Awesome Hacker Search Engines

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

General • Servers • Vulnerabilities • Exploits • Attack surface • Code • Mail addresses • Domains • URLs • DNS • Certificates • WiFi networks • Device Info • Credentials • Leaks • Hidden Services • Social Networks • Phone numbers • Images • Threat Intelligence • Web History • Surveillance cameras • Crypto • People

General Search Engines

• Google
• Bing
• Yahoo!
• Yandex
• Ask
• Baidu
• You
• SearXNG
• EXALead
• DuckDuckGo
• Swisscows
• Naver
• AOL
• Brave
• Yep
• Gibiru
• Kagi
• Stract

Servers

• Shodan - Search Engine for the Internet of Everything
• Censys Search - Search Engine for every server on the Internet to reduce exposure and improve security
• Onyphe.io - Cyber Defense Search Engine for open-source and cyber threat intelligence data
• ZoomEye - Global cyberspace mapping
• GreyNoise - The source for understanding internet noise
• Natlas - Scaling Network Scanning
• Netlas.io - Discover, Research and Monitor any Assets Available Online
• FOFA - Cyberspace mapping
• Quake - Cyberspace surveying and mapping system
• Hunter - Internet Search Engines For Security Researchers
• ODIN - One of the most powerful search engines for Scanned Internet Assets

Vulnerabilities

• NIST NVD - US National Vulnerability Database
• MITRE CVE - Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities
• GitHub Advisory Database - Security vulnerability database inclusive of CVEs and GitHub originated security advisories
• cloudvulndb.org - The Open Cloud Vulnerability & Security Issue Database
• osv.dev - Open Source Vulnerabilities
• Vulners.com - Your Search Engine for Security Intelligence
• opencve.io - Easiest way to track CVE updates and be alerted about new vulnerabilities
• security.snyk.io - Open Source Vulnerability Database
• Mend Vulnerability Database - The largest open source vulnerability DB
• Rapid7 - DB - Vulnerability & Exploit Database
• CVEDetails - The ultimate security vulnerability datasource
• VulnIQ - Vulnerability intelligence and management solution
• SynapsInt - The unified OSINT research tool
• Aqua Vulnerability Database - Vulnerabilities and weaknesses in open source applications and cloud native infrastructure
• Vulmon - Vulnerