• Stars
    star
    7,445
  • Rank 5,193 (Top 0.2 %)
  • Language
    Shell
  • License
    MIT License
  • Created over 2 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Awesome Hacker Search Engines

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

GeneralServersVulnerabilitiesExploitsAttack surfaceCodeMail addressesDomainsURLsDNSCertificatesWiFi networksDevice InfoCredentialsLeaksHidden ServicesSocial NetworksPhone numbersThreat IntelligenceWeb HistorySurveillance cameras

General Search Engines

Servers

  • Shodan - Search Engine for the Internet of Everything
  • Censys Search - Search Engine for every server on the Internet to reduce exposure and improve security
  • Onyphe.io - Cyber Defense Search Engine for open-source and cyber threat intelligence data
  • ZoomEye - Global cyberspace mapping
  • GreyNoise - The source for understanding internet noise
  • Natlas - Scaling Network Scanning
  • Netlas.io - Discover, Research and Monitor any Assets Available Online
  • FOFA - Cyberspace mapping
  • Quake - Cyberspace surveying and mapping system
  • Hunter - Internet Search Engines For Security Researchers

Vulnerabilities

Exploits

  • Exploit-DB - Exploit Database
  • Sploitus - Convenient central place for identifying the newest exploits
  • Rapid7 - DB - Vulnerability & Exploit Database
  • Vulmon - Vulnerability and exploit search engine
  • packetstormsecurity.com - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
  • 0day.today - Ultimate database of exploits and vulnerabilities
  • LOLBAS - Living Off The Land Binaries, Scripts and Libraries
  • GTFOBins - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
  • Payloads All The Things - A list of useful payloads and bypasses for Web Application Security
  • XSS Payloads - The wonderland of JavaScript unexpected usages, and more
  • exploitalert.com - Database of Exploits
  • Reverse Shell generator - Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode
  • HackerOne hacktivity - See the latest hacker activity on HackerOne
  • Bugcrowd Crowdstream - Showcase of accepted and disclosed submissions on Bugcrowd programs
  • GTFOArgs - Curated list of Unix binaries that can be manipulated for argument injection
  • shell-storm.org/shellcode - Shellcodes database for study cases
  • Hacking the Cloud - Encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on their next cloud exploitation adventure
  • LOLDrivers - Open-source project that brings together vulnerable, malicious, and known malicious Windows drivers
  • PwnWiki - Collection of TTPs (tools, tactics, and procedures) for what to do after access has been gained
  • CVExploits Search - Your comprehensive database for CVE exploits from across the internet

Attack Surface

  • FullHunt.io - Attack surface database of the entire Internet
  • BinaryEdge - We scan the web and gather data for you
  • Censys ASM - Attack Surface Management Solutions
  • RedHunt Labs - Discover your Attack Surface, Continuously
  • SecurityTrails - The Total Internet Inventory
  • overcast-security.com - We make tracking your external attack surface easy
  • IPInfo.io - The trusted source for IP address data
  • IPData.co - IP Geolocation and Threat Intelligence API
  • NetworksDB - information about the public IPv4 and IPv6 addresses, networks and domains owned by companies and organisations across the world
  • ASNlookup - Quickly lookup updated information about specific Autonomous System Number (ASN), Organization, CIDR, or registered IP addresses (IPv4 and IPv6) among other relevant data
  • BGPtools - Browse the Internet ecosystem
  • BGPview - Debug and investigate information about IP addresses, ASN, IXs, BGP, ISPs, Prefixes and Domain names
  • BigDataCloud - The API provides comprehensive location and network data
  • RADb - The world's largest public routing registry
  • Deepinfo - Empower your security with the most comprehensive Internet data
  • Detectify - Complete External Attack Surface Management

