Awesome Hacker Search Engines

 



General Search Engines

Servers

  • Shodan - Search Engine for the Internet of Everything
  • Censys Search - Search Engine for every server on the Internet to reduce exposure and improve security.
  • Onyphe.io - Cyber Defense Search Engine for open-source and cyber threat intelligence data
  • ZoomEye - Global cyberspace mapping
  • GreyNoise - The source for understanding internet noise
  • Natlas - Scaling Network Scanning
  • Netlas.io - Discover, Research and Monitor any Assets Available Online
  • FOFA - Cyberspace mapping

Vulnerabilities

  • NIST NVD - National Vulnerability Database
  • MITRE CVE - Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities
  • GitHub Advisory Database - Security vulnerability database inclusive of CVEs and GitHub originated security advisories
  • cloudvulndb.org - The Open Cloud Vulnerability & Security Issue Database
  • osv.dev - Open Source Vulnerabilities
  • Vulners.com - Your Search Engine for Security Intelligence
  • opencve.io - Easiest way to track CVE updates and be alerted about new vulnerabilities
  • security.snyk.io - Open Source Vulnerability Database
  • Mend Vulnerability Database - The largest open source vulnerability DB
  • Rapid7 - DB - Vulnerability & Exploit Database
  • CVEDetails - The ultimate security vulnerability datasource
  • VulnIQ - Vulnerability intelligence and management solution
  • SynapsInt - The unified OSINT research tool
  • Aqua Vulnerability Database - Vulnerabilities and weaknesses in open source applications and cloud native infrastructure
  • Vulmon - Vulnerability and exploit search engine
  • VulDB - Number one vulnerability database

Exploits

  • Exploit-DB - Exploit Database
  • Sploitus - Convenient central place for identifying the newest exploits
  • Rapid7 - DB - Vulnerability & Exploit Database
  • Vulmon - Vulnerability and exploit search engine
  • packetstormsecurity.com - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
  • 0day.today - Ultimate database of exploits and vulnerabilities
  • LOLBAS - Living Off The Land Binaries, Scripts and Libraries
  • GTFOBins - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
  • Payloads All The Things - A list of useful payloads and bypasses for Web Application Security

Attack Surface

Code Search Engines

  • GitHub Code Search - Search globally across all of GitHub, or scope your search to a particular repository or organization
  • grep.app - Search across a half million git repos
  • publicwww.com - Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code
  • SearchCode - Search 75 billion lines of code from 40 million projects
  • NerdyData - Find companies based on their website's tech stack or code
  • RepoSearch - Source code search engine that helps you find implementation details, example usages or just analyze code
  • SourceGraph - Understand and search across your entire codebase
  • HotExamples - Search code examples from over 1 million projects

Mail Addresses

Domains

URLs

DNS

  • DNSDumpster - dns recon & research, find & lookup dns records
  • Chaos - Enhance research and analyse changes around DNS for better insights
  • RapidDNS - dns query tool which make querying subdomains or sites of a same ip easy
  • DNSdb - Passive DNS historical database
  • Omnisint - Reverse DNS lookup
  • HackerTarget - Collect information about IP Addresses, Networks, Web Pages and DNS records
  • passivedns.mnemonic.no - Web interface for querying passive DNS data collected in our malware lab
  • ptrarchive.com - Over 230 billion reverse DNS entries from 2008 to the present
  • dnshistory.org - Domain Name System Historical Record Archive
  • DNSTwister - The anti-phishing domain name search engine and DNS monitoring service
  • DNSviz - Tool for visualizing the status of a DNS zone
  • C99.nl - Over 57 quality API's and growing
  • PassiveTotal - Security intelligence that scales security operations and response
  • wannabe1337.xyz - Online Tools

Certificates

WiFi Networks

  • Wigle.net - Maps and database of 802.11 wireless networks with statistics
  • wifimap.io - Connect to all Free WiFi Hotspots using WiFi Map App all over the World!
  • wificafespots.com - Free WiFi Cafe Spots
  • wifispc.com - Free map of Wi-Fi passwords anywhere you go!
  • openwifimap.net - HTML5 map with OpenWiFiMap data
  • mylnikov.org - Public API implementation of Wi-Fi Geo-Location database

Device Information

Credentials

  • Have I Been Pwned - Check if your email or phone is in a data breach
  • Dehashed - Free deep-web scans and protection against credential leaks
  • Leak-Lookup - Search across thousands of data breaches
  • Snusbase - Stay on top of the latest database breaches
  • LeakCheck.io - Make sure your credentials haven't been compromised
  • crackstation.net -Massive pre-computed lookup tables to crack password hashes
  • breachdirectory.org - Check if your information was exposed in a data breach
  • BreachForums - Breaches, Data leaks, databases and more

Hidden Services

Social Networks

These can be useful for osint and social engineering.

Phone Numbers

Threat Intelligence

  • MITRE ATT&CK - Globally-accessible knowledge base of adversary tactics and techniques
  • PulseDive - Threat intelligence made easy
  • ThreatCrowd - A Search Engine for Threats
  • ThreatMiner - Data Mining for Threat Intelligence
  • VirusTotal - Analyze suspicious files, domains, IPs and URLs to detect malware and other breaches
  • vx-underground.org - Malware library
  • bazaar.abuse.ch - Malware sample database
  • feodotracker.abuse.ch - List of botnet Command&Control servers
  • sslbl.abuse.ch - All malicious SSL certificates
  • urlhaus.abuse.ch - Propose new malware urls
  • threatfox.abuse.ch - Indicator Of Compromise (IOC) database
  • yaraify.abuse.ch - Scan suspicious files such as malware samples or process dumps against a large repository of YARA rules
  • Rescure - Curated cyber threat intelligence for everyone
  • otx.alienvault - The World's First Truly Open Threat Intelligence Community
  • urlquery.net - Service for detecting and analyzing web-based malware
  • socradar.io - Extension to your SOC team
  • VirusShare - System currently contains 48 million malware samples
  • WikiLeaks - News leaks and classified media provided by anonymous sources
  • PassiveTotal - Security intelligence that scales security operations and response
  • malapi.io - Windows APIs used for malicious purposes
  • filesec.io - Latest file extensions being used by attackers
  • leakix.net - Search engine indexing public information and an open reporting platform linked to the results
  • tria.ge - Fully automated solution for high-volume malware analysis using advanced sandboxing technology

Web History

  • Web Archive - Explore more than 702 billion web pages saved over time
  • Archive.ph - Create a copy of a webpage that will always be up even if the original link is down
  • CachedPages - Get the cached page of any URL
  • stored.website - View cached web pages/website
  • CommonCrawl - Open repository of web crawl data
  • UK Web Archive - Collects millions of websites each year, preserving them for future generations

Unclassified