A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

General • Servers • Vulnerabilities • Exploits • Attack surface • Code • Mail addresses • Domains • URLs • DNS • Certificates • WiFi networks • Device Info • Credentials • Hidden Services • Social Networks • Phone numbers • Threat Intelligence • Web History

• Google
• Bing
• Yahoo!
• Yandex
• Ask
• Baidu
• You
• SearXNG
• EXALead

• Shodan - Search Engine for the Internet of Everything
• Censys Search - Search Engine for every server on the Internet to reduce exposure and improve security.
• Onyphe.io - Cyber Defense Search Engine for open-source and cyber threat intelligence data
• ZoomEye - Global cyberspace mapping
• GreyNoise - The source for understanding internet noise
• Natlas - Scaling Network Scanning
• Netlas.io - Discover, Research and Monitor any Assets Available Online
• FOFA - Cyberspace mapping

• NIST NVD - National Vulnerability Database
• MITRE CVE - Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities
• GitHub Advisory Database - Security vulnerability database inclusive of CVEs and GitHub originated security advisories
• cloudvulndb.org - The Open Cloud Vulnerability & Security Issue Database
• osv.dev - Open Source Vulnerabilities
• Vulners.com - Your Search Engine for Security Intelligence
• opencve.io - Easiest way to track CVE updates and be alerted about new vulnerabilities
• security.snyk.io - Open Source Vulnerability Database
• Mend Vulnerability Database - The largest open source vulnerability DB
• Rapid7 - DB - Vulnerability & Exploit Database
• CVEDetails - The ultimate security vulnerability datasource
• VulnIQ - Vulnerability intelligence and management solution
• SynapsInt - The unified OSINT research tool
• Aqua Vulnerability Database - Vulnerabilities and weaknesses in open source applications and cloud native infrastructure
• Vulmon - Vulnerability and exploit search engine
• VulDB - Number one vulnerability database
• ScanFactory - Realtime Security Monitoring
• Trend Micro Zero Day Initiative - Publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers
• Google Project Zero - Vulnerabilities including Zero Days
• Trickest CVE Repository - Gather and update all available and newest CVEs with their PoC.

• Exploit-DB - Exploit Database
• Sploitus - Convenient central place for identifying the newest exploits
• Rapid7 - DB - Vulnerability & Exploit Database
• Vulmon - Vulnerability and exploit search engine
• packetstormsecurity.com - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
• 0day.today - Ultimate database of exploits and vulnerabilities
• LOLBAS - Living Off The Land Binaries, Scripts and Libraries
• GTFOBins - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
• Payloads All The Things - A list of useful payloads and bypasses for Web Application Security
• XSS Payloads - The wonderland of JavaScript unexpected usages, and more
• exploitalert.com - Database of Exploits
• Reverse Shell generator - Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode.

• FullHunt.io - Attack surface database of the entire Internet
• BynaryEdge - We scan the web and gather data for you
• Censys ASM - Attack Surface Management Solutions
• RedHunt Labs - Discover your Attack Surface, Continuously
• SecurityTrails - The Total Internet Inventory
• overcast-security.com - We make tracking your external attack surface easy

• GitHub Code Search - Search globally across all of GitHub, or scope your search to a particular repository or organization
• grep.app - Search across a half million git repos
• publicwww.com - Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code
• SearchCode - Search 75 billion lines of code from 40 million projects
• NerdyData - Find companies based on their website's tech stack or code
• RepoSearch - Source code search engine that helps you find implementation details, example usages or just analyze code
• SourceGraph - Understand and search across your entire codebase
• HotExamples - Search code examples from over 1 million projects
• WP Directory - Lightning fast regex searching of code in the WordPress Plugin and Theme Directories

• Hunter.io - Find professional email addresses in seconds
• PhoneBook - Lists all domains, email addresses, or URLs for the given input domain
• IntelligenceX - Search engine and data archive
• Reacher.email - Open-Source Email Verification
• RocketReach - Your first-degree connection to any professional
• email-format.com - Find the email address formats in use at thousands of companies
• EmailHippo - Email address verification technology
• ThatsThem - Reverse email lookup
• verify-email.org - Checks whether the mailbox exists or not
• Melissa - Emailcheck - Check email addresses and verify they are live
• VoilaNorbert - I can find anyone's email address
• SynapsInt - The unified OSINT research tool
• skymem.info - Find email addresses of companies and people
• findemails.com - Find Anyone's Email Address in Seconds