Code Search Engines

  • GitHub Code Search - Search globally across all of GitHub, or scope your search to a particular repository or organization
  • GitLab Code Search - Advanced search for faster, more efficient search across the entire GitLab instance
  • Sourceforge - Complete Open-Source and Business Software Platform
  • grep.app - Search across a half million git repos
  • publicwww.com - Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code
  • SearchCode - Search 75 billion lines of code from 40 million projects
  • NerdyData - Find companies based on their website's tech stack or code
  • RepoSearch - Source code search engine that helps you find implementation details, example usages or just analyze code
  • SourceGraph - Understand and search across your entire codebase
  • HotExamples - Search code examples from over 1 million projects
  • WP Directory - Lightning fast regex searching of code in the WordPress Plugin and Theme Directories
  • GitHub Gists - Instantly share code, notes, and snippets
  • CodeBerg - Collaboration platform and Git hosting for free and open source software, content and projects
  • Fedora Pagure - Open Source software code hosting system
  • LaunchPad - Software collaboration platform that provides: Bug tracking, Code hosting, Code reviews, Ubuntu package building and hosting, Translations...
  • repo.or.cz - Public Git hosting site
  • gitorious.org - Read-only mirror of the former gitorious.org code hosting website
  • Sourcehut - Collection of tools useful for software development
  • android.googlesource.com - Git repositories on android
  • deps.dev - Service developed and hosted by Google to help developers better understand the structure, construction, and security of open source software packages
  • WebFinery - Search the source code of the web
  • Google Code Archive - Data found on the Google Code Project Hosting Service, which was turned down in early 2016
  • Snipplr - Code snippet search engine that allows users to search and share code snippets across various programming languages and frameworks

Mail Addresses

  • Hunter.io - Find professional email addresses in seconds
  • PhoneBook - Lists all domains, email addresses, or URLs for the given input domain
  • IntelligenceX - Search engine and data archive
  • Reacher.email - Open-Source Email Verification
  • RocketReach - Your first-degree connection to any professional
  • email-format.com - Find the email address formats in use at thousands of companies
  • EmailHippo - Email address verification technology
  • ThatsThem - Reverse email lookup
  • verify-email.org - Checks whether the mailbox exists or not
  • Melissa - Emailcheck - Check email addresses and verify they are live
  • VoilaNorbert - I can find anyone's email address
  • SynapsInt - The unified OSINT research tool
  • skymem.info - Find email addresses of companies and people
  • findemails.com - Find Anyone's Email Address in Seconds
  • Experte email finder - Find the right email address, even if you only know the name and the company
  • EmailSherlock - Search for the Person behind the Email address and find our reputation score
  • Anymail Finder - Find verified emails
  • Tomba.io - With 430+ million email addresses indexed, effective search filters, and deliverability checks, Tomba's email finder is its most powerful tool

Domains

URLs

DNS

  • DNSDumpster - dns recon & research, find & lookup dns records
  • Chaos - Enhance research and analyse changes around DNS for better insights
  • RapidDNS - dns query tool which make querying subdomains or sites of a same ip easy
  • DNSdb - Passive DNS historical database
  • Omnisint - Reverse DNS lookup
  • HackerTarget - Collect information about IP Addresses, Networks, Web Pages and DNS records
  • passivedns.mnemonic.no - Web interface for querying passive DNS data collected in our malware lab
  • ptrarchive.com - Over 230 billion reverse DNS entries from 2008 to the present
  • dnshistory.org - Domain Name System Historical Record Archive
  • DNSTwister - The anti-phishing domain name search engine and DNS monitoring service
  • DNSviz - Tool for visualizing the status of a DNS zone
  • C99.nl - Over 57 quality API's and growing
  • wannabe1337.xyz - Online Tools
  • DNSlytics - Find out everything about a domain name, IP address or provider
  • dnsrepo.noc.org - DNS Database Repository Search
  • DNSSpy - Monitor, validate and verify your DNS configurations
  • ZETAlytics - We offer unrivalled geographic diversity and exclusive global network visibility in searchable datasets for use by cyber security analysts
  • AskDNS - Lookup Connected Domain Names and IP Addresses
  • 360 PassiveDNS.CN - Biggest public available db in China designed for security and research purpose
  • MXtoolbox - All of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool
  • NSLookup.io - Find all DNS records for a domain name using this online tool
  • Robtex DNS Lookup - Get detailed information on the nameservers associated with a domain name

Certificates

  • Crt.sh - Certificate Search
  • CTSearch - Certificate Transparency Search Tool
  • tls.bufferover.run - Quickly find certificates in IPv4 space
  • CertSpotter - Monitors your domains for expiring, unauthorized, and invalid SSL certificates
  • SynapsInt - The unified OSINT research tool
  • Censys Search - Certificates - Certificates Search
  • ciphersuite.info - TLS Ciphersuite Search. Search for a particular cipher suite by using IANA, OpenSSL or GnuTLS name format
  • certificatedetails - Online certificate viewer. Inspect and dowload certificates from your browser
  • FacebookCT - Search for certificates issued for a given domain and subscribe to notifications from Facebook regarding new certificates

