A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Go to file
2022-10-16 15:54:24 -05:00
README.md Add records and some linting 2022-10-16 15:54:24 -05:00

Awesome Hacker Search Engines

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more

GeneralServersVulnerabilitiesExploitsAttack surfaceCodeMail addressesDomainsURLsDNSCertificatesWiFi networksDevice InfoCredentialsHidden ServicesSocial NetworksPhone numbersThreat IntelligenceWeb History

General Search Engines

Servers

  • Shodan - Search Engine for the Internet of Everything
  • Censys Search - Search Engine for every server on the Internet to reduce exposure and improve security.
  • Onyphe.io - Cyber Defense Search Engine for open-source and cyber threat intelligence data
  • ZoomEye - Global cyberspace mapping
  • GreyNoise - The source for understanding internet noise
  • Natlas - Scaling Network Scanning
  • Netlas.io - Discover, Research and Monitor any Assets Available Online
  • FOFA - Cyberspace mapping

Vulnerabilities

Exploits

  • Exploit-DB - Exploit Database
  • Sploitus - Convenient central place for identifying the newest exploits
  • Rapid7 - DB - Vulnerability & Exploit Database
  • Vulmon - Vulnerability and exploit search engine
  • packetstormsecurity.com - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
  • 0day.today - Ultimate database of exploits and vulnerabilities
  • LOLBAS - Living Off The Land Binaries, Scripts and Libraries
  • GTFOBins - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
  • Payloads All The Things - A list of useful payloads and bypasses for Web Application Security
  • XSS Payloads - The wonderland of JavaScript unexpected usages, and more
  • exploitalert.com - Database of Exploits

Attack Surface

Code Search Engines

  • GitHub Code Search - Search globally across all of GitHub, or scope your search to a particular repository or organization
  • grep.app - Search across a half million git repos
  • publicwww.com - Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code
  • SearchCode - Search 75 billion lines of code from 40 million projects
  • NerdyData - Find companies based on their website's tech stack or code
  • RepoSearch - Source code search engine that helps you find implementation details, example usages or just analyze code
  • SourceGraph - Understand and search across your entire codebase
  • HotExamples - Search code examples from over 1 million projects

Mail Addresses

Domains

URLs

DNS

  • DNSDumpster - dns recon & research, find & lookup dns records
  • Chaos - Enhance research and analyse changes around DNS for better insights
  • RapidDNS - dns query tool which make querying subdomains or sites of a same ip easy
  • DNSdb - Passive DNS historical database
  • Omnisint - Reverse DNS lookup
  • HackerTarget - Collect information about IP Addresses, Networks, Web Pages and DNS records
  • passivedns.mnemonic.no - Web interface for querying passive DNS data collected in our malware lab
  • ptrarchive.com - Over 230 billion reverse DNS entries from 2008 to the present
  • dnshistory.org - Domain Name System Historical Record Archive
  • DNSTwister - The anti-phishing domain name search engine and DNS monitoring service
  • DNSviz - Tool for visualizing the status of a DNS zone
  • C99.nl - Over 57 quality API's and growing
  • PassiveTotal - Security intelligence that scales security operations and response
  • wannabe1337.xyz - Online Tools

Certificates

WiFi Networks

  • Wigle.net - Maps and database of 802.11 wireless networks with statistics
  • wifimap.io - Connect to all Free WiFi Hotspots using WiFi Map App all over the World!
  • wificafespots.com - Free WiFi Cafe Spots
  • wifispc.com - Free map of Wi-Fi passwords anywhere you go!
  • openwifimap.net - HTML5 map with OpenWiFiMap data
  • mylnikov.org - Public API implementation of Wi-Fi Geo-Location database

Device Information

Credentials

Hidden Services

Social Networks

These can be useful for osint and social engineering.

Phone Numbers

Threat Intelligence

  • MITRE ATT&CK - Globally-accessible knowledge base of adversary tactics and techniques
  • PulseDive - Threat intelligence made easy
  • ThreatCrowd - A Search Engine for Threats
  • ThreatMiner - Data Mining for Threat Intelligence
  • VirusTotal - Analyze suspicious files, domains, IPs and URLs to detect malware and other breaches
  • vx-underground.org - Malware library
  • bazaar.abuse.ch - Malware sample database
  • feodotracker.abuse.ch - List of botnet Command&Control servers
  • sslbl.abuse.ch - All malicious SSL certificates
  • urlhaus.abuse.ch - Propose new malware urls
  • threatfox.abuse.ch - Indicator Of Compromise (IOC) database
  • yaraify.abuse.ch - Scan suspicious files such as malware samples or process dumps against a large repository of YARA rules
  • Rescure - Curated cyber threat intelligence for everyone
  • otx.alienvault - The World's First Truly Open Threat Intelligence Community
  • urlquery.net - Service for detecting and analyzing web-based malware
  • socradar.io - Extension to your SOC team
  • VirusShare - System currently contains 48 million malware samples
  • WikiLeaks - News leaks and classified media provided by anonymous sources
  • PassiveTotal - Security intelligence that scales security operations and response
  • malapi.io - Windows APIs used for malicious purposes
  • filesec.io - Latest file extensions being used by attackers
  • leakix.net - Search engine indexing public information and an open reporting platform linked to the results
  • tria.ge - Fully automated solution for high-volume malware analysis using advanced sandboxing technology
  • Polyswarm - Launchpad for new technologies and innovative threat detection methods
  • Cisco Talos - The threat intelligence organization at the center of the Cisco Security portfolio
  • scamsearch.io - Find your scammer online & report them
  • CyberCampaigns - Threat Actor information and Write-Ups

Web History

  • Web Archive - Explore more than 702 billion web pages saved over time
  • Archive.ph - Create a copy of a webpage that will always be up even if the original link is down
  • CachedPages - Get the cached page of any URL
  • stored.website - View cached web pages/website
  • CommonCrawl - Open repository of web crawl data
  • UK Web Archive - Collects millions of websites each year, preserving them for future generations

Unclassified

  • NetoGraph - Captures and indexes detailed, low-level snapshots of website behaviour
  • DorkSearch - Speed up your Dorking
  • usersearch.org - Find someone by username or email on Social Networks, Dating Sites, Forums, Crypto Forums, Chat Sites and Blogs

Not working / Paused


If you want to propose changes, just open an issue or a pull request.

edoardoottavianelli.it to contact me.