• PhoneBook - Lists all domains, email addresses, or URLs for the given input domain
• IntelligenceX - Search engine and data archive
• Omnisint - Subdomain enumeration
• Riddler - Allows you to search in a high quality dataset
• RobTex - Various kinds of research of IP numbers, Domain names, etc
• CentralOps - DomainDossier - Investigate domains and IP addresses
• DomainIQ - Comprehensive Domain Intelligence
• whois.domaintools.com - Industry’s fastest domain discovery engine and broadest, most accurate data
• grayhatwarfare.com - domains - How to search URLs exposed by Shortener services
• whoisology.com - Deep Connections Between Domain Names & Their Owners
• who.is - WHOIS Search, Domain Name, Website, and IP Tools
• pentest-tools.com - Discover subdomains and determine the attack surface of an organization
• BuiltWith - Find out what websites are Built With
• MoonSearch - Backlinks checker & SEO Report
• sitereport.netcraft.com - Find out the infrastructure and technologies used by any site
• SynapsInt - The unified OSINT research tool
• spyonweb.com - Find out related websites
• statscrop.com - Millions of amazing websites across the web are being analyzed with StatsCrop
• securityheaders.com - Scan your site now
• visualsitemapper.com - Create a visual map of your site
• similarweb.com - The easiest and fastest tool to find out what's really going on online
• buckets.grayhatwarfare.com - Public buckets
• C99.nl - Over 57 quality API's and growing!
• PassiveTotal - Security intelligence that scales security operations and response
• wannabe1337.xyz - Online Tools
• subdomainfinder.c99.nl - Scanner that scans an entire domain to find as many subdomains as possible

• PhoneBook - Lists all domains, email addresses, or URLs for the given input domain
• IntelligenceX - Search engine and data archive
• URLScan - A sandbox for the web
• HackerTarget - Collect information about IP Addresses, Networks, Web Pages and DNS records
• MOZ Link Explorer - The world's best backlink checker with over 40 trillion links
• shorteners.grayhatwarfare.com - Search URLs exposed by Shortener services
• CommonCrawl Index - Open repository of web crawl data

• DNSDumpster - dns recon & research, find & lookup dns records
• Chaos - Enhance research and analyse changes around DNS for better insights
• RapidDNS - dns query tool which make querying subdomains or sites of a same ip easy
• DNSdb - Passive DNS historical database
• Omnisint - Reverse DNS lookup
• HackerTarget - Collect information about IP Addresses, Networks, Web Pages and DNS records
• passivedns.mnemonic.no - Web interface for querying passive DNS data collected in our malware lab
• ptrarchive.com - Over 230 billion reverse DNS entries from 2008 to the present
• dnshistory.org - Domain Name System Historical Record Archive
• DNSTwister - The anti-phishing domain name search engine and DNS monitoring service
• DNSviz - Tool for visualizing the status of a DNS zone
• C99.nl - Over 57 quality API's and growing
• PassiveTotal - Security intelligence that scales security operations and response
• wannabe1337.xyz - Online Tools

• Crt.sh - Certificate Search
• CTSearch - Certificate Transparency Search Tool
• tls.bufferover.run - Quickly find certificates in IPv4 space
• CertSpotter - Monitors your domains for expiring, unauthorized, and invalid SSL certificates
• SynapsInt - The unified OSINT research tool
• Censys Search - Certificates - Certificates Search
• PassiveTotal - Security intelligence that scales security operations and response
• ciphersuite.info - TLS Ciphersuite Search. Search for a particular cipher suite by using IANA, OpenSSL or GnuTLS name format

• Wigle.net - Maps and database of 802.11 wireless networks with statistics
• wifimap.io - Connect to all Free WiFi Hotspots using WiFi Map App all over the World!
• wificafespots.com - Free WiFi Cafe Spots
• wifispc.com - Free map of Wi-Fi passwords anywhere you go!
• openwifimap.net - HTML5 map with OpenWiFiMap data
• mylnikov.org - Public API implementation of Wi-Fi Geo-Location database

• MAC Vendor Lookup - Look up the vendor for a specific MAC Address
• macvendors.com - Find MAC Address Vendors. Now.
• macaddress.io - MAC address vendor lookup
• maclookup.app - Find the vendor name of a device by entering an OUI or a MAC address

• Have I Been Pwned - Check if your email or phone is in a data breach
• Dehashed - Free deep-web scans and protection against credential leaks
• Leak-Lookup - Search across thousands of data breaches
• Snusbase - Stay on top of the latest database breaches
• LeakCheck.io - Make sure your credentials haven't been compromised
• crackstation.net -Massive pre-computed lookup tables to crack password hashes
• breachdirectory.org - Check if your information was exposed in a data breach
• BreachForums - Breaches, Data leaks, databases and more
• Siph0n Breach DB (onionsite) - Breaches, Data leaks, Exploits
• HashKiller - Pre-cracked Hashes, easily searchable

• AHMIA - Search hidden services on the Tor network
• thehiddenwiki.org - The darknet guide
• tor.link - Free anonymous deepweb / Darknet search engine
• deepweblinks.net - Onion Links
• onionengine.com - A search engine for services accessible on the Tor network
• OnionLand - Discover Hidden Services and access to Tor's onion sites

These can be useful for osint and social engineering.

