/awesome-hacker-search-engines

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Awesome Hacker Search Engines

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

GeneralServersVulnerabilitiesExploitsAttack surfaceCodeMail addressesDomainsURLsDNSCertificatesWiFi networksDevice InfoCredentialsHidden ServicesSocial NetworksPhone numbersThreat IntelligenceWeb History

General Search Engines

Servers

  • Shodan - Search Engine for the Internet of Everything
  • Censys Search - Search Engine for every server on the Internet to reduce exposure and improve security.
  • Onyphe.io - Cyber Defense Search Engine for open-source and cyber threat intelligence data
  • ZoomEye - Global cyberspace mapping
  • GreyNoise - The source for understanding internet noise
  • Natlas - Scaling Network Scanning
  • Netlas.io - Discover, Research and Monitor any Assets Available Online
  • FOFA - Cyberspace mapping

Vulnerabilities

Exploits

  • Exploit-DB - Exploit Database
  • Sploitus - Convenient central place for identifying the newest exploits
  • Rapid7 - DB - Vulnerability & Exploit Database
  • Vulmon - Vulnerability and exploit search engine
  • packetstormsecurity.com - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
  • 0day.today - Ultimate database of exploits and vulnerabilities
  • LOLBAS - Living Off The Land Binaries, Scripts and Libraries
  • GTFOBins - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
  • Payloads All The Things - A list of useful payloads and bypasses for Web Application Security
  • XSS Payloads - The wonderland of JavaScript unexpected usages, and more
  • exploitalert.com - Database of Exploits
  • Reverse Shell generator - Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode.

Attack Surface

Code Search Engines

  • GitHub Code Search - Search globally across all of GitHub, or scope your search to a particular repository or organization
  • grep.app - Search across a half million git repos
  • publicwww.com - Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code
  • SearchCode - Search 75 billion lines of code from 40 million projects
  • NerdyData - Find companies based on their website's tech stack or code
  • RepoSearch - Source code search engine that helps you find implementation details, example usages or just analyze code
  • SourceGraph - Understand and search across your entire codebase
  • HotExamples - Search code examples from over 1 million projects
  • WP Directory - Lightning fast regex searching of code in the WordPress Plugin and Theme Directories

Mail Addresses

Domains

URLs

DNS

  • DNSDumpster - dns recon & research, find & lookup dns records
  • Chaos - Enhance research and analyse changes around DNS for better insights
  • RapidDNS - dns query tool which make querying subdomains or sites of a same ip easy
  • DNSdb - Passive DNS historical database
  • Omnisint - Reverse DNS lookup
  • HackerTarget - Collect information about IP Addresses, Networks, Web Pages and DNS records
  • passivedns.mnemonic.no - Web interface for querying passive DNS data collected in our malware lab
  • ptrarchive.com - Over 230 billion reverse DNS entries from 2008 to the present
  • dnshistory.org - Domain Name System Historical Record Archive
  • DNSTwister - The anti-phishing domain name search engine and DNS monitoring service
  • DNSviz - Tool for visualizing the status of a DNS zone
  • C99.nl - Over 57 quality API's and growing
  • PassiveTotal - Security intelligence that scales security operations and response
  • wannabe1337.xyz - Online Tools

Certificates

WiFi Networks

  • Wigle.net - Maps and database of 802.11 wireless networks with statistics
  • wifimap.io - Connect to all Free WiFi Hotspots using WiFi Map App all over the World!
  • wificafespots.com - Free WiFi Cafe Spots
  • wifispc.com - Free map of Wi-Fi passwords anywhere you go!
  • openwifimap.net - HTML5 map with OpenWiFiMap data
  • mylnikov.org - Public API implementation of Wi-Fi Geo-Location database

Device Information

Credentials

Hidden Services

Social Networks

These can be useful for osint and social engineering.

Phone Numbers

Threat Intelligence

  • MITRE ATT&CK - Globally-accessible knowledge base of adversary tactics and techniques
  • PulseDive - Threat intelligence made easy
  • ThreatCrowd - A Search Engine for Threats
  • ThreatMiner - Data Mining for Threat Intelligence
  • VirusTotal - Analyze suspicious files, domains, IPs and URLs to detect malware and other breaches
  • vx-underground.org - Malware library
  • bazaar.abuse.ch - Malware sample database
  • feodotracker.abuse.ch - List of botnet Command&Control servers
  • sslbl.abuse.ch - All malicious SSL certificates
  • urlhaus.abuse.ch - Propose new malware urls
  • threatfox.abuse.ch - Indicator Of Compromise (IOC) database
  • yaraify.abuse.ch - Scan suspicious files such as malware samples or process dumps against a large repository of YARA rules
  • Rescure - Curated cyber threat intelligence for everyone
  • otx.alienvault - The World's First Truly Open Threat Intelligence Community
  • urlquery.net - Service for detecting and analyzing web-based malware
  • socradar.io - Extension to your SOC team
  • VirusShare - System currently contains 48 million malware samples
  • WikiLeaks - News leaks and classified media provided by anonymous sources
  • PassiveTotal - Security intelligence that scales security operations and response
  • malapi.io - Windows APIs used for malicious purposes
  • filesec.io - Latest file extensions being used by attackers
  • leakix.net - Search engine indexing public information and an open reporting platform linked to the results
  • tria.ge - Fully automated solution for high-volume malware analysis using advanced sandboxing technology
  • Polyswarm - Launchpad for new technologies and innovative threat detection methods
  • Cisco Talos - The threat intelligence organization at the center of the Cisco Security portfolio
  • scamsearch.io - Find your scammer online & report them
  • CyberCampaigns - Threat Actor information and Write-Ups
  • ORKL - The Community Driven Cyber Threat Intelligence Library
  • Maltiverse - Data from more than 100 different Threat Intelligence sources
  • Inquest Labs - Threat intelligence from hundreds of public, private, and internal sources to develop new FDR signatures and rules
  • PhishTank - Collaborative clearing house for data and information about phishing on the Internet

Web History

  • Web Archive - Explore more than 702 billion web pages saved over time
  • Archive.ph - Create a copy of a webpage that will always be up even if the original link is down
  • CachedPages - Get the cached page of any URL
  • stored.website - View cached web pages/website
  • CommonCrawl - Open repository of web crawl data
  • UK Web Archive - Collects millions of websites each year, preserving them for future generations

Unclassified

  • NetoGraph - Captures and indexes detailed, low-level snapshots of website behaviour
  • DorkSearch - Speed up your Dorking
  • usersearch.org - Find someone by username or email on Social Networks, Dating Sites, Forums, Crypto Forums, Chat Sites and Blogs
  • Insecam.org - The world biggest directory of online surveillance security cameras

Not working / Paused


If you want to propose changes, just open an issue or a pull request.

edoardoottavianelli.it to contact me.