WiFi Networks

  • Wigle.net - Maps and database of 802.11 wireless networks with statistics
  • wifimap.io - Connect to all Free WiFi Hotspots using WiFi Map App all over the World!
  • wificafespots.com - Free WiFi Cafe Spots
  • wifispc.com - Free map of Wi-Fi passwords anywhere you go!
  • openwifimap.net - HTML5 map with OpenWiFiMap data
  • mylnikov.org - Public API implementation of Wi-Fi Geo-Location database

Device Information

Credentials

  • Have I Been Pwned - Check if your email or phone is in a data breach
  • Dehashed - Free deep-web scans and protection against credential leaks
  • LeakCheck.io - Make sure your credentials haven't been compromised
  • crackstation.net -Massive pre-computed lookup tables to crack password hashes
  • HashKiller - Pre-cracked Hashes, easily searchable
  • LeakedPassword - Search across multiple data breaches to see if your pass has been compromised
  • BugMeNot - Find and share logins

Leaks

Hidden Services

Social Networks

These can be useful for osint and social engineering.

Phone Numbers

  • NumLookup - Free reverse phone lookup
  • SpyDialer - Free Reverse Lookup Search
  • WhitePages - Find people, contact info & background checks
  • National Cellular Directory - Begin your comprehensive people search now
  • Phone Validator - Is it a cell phone or is it a landline or is it a fake?
  • Free Carrier Lookup - Enter a phone number and we'll return the carrier name
  • RocketReach - Your first-degree connection to any professional
  • sync.me - Find out who called
  • EmobileTracker - Track Mobile Owner Name, Location and Mobile Service Provider
  • Reverse Phone Lookup - Find Out The Owner Of A Phone Number
  • ThatsThem - Reverse phone lookup
  • thisnumber.com - International Phone Directories
  • usphonebook.com - Free Reverse Phone Number Lookup
  • truepeoplesearch.com - Get current address, cell phone number, email address, relatives, friends and a lot more
  • Tellows - Who is calling? The phone number reverse search
  • SynapsInt - The unified OSINT research tool
  • C99.nl - Over 57 quality API's and growing
  • ValidNumber.com - Free reverse phone lookup service to let you identify a caller associated with any 10-digit phone number from the US and Canada
  • CellIdFinder - Nonprofit project wich helps you to find GSM BTS by MCC, MNC, LAC and CellID
  • OldPhoneBook - Intantly search a large selection from the past 20 years of USA phone listings
  • Spokeo - Search by name, phone, address, or email to confidentially lookup information about people you know
  • Intelius Phone Lookup - Look up a phone number to find owner information, carrier details, and more
  • ZabaSearch Phone Lookup - Reverse Phone Lookup Tool Can Uncover Personal Information, Social Media Data, Online Activity, Photos, and More
  • AnyWho Phone Lookup - Find out information associated with a phone number
  • Radaris Phone Lookup - Look up any phone number to see its owner and identify who's calling or texting you

Threat Intelligence

  • MITRE ATT&CK - Globally-accessible knowledge base of adversary tactics and techniques
  • PulseDive - Threat intelligence made easy
  • ThreatCrowd - A Search Engine for Threats
  • ThreatMiner - Data Mining for Threat Intelligence
  • VirusTotal - Analyze suspicious files, domains, IPs and URLs to detect malware and other breaches
  • vx-underground.org - The largest collection of malware source code, samples, and papers on the internet
  • bazaar.abuse.ch - Malware sample database
  • feodotracker.abuse.ch - List of botnet Command&Control servers
  • sslbl.abuse.ch - All malicious SSL certificates
  • urlhaus.abuse.ch - Propose new malware urls
  • threatfox.abuse.ch - Indicator Of Compromise (IOC) database
  • yaraify.abuse.ch - Scan suspicious files such as malware samples or process dumps against a large repository of YARA rules
  • Rescure - Curated cyber threat intelligence for everyone
  • otx.alienvault - The World's First Truly Open Threat Intelligence Community
  • urlquery.net - Service for detecting and analyzing web-based malware
  • socradar.io - Extension to your SOC team
  • VirusShare - System currently contains 48 million malware samples
  • PassiveTotal - Security intelligence that scales security operations and response
  • malapi.io - Windows APIs used for malicious purposes
  • filesec.io - Latest file extensions being used by attackers
  • leakix.net - Search engine indexing public information and an open reporting platform linked to the results
  • tria.ge - Fully automated solution for high-volume malware analysis using advanced sandboxing technology
  • Polyswarm - Launchpad for new technologies and innovative threat detection methods
  • Cisco Talos - The threat intelligence organization at the center of the Cisco Security portfolio
  • scamsearch.io - Find your scammer online & report them
  • CyberCampaigns - Threat Actor information and Write-Ups
  • ORKL - The Community Driven Cyber Threat Intelligence Library
  • Maltiverse - Data from more than 100 different Threat Intelligence sources
  • Inquest Labs - Threat intelligence from hundreds of public, private, and internal sources to develop new FDR signatures and rules
  • PhishTank - Collaborative clearing house for data and information about phishing on the Internet
  • IntelOwl - Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale
  • Lupovis - Analyze and collect data on Internet-wide scans and attacks in real-time. We use this data to identify and classify malicious actors
  • AbuseIPDB - Check the report history of any IP address to see if anyone else has reported malicious activities
  • Sucuri SiteCheck - Check websites for known malware, viruses, blacklisting status, website errors, out-of-date software, and malicious code
  • Spamhaus - Protect and investigate using IP and domain reputation data
  • ThreatBook - One step ahead of your adversary with high-fidelity, efficient and actionable cyber threat intelligence
  • ShadowServer - Nonprofit security organization working altruistically behind the scenes to make the Internet more secure for everyone
  • Team Cymru - Global leader in cyber threat intelligence and attack surface management
  • BeVigil - Search engine for mobile application security testing
  • CIRCL - The Computer Incident Response Center Luxembourg is a government-driven initiative designed to gather, review, report and respond to computer security threats and incidents
  • MetaDefender Cloud - Advanced threat detection and prevention platform
  • Cybersixgill - Threat intelligence platform that provides access to a wide range of cybersecurity information, including dark web monitoring and threat actor analysis
  • Hybrid Analysis - Free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology
  • IBM X-Force Exchange - Threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers

