A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Go to file
2022-07-11 16:53:42 +02:00
README.md Update README.md 2022-07-11 16:53:42 +02:00

Awesome Hacker Search Engines

A list of search engines useful during Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more

GeneralServersVulnerabilitiesExploitsAttack surfaceCodeMail addressesDomainsURLsDNSCertificatesWiFi networksDevice InfoCredentialsSocial NetworksPhone numbersThreat IntelligenceWeb History

General Search Engines

Servers

  • Shodan - Search Engine for the Internet of Everything
  • Onyphe.io - Cyber Defense Search Engine for open-source and cyber threat intelligence data
  • ZoomEye - Global cyberspace mapping
  • GreyNoise - The source for understanding internet noise
  • Natlas - Scaling Network Scanning
  • Netlas.io - Discover, Research and Monitor any Assets Available Online
  • FOFA - Cyberspace mapping

Vulnerabilities

  • NIST NVD - National Vulnerability Database
  • MITRE CVE - Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities
  • GitHub Advisory Database - Security vulnerability database inclusive of CVEs and GitHub originated security advisories
  • cloudvulndb.org - The Open Cloud Vulnerability & Security Issue Database
  • osv.dev - Open Source Vulnerabilities
  • Vulners.com - Your Search Engine for Security Intelligence
  • opencve.io - Easiest way to track CVE updates and be alerted about new vulnerabilities
  • security.snyk.io - Open Source Vulnerability Database
  • Rapid7 - DB - Vulnerability & Exploit Database
  • CVEDetails - The ultimate security vulnerability datasource
  • VulnIQ - Vulnerability intelligence and management solution
  • SynapsInt - The unified OSINT research tool
  • Aqua Vulnerability Database - Vulnerabilities and weaknesses in open source applications and cloud native infrastructure
  • Vulmon - Vulnerability and exploit search engine
  • VulDB - Number one vulnerability database

Exploits

  • Exploit-DB - Exploit Database
  • Sploitus - Convenient central place for identifying the newest exploits
  • Rapid7 - DB - Vulnerability & Exploit Database
  • Vulmon - Vulnerability and exploit search engine
  • packetstormsecurity.com - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
  • 0day.today - Ultimate database of exploits and vulnerabilities
  • LOLBAS - Living Off The Land Binaries, Scripts and Libraries
  • GTFOBins - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Attack Surface

  • FullHunt.io - Attack surface database of the entire Internet
  • BynaryEdge - We scan the web and gather data for you
  • Censys - Attack Surface Management Solutions
  • RedHunt Labs - Discover your Attack Surface, Continuously
  • SecurityTrails - The Total Internet Inventory
  • criminalip.io - Cyber Threat Intelligence Search Engine and Attack Surface Management(ASM) platform
  • overcast-security.com - We make tracking your external attack surface easy

Code Search Engines

  • GitHub Code Search
  • grep.app - Search across a half million git repos
  • publicwww.com - Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code
  • SearchCode - Search 75 billion lines of code from 40 million projects
  • NerdyData - Find companies based on their website's tech stack or code
  • RepoSearch - Source code search engine that helps you find implementation details, example usages or just analyze code
  • SourceGraph - Understand and search across your entire codebase
  • HotExamples - Search code examples from over 1 million projects

Mail Addresses

Domains

URLs

DNS

  • DNSDumpster - dns recon & research, find & lookup dns records
  • Chaos - Enhance research and analyse changes around DNS for better insights
  • RapidDNS - dns query tool which make querying subdomains or sites of a same ip easy
  • DNSdb - Passive DNS historical database
  • Omnisint - Reverse DNS lookup
  • HackerTarget - Collect information about IP Addresses, Networks, Web Pages and DNS records
  • passivedns.mnemonic.no - Web interface for querying passive DNS data collected in our malware lab
  • ptrarchive.com - Over 230 billion reverse DNS entries from 2008 to the present
  • dnshistory.org - Domain Name System Historical Record Archive
  • DNSTwister - The anti-phishing domain name search engine and DNS monitoring service
  • DNSviz - Tool for visualizing the status of a DNS zone
  • C99.nl - Over 57 quality API's and growing
  • PassiveTotal - Security intelligence that scales security operations and response

Certificates

WiFi Networks

  • Wigle.net - Maps and database of 802.11 wireless networks with statistics

Device Information

Credentials

  • Have I Been Pwned - Check if your email or phone is in a data breach
  • Dehashed - Free deep-web scans and protection against credential leaks
  • Leak-Lookup - Search across thousands of data breaches
  • Snusbase - Stay on top of the latest database breaches
  • LeakCheck.io - Make sure your credentials haven't been compromised
  • crackstation.net -Massive pre-computed lookup tables to crack password hashes
  • breachdirectory.org - Check if your information was exposed in a data breach
  • BreachForums - Breaches, Data leaks, databases and more

Social Networks

These can be useful for osint and social engineering.

Phone Numbers

Threat Intelligence

Web History

  • Web Archive - Explore more than 702 billion web pages saved over time
  • Archive.ph - Create a copy of a webpage that will always be up even if the original link is down
  • CachedPages - Get the cached page of any URL
  • stored.website - View cached web pages/website
  • CommonCrawl - Open repository of web crawl data
  • UK Web Archive - Collects millions of websites each year, preserving them for future generations

Unclassified


If you want to propose changes, just open an issue or a pull request.

edoardoottavianelli.it to contact me.