.grayhatwarfare.com](https://shorteners.grayhatwarfare.com/) - Search URLs exposed by Shortener services - [CommonCrawl Index](http://index.commoncrawl.org/) - Open repository of web crawl data ### DNS - [DNSDumpster](https://dnsdumpster.com/) - dns recon & research, find & lookup dns records - [Chaos](https://chaos.projectdiscovery.io/#/) - Enhance research and analyse changes around DNS for better insights - [RapidDNS](https://rapiddns.io/) - dns query tool which make querying subdomains or sites of a same ip easy - [DNSdb](https://docs.farsightsecurity.com/#dnsdb) - Passive DNS historical database - [Omnisint](https://omnisint.io/reverse-dns-lookup) - Reverse DNS lookup - [HackerTarget](https://hackertarget.com/ip-tools/) - Collect information about IP Addresses, Networks, Web Pages and DNS records - [passivedns.mnemonic.no](https://passivedns.mnemonic.no/) - Web interface for querying passive DNS data collected in our malware lab - [ptrarchive.com](http://ptrarchive.com/) - Over 230 billion reverse DNS entries from 2008 to the present - [dnshistory.org](http://dnshistory.org/) - Domain Name System Historical Record Archive - [DNSTwister](https://dnstwister.report/) - The anti-phishing domain name search engine and DNS monitoring service - [DNSviz](https://dnsviz.net/) - Tool for visualizing the status of a DNS zone - [C99.nl](https://api.c99.nl/) - Over 57 quality API's and growing - [PassiveTotal](https://www.riskiq.com/products/passivetotal/) - Security intelligence that scales security operations and response - [wannabe1337.xyz](https://wannabe1337.xyz/) - Online Tools - [DNSlytics](https://dnslytics.com/) - Find out everything about a domain name, IP address or provider. - [dnsrepo.noc.org](https://dnsrepo.noc.org/) - DNS Database Repository Search ### Certificates - [Crt.sh](https://crt.sh/) - Certificate Search - [CTSearch](https://ui.ctsearch.entrust.com/ui/ctsearchui) - Certificate Transparency Search Tool - [tls.bufferover.run](https://tls.bufferover.run/) - Quickly find certificates in IPv4 space - [CertSpotter](https://sslmate.com/certspotter/) - Monitors your domains for expiring, unauthorized, and invalid SSL certificates - [SynapsInt](https://synapsint.com/) - The unified OSINT research tool - [Censys Search - Certificates](https://search.censys.io/certificates) - Certificates Search - [PassiveTotal](https://www.riskiq.com/products/passivetotal/) - Security intelligence that scales security operations and response - [ciphersuite.info](https://ciphersuite.info/) - TLS Ciphersuite Search. Search for a particular cipher suite by using IANA, OpenSSL or GnuTLS name format ### WiFi Networks - [Wigle.net](https://wigle.net/) - Maps and database of 802.11 wireless networks with statistics - [wifimap.io](https://www.wifimap.io/) - Connect to all Free WiFi Hotspots using WiFi Map App all over the World! - [wificafespots.com](http://www.wificafespots.com/) - Free WiFi Cafe Spots - [wifispc.com](https://wifispc.com/) - Free map of Wi-Fi passwords anywhere you go! - [openwifimap.net](https://openwifimap.net/) - HTML5 map with OpenWiFiMap data - [mylnikov.org](https://www.mylnikov.org/) - Public API implementation of Wi-Fi Geo-Location database ### Device Information - [MAC Vendor Lookup](https://www.macvendorlookup.com/) - Look up the vendor for a specific MAC Address - [macvendors.com](https://macvendors.com/) - Find MAC Address Vendors. Now. - [macaddress.io](https://macaddress.io/) - MAC address vendor lookup - [maclookup.app](https://maclookup.app/) - Find the vendor name of a device by entering an OUI or a MAC address ### Credentials - [Have I Been Pwned](https://haveibeenpwned.com/) - Check if your email or phone is in a data breach - [Dehashed](https://www.dehashed.com/) - Free deep-web scans and protection against credential leaks - [Leak-Lookup](https://leak-lookup.com/) - Search across thousands of data breaches - [Snusbase](https://snusbase.com/) - Stay on top of the latest database breaches - [LeakCheck.io](https://leakcheck.io/) - Make sure your credentials haven't been compromised - [crackstation.net](https://crackstation.net/) -Massive pre-computed lookup tables to crack password hashes - [breachdirectory.org](https://breachdirectory.org/) - Check if your information was exposed in a data breach - [BreachForums](https://breached.to/) - Breaches, Data leaks, databases and more - [Siph0n Breach DB (onionsite)](siphondkh34l5vki.onion/) - Breaches, Data leaks, Exploits - [HashKiller](https://hashkiller.io/listmanager) - Pre-cracked Hashes, easily searchable ### Hidden Services - [AHMIA](https://ahmia.fi/) - Search hidden services on the Tor network - [thehiddenwiki.org](https://thehiddenwiki.org/) - The darknet guide - [tor.link](https://tor.link/) - Free anonymous deepweb / Darknet search engine - [deepweblinks.net](https://deepweblinks.net/) - Onion Links - [onionengine.com](https://onionengine.com/) - A search engine for services accessible on the Tor network - [OnionLand](https://onionlandsearchengine.com/) - Discover Hidden Services and access to Tor's onion sites ### Social Networks These can be useful for osint and social engineering. - [Facebook](https://www.facebook.com/) - [Instagram](https://www.instagram.com/) - [YouTube](https://www.youtube.com/) - [Twitter](https://twitter.com/) - [LinkedIn](https://www.linkedin.com/) - [Reddit](https://new.reddit.com/) - [Pinterest](https://www.pinterest.com/) - [Tumblr](https://www.tumblr.com/) - [Flickr](https://www.flickr.com/) - [SnapChat](https://www.snapchat.com/) - [Whatsapp](https://www.whatsapp.com/) - [Quora](https://www.quora.com/) - [TikTok](https://www.tiktok.com/) - [Vimeo](https://vimeo.com/) - [Medium](https://medium.com/) - [WeChat](https://www.wechat.com/) - [VK](https://vk.com/) - [Weibo](https://weibo.com/) - [Tinder](https://tinder.com/) ### Phone Numbers - [NumLookup](https://www.numlookup.com/) - Free reverse phone lookup - [SpyDialer](https://spydialer.com/) - Free Reverse Lookup Search - [WhitePages](https://www.whitepages.com/) - Find people, contact info & background checks - [National Cellular Directory](https://www.nationalcellulardirectory.com/) - Begin your comprehensive people search now - [Phone Validator](https://www.phonevalidator.com/) - Is it a cell phone or is it a landline or is it a fake? - [Free Carrier Lookup](https://freecarrierlookup.com/) - Enter a phone number and we'll return the carrier name - [RocketReach](https://rocketreach.co/) - Your first-degree connection to any professional - [sync.me](https://sync.me/) - Find out who called - [EmobileTracker](https://www.emobiletracker.com/) - Track Mobile Owner Name, Location and Mobile Service Provider - [Reverse Phone Lookup](https://www.reversephonelookup.com/) - Find Out The Owner Of A Phone Number - [ThatsThem](https://thatsthem.com/reverse-phone-lookup) - Reverse phone lookup - [thisnumber.com](https://www.thisnumber.com/) - International Phone Directories - [usphonebook.com](https://www.usphonebook.com/) - Free Reverse Phone Number Lookup - [truepeoplesearch.com](https://www.truepeoplesearch.com/#) - Get current address, cell phone number, email address, relatives, friends and a lot more - [Tellows](https://www.tellows.com/) - Who is calling? The phone number reverse search - [SynapsInt](https://synapsint.com/) - The unified OSINT research tool - [C99.nl](https://api.c99.nl/) - Over 57 quality API's and growing ### Threat Intelligence - [MITRE ATT&CK](https://attack.mitre.org/) - Globally-accessible knowledge base of adversary tactics and techniques - [PulseDive](https://pulsedive.com/) - Threat intelligence made easy - [ThreatCrowd](https://threatcrowd.org/) - A Search Engine for Threats - [ThreatMiner](https://www.threatminer.org/) - Data Mining for Threat Intelligence - [VirusTotal](https://www.virustotal.com/) - Analyze suspicious files, domains, IPs and URLs to detect malware and other breaches - [vx-underground.org](https://www.vx-underground.org/) - Malware library - [bazaar.abuse.ch](https://bazaar.abuse.ch/browse/) - Malware sample database - [feodotracker.abuse.ch](https://feodotracker.abuse.ch/browse/) - List of botnet Command&Control servers - [sslbl.abuse.ch](https://sslbl.abuse.ch/ssl-certificates/) - All malicious SSL certificates - [urlhaus.abuse.ch](https://urlhaus.abuse.ch/browse/) - Propose new malware urls - [threatfox.abuse.ch](https://threatfox.abuse.ch/browse/) - Indicator Of Compromise (IOC) database - [yaraify.abuse.ch](https://yaraify.abuse.ch/) - Scan suspicious files such as malware samples or process dumps against a large repository of YARA rules - [Rescure](https://rescure.me/) - Curated cyber threat intelligence for everyone - [otx.alienvault](https://otx.alienvault.com/) - The World's First Truly Open Threat Intelligence Community - [urlquery.net](https://urlquery.net/) - Service for detecting and analyzing web-based malware - [socradar.io](https://socradar.io/) - Extension to your SOC team - [VirusShare](https://virusshare.com/) - System currently contains 48 million malware samples - [WikiLeaks](https://wikileaks.org/) - News leaks and classified media provided by anonymous sources - [PassiveTotal](https://www.riskiq.com/products/passivetotal/) - Security intelligence that scales security operations and response - [malapi.io](https://malapi.io/) - Windows APIs used for malicious purposes - [filesec.io](https://filesec.io/) - Latest file extensions being used by attackers - [leakix.net](https://leakix.net/) - Search engine indexing public information and an open reporting platform linked to the results - [tria.ge](https://tria.ge/s) - Fully automated solution for high-volume malware analysis using advanced sandboxing technology - [Polyswarm](https://polyswarm.network/) - Launchpad for new technologies and innovative threat detection methods - [Cisco Talos](https://talosintelligence.com/) - The threat intelligence organization at the center of the Cisco Security portfolio - [scamsearch.io](https://scamsearch.io/#anchorCeckNow) - Find your scammer online & report them - [CyberCampaigns](http://www.cybercampaigns.net/) - Threat Actor information and Write-Ups - [ORKL](https://orkl.eu/) - The Community Driven Cyber Threat Intelligence Library - [Maltiverse](https://maltiverse.com/search) - Data from more than 100 different Threat Intelligence sources - [Inquest Labs](https://labs.inquest.net/) - Threat intelligence from hundreds of public, private, and internal sources to develop new FDR signatures and rules - [PhishTank](https://phishtank.org/) - Collaborative clearing house for data and information about phishing on the Internet - [IntelOwl](https://github.com/intelowlproject/IntelOwl) - Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale - [Lupovis](https://prowl.lupovis.io/) - Analyze and collect data on Internet-wide scans and attacks in real-time. We use this data to identify and classify malicious actors. - [AbuseIPDB](https://www.abuseipdb.com/) - Check the report history of any IP address to see if anyone else has reported malicious activities. - [Sucuri SiteCheck](https://sitecheck.sucuri.net/) - Check websites for known malware, viruses, blacklisting status, website errors, out-of-date software, and malicious code. - [Spamhaus](https://spamhaus.com) - Protect and investigate using IP and domain reputation data ### Web History - [Web Archive](https://web.archive.org/) - Explore more than 702 billion web pages saved over time - [Archive.ph](https://archive.ph/) - Create a copy of a webpage that will always be up even if the original link is down - [CachedPages](http://www.cachedpages.com/) - Get the cached page of any URL - [stored.website](https://stored.website/) - View cached web pages/website - [CommonCrawl](https://commoncrawl.org/) - Open repository of web crawl data - [UK Web Archive](https://www.webarchive.org.uk/ukwa/) - Collects millions of websites each year, preserving them for future generations - [Arquivo](https://arquivo.pt/) - Non-profit service that maintains information published on the web of interest to the Portuguese community. ### Unclassified - [NetoGraph](https://netograph.io/) - Captures and indexes detailed, low-level snapshots of website behaviour - [DorkSearch](https://dorksearch.com/) - Speed up your Dorking - [usersearch.org](https://usersearch.org/) - Find someone by username or email on Social Networks, Dating Sites, Forums, Crypto Forums, Chat Sites and Blogs - [Insecam.org](http://www.insecam.org/en/) - The world biggest directory of online surveillance security cameras ### Not working / Paused - [DNS.BufferOver.run](https://dns.bufferover.run/) --------- If you want to propose changes, just open an [issue](https://github.com/edoardottt/awesome-hacker-search-engines/issues) or a [pull request](https://github.com/edoardottt/awesome-hacker-search-engines/pulls). [edoardoottavianelli.it](https://www.edoardoottavianelli.it) to contact me.