Web History

  • Web Archive - Explore more than 702 billion web pages saved over time
  • Archive.ph - Create a copy of a webpage that will always be up even if the original link is down
  • CachedPages - Get the cached page of any URL
  • stored.website - View cached web pages/website
  • CommonCrawl - Open repository of web crawl data
  • UK Web Archive - Collects millions of websites each year, preserving them for future generations
  • Arquivo - Non-profit service that maintains information published on the web of interest to the Portuguese community
  • Archive-It - An archive of digital government and non-government organization (NGO) documents and reports
  • HAW - Croatian Web Archive

Surveillance cameras

Unclassified

  • NetoGraph - Captures and indexes detailed, low-level snapshots of website behaviour
  • DorkSearch - Speed up your Dorking
  • usersearch.org - Find someone by username or email on Social Networks, Dating Sites, Forums, Crypto Forums, Chat Sites and Blogs
  • Pastebin - Website where you can store text online for a set period of time

Not working / Paused


If you want to propose changes, just open an issue or a pull request.

edoardoottavianelli.it to contact me.

More Repositories

1

cariddi

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
Go
1,487
star
2

scilla

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
Go
913
star
3

csprecon

Discover new target domains using Content Security Policy
Go
359
star
4

lit-bb-hack-tools

Little Bug Bounty & Hacking Tools⚔️
Go
326
star
5

missing-cve-nuclei-templates

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.
Shell
318
star
6

tryhackme-ctf

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.
Shell
208
star
7

favirecon

Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.
Go
192
star
8

eJPT-notes

Notes I took while preparing for eJPT certification by INE Security (passed 19/20, fka eLearn Security)
141
star
9

secfiles

My useful files for penetration tests, security assessments, bug bounty and other security related stuff
Shell
136
star
10

spark-ar-creators

List of 9500 (and counting) Spark AR Creators. Open an issue or contact me if you want to be added.❤️
Python
132
star
11

pphack

The Most Advanced Client-Side Prototype Pollution Scanner
Go
124
star
12

black-hat-python3-code

🏴‍☠️ tools (py3 version) of Black Hat Python book 🏴‍☠️
Python
106
star
13

longtongue

Customized Password/Passphrase List inputting Target Info
Python
80
star
14

pwdsafety

🔒command line tool checking password safety🔒
Go
64
star
15

twitterbot2

Like and retweet your tweets, or search tweets by topic. It stores and serves data with a Flask webapp. 🐦 Live demo running on twitter.com/ai_testing
Python
57
star
16

companies-hiring-security-remote

List of companies that hire security people full remote.
51
star
17

HackerRank-LinuxShell

HackerRank-LinuxShell Solutions 💻
Shell
42
star
18

MSc-CyberSecurity-Sapienza

Master of Science in Cybersecurity, Sapienza University of Rome.
C#
42
star
19

depsdev

CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
Go
39
star
20

twitterBot

[NOT WORKING] 🤖 CLI Twitter Bot. It's made to reach more engagement based on your interests. See https://github.com/edoardottt/twitterbot2
Python
38
star
21

malicious-rMQR-Codes

Collection of (4000+) malicious rMQR Codes for Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more
Python
33
star
22

CompTIA-Security-notes

CompTIA Security+ SY0-601 notes (passed 788 points)
28
star
23

boggart

Highly customizable low-interaction experimental honeypot that mimics specific hosts.
Go
27
star
24

defangjs

URL / IP / Email defanging with Javascript. Make IoC harmless.
JavaScript
25
star
25

amazon_tracker

A simple amazon tracker that sends you an email when prices of your followed products fall down!
Python
24
star
26

py-problems-solutions

Implementations of various problems using Python. Dynamic Programming, BackTracking & Sorting algorithms 💻
Python
23
star
27

golazy

Golang module exporting general purpose functions I get tired of rewriting every time
Go
21
star
28

programming-fundamentals

Useful material for learning Python, start coding and learn how to logically solve real world problems.
Python
20
star
29

asm-snippets

Some of my assembly code (examples, iterative and recursive algorithms) from Computer's Architecture course in Sapienza University, CS Bachelor's Degree 💾
Assembly
17
star
30

news-list

List of Tech/Geo/Economics/Politics sources of news. 🌍
16
star
31

gochanges

**[ARCHIVED]** website changes tracker 🔍
Go
15
star
32

nuclei-cve-gpt

[experiment] Generate Nuclei templates for CVEs using chatGPT
Go
15
star
33

offensive-onos

My experiments in weaponizing ONOS applications (https://github.com/opennetworkinglab/onos)
Java
13
star
34

Scripts

random scripts
Shell
13
star
35

multi-pdf-finder

Are you looking for a word in many pdf files? Do it one time. ⚡
Shell
13
star
36

edovshitler

SAVE THE EARTH! 👾 🎮
Python
12
star
37

defango

URL / IP / Email defanging with Golang. Make IoC harmless.
Go
12
star
38

fileDecrypter

Simple C file decrypter 🔒
C
11
star
39

HackerRank-Python

HackerRank-Python 🐍
Python
10
star
40

bashify

Powershell profile to bashify your Windows prompt
PowerShell
10
star
41

TweetPro

University Java project. It's a lightweight tool specialized in tweets analysis. 📈
Java
10
star
42

powershell365

[PAUSED] 365 (one per day) tips to learn Powershell
PowerShell
9
star
43

gonesis

Generate Golang project template ready to be pushed on GitHub using a single command
Go
9
star
44

COVID-19

Info/Data (global/italy) about COVID-19. PR welcome for other countries.
Python
8
star
45

PostgresSQL-DB

Easy implementation of some postgreSQL Databases for practicing with Conceptual analysis of requirements, design of relational databases and SQL queries
PLpgSQL
8
star
46

READMENATOR

Final README.md sample for all kind of projects [ readme, boilerplate, badges, template, github, material, design, opensource, badge, ui, beauty ]
7
star
47

cpu-usage

Simple cpu usage scripts with some programming languages
Java
7
star
48

RFDos-Scanner

Response Filter Denial of Service (RFDoS) Experimental Scanner
7
star
49

omegle-geolocalization

Localize strangers on Omegle. See Country, State, City, District, Latitude and Longitude.
JavaScript
6
star
50

bugcrowd-go

Golang Bugcrowd API client
Go
6
star
51

go-readingtime

Estimate how long it takes to read a text
Go
6
star
52

images

🖼️Images for edoardottt's repositories🖼️
4
star
53

dalle

Simple Golang Client to interact with Dall-E API
Go
4
star
54

GDPR

General Data Protection Regulation
4
star
55

computerphile-pong

Pong game with a little bit of Data Science. Computerphile.
Python
3
star
56

edoardottt

Hey! I'm edoardottt! 🏴‍☠️👹
3
star
57

Eproject

My first Django application
Python
3
star
58

master-degree-thesis

Proposal and Investigation of a framework for Cross App Poisoning attacks detection in Software Defined Networks - Master of Science in Cybersecurity Thesis, Sapienza University
TeX
3
star
59

edoardoottavianelli.it

My personal website (https://www.edoardoottavianelli.it/)
HTML
3
star
60

bachelor-degree-thesis

Design e Sviluppo del sistema di End User Development in SeismoCloud - Laurea Triennale in Informatica Università Sapienza di Roma
TeX
3
star
61

hello-world

Hello world
1
star
62

SeekUp

Progetto Ingegneria del Software - Informatica, Università Sapienza
1
star