awesome-hacker-search-engines/README.md
2022-07-03 08:10:05 +02:00

17 KiB
Raw Blame History

Awesome Hacker Search Engines

A list of search engines useful during Penetration testing, vulnerability assessments, red team operations, bug bounty and more

GeneralServersVulnerabilitiesExploitsAttack surfaceCodeMail addressesDomainsURLsDNSCertificatesWiFi networksDevice InfoCredentialsSocial NetworksPhone numbersThreat IntelligenceWeb History

General Search Engines

Servers

  • Shodan - Search Engine for the Internet of Everything
  • Onyphe.io - Cyber Defense Search Engine for open-source and cyber threat intelligence data
  • ZoomEye - Global cyberspace mapping
  • GreyNoise - The source for understanding internet noise
  • Natlas - Scaling Network Scanning
  • Netlas.io - Discover, Research and Monitor any Assets Available Online
  • FOFA - Cyberspace mapping

Vulnerabilities

  • NIST NVD - National Vulnerability Database
  • MITRE CVE - Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities
  • osv.dev - Open Source Vulnerabilities
  • cloudvulndb.org - The Open Cloud Vulnerability & Security Issue Database
  • Vulners.com - Your Search Engine for Security Intelligence
  • opencve.io - Easiest way to track CVE updates and be alerted about new vulnerabilities
  • security.snyk.io - Open Source Vulnerability Database
  • Rapid7 - DB - Vulnerability & Exploit Database
  • CVEDetails - The ultimate security vulnerability datasource
  • VulnIQ - Vulnerability intelligence and management solution
  • SynapsInt - The unified OSINT research tool
  • Aqua Vulnerability Database - Vulnerabilities and weaknesses in open source applications and cloud native infrastructure

Exploits

  • Exploit-DB - Exploit Database
  • Sploitus - Convenient central place for identifying the newest exploits
  • Rapid7 - DB - Vulnerability & Exploit Database

Attack Surface

  • FullHunt.io - Attack surface database of the entire Internet
  • BynaryEdge - We scan the web and gather data for you
  • Censys - Attack Surface Management Solutions
  • RedHunt Labs - Discover your Attack Surface, Continuously
  • SecurityTrails - The Total Internet Inventory
  • criminalip.io - Cyber Threat Intelligence Search Engine and Attack Surface Management(ASM) platform
  • overcast-security.com - We make tracking your external attack surface easy

Code Search Engines

  • GitHub Code Search
  • grep.app - Search across a half million git repos
  • publicwww.com - Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code
  • SearchCode - Search 75 billion lines of code from 40 million projects
  • NerdyData - Find companies based on their website's tech stack or code
  • RepoSearch - Source code search engine that helps you find implementation details, example usages or just analyze code
  • SourceGraph - Understand and search across your entire codebase

Mail Addresses

Domains

URLs

DNS

  • DNSDumpster - dns recon & research, find & lookup dns records
  • RapidDNS - dns query tool which make querying subdomains or sites of a same ip easy
  • DNSdb - Passive DNS historical database
  • Omnisint - Reverse DNS lookup
  • HackerTarget - Collect information about IP Addresses, Networks, Web Pages and DNS records
  • passivedns.mnemonic.no - Web interface for querying passive DNS data collected in our malware lab
  • ptrarchive.com - Over 230 billion reverse DNS entries from 2008 to the present
  • dnshistory.org - Domain Name System Historical Record Archive
  • DNSTwister - The anti-phishing domain name search engine and DNS monitoring service
  • DNSviz - Tool for visualizing the status of a DNS zone
  • C99.nl - Over 57 quality API's and growing

Certificates

WiFi Networks

  • Wigle.net - Maps and database of 802.11 wireless networks with statistics

Device Information

Credentials

  • Have I Been Pwned - Check if your email or phone is in a data breach
  • Dehashed - Free deep-web scans and protection against credential leaks
  • Leak-Lookup - Search across thousands of data breaches
  • Snusbase - Stay on top of the latest database breaches
  • LeakCheck.io - Make sure your credentials haven't been compromised
  • crackstation.net -Massive pre-computed lookup tables to crack password hashes
  • breachdirectory.org - Check if your information was exposed in a data breach

Social Networks

These can be useful for osint and social engineering.

Phone Numbers

Threat Intelligence

Web History

  • Web Archive - Explore more than 702 billion web pages saved over time
  • Archive.ph - Create a copy of a webpage that will always be up even if the original link is down
  • CachedPages - Get the cached page of any URL
  • stored.website - View cached web pages/website
  • CommonCrawl - Open repository of web crawl data

Unclassified


If you want to propose changes, just open an issue.