• Facebook
• Instagram
• YouTube
• Twitter
• LinkedIn
• Reddit
• Pinterest
• Tumblr
• Flickr
• SnapChat
• Whatsapp
• Quora
• TikTok
• Vimeo
• Medium
• WeChat
• VK
• Weibo
• Tinder

• NumLookup - Free reverse phone lookup
• SpyDialer - Free Reverse Lookup Search
• WhitePages - Find people, contact info & background checks
• National Cellular Directory - Begin your comprehensive people search now
• Phone Validator - Is it a cell phone or is it a landline or is it a fake?
• Free Carrier Lookup - Enter a phone number and we'll return the carrier name
• RocketReach - Your first-degree connection to any professional
• sync.me - Find out who called
• EmobileTracker - Track Mobile Owner Name, Location and Mobile Service Provider
• Reverse Phone Lookup - Find Out The Owner Of A Phone Number
• ThatsThem - Reverse phone lookup
• thisnumber.com - International Phone Directories
• usphonebook.com - Free Reverse Phone Number Lookup
• truepeoplesearch.com - Get current address, cell phone number, email address, relatives, friends and a lot more
• Tellows - Who is calling? The phone number reverse search
• SynapsInt - The unified OSINT research tool
• C99.nl - Over 57 quality API's and growing

• MITRE ATT&CK - Globally-accessible knowledge base of adversary tactics and techniques
• PulseDive - Threat intelligence made easy
• ThreatCrowd - A Search Engine for Threats
• ThreatMiner - Data Mining for Threat Intelligence
• VirusTotal - Analyze suspicious files, domains, IPs and URLs to detect malware and other breaches
• vx-underground.org - Malware library
• bazaar.abuse.ch - Malware sample database
• feodotracker.abuse.ch - List of botnet Command&Control servers
• sslbl.abuse.ch - All malicious SSL certificates
• urlhaus.abuse.ch - Propose new malware urls
• threatfox.abuse.ch - Indicator Of Compromise (IOC) database
• yaraify.abuse.ch - Scan suspicious files such as malware samples or process dumps against a large repository of YARA rules
• Rescure - Curated cyber threat intelligence for everyone
• otx.alienvault - The World's First Truly Open Threat Intelligence Community
• urlquery.net - Service for detecting and analyzing web-based malware
• socradar.io - Extension to your SOC team
• VirusShare - System currently contains 48 million malware samples
• WikiLeaks - News leaks and classified media provided by anonymous sources
• PassiveTotal - Security intelligence that scales security operations and response
• malapi.io - Windows APIs used for malicious purposes
• filesec.io - Latest file extensions being used by attackers
• leakix.net - Search engine indexing public information and an open reporting platform linked to the results
• tria.ge - Fully automated solution for high-volume malware analysis using advanced sandboxing technology
• Polyswarm - Launchpad for new technologies and innovative threat detection methods
• Cisco Talos - The threat intelligence organization at the center of the Cisco Security portfolio
• scamsearch.io - Find your scammer online & report them
• CyberCampaigns - Threat Actor information and Write-Ups
• ORKL - The Community Driven Cyber Threat Intelligence Library
• Maltiverse - Data from more than 100 different Threat Intelligence sources
• Inquest Labs - Threat intelligence from hundreds of public, private, and internal sources to develop new FDR signatures and rules
• PhishTank - Collaborative clearing house for data and information about phishing on the Internet
• IntelOwl - Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale
• Lupovis - Analyze and collect data on Internet-wide scans and attacks in real-time. We use this data to identify and classify malicious actors.

• Web Archive - Explore more than 702 billion web pages saved over time
• Archive.ph - Create a copy of a webpage that will always be up even if the original link is down
• CachedPages - Get the cached page of any URL
• stored.website - View cached web pages/website
• CommonCrawl - Open repository of web crawl data
• UK Web Archive - Collects millions of websites each year, preserving them for future generations

• NetoGraph - Captures and indexes detailed, low-level snapshots of website behaviour
• DorkSearch - Speed up your Dorking
• usersearch.org - Find someone by username or email on Social Networks, Dating Sites, Forums, Crypto Forums, Chat Sites and Blogs
• Insecam.org - The world biggest directory of online surveillance security cameras

• DNS.BufferOver.run

If you want to propose changes, just open an issue or a pull request.

edoardoottavianelli.it to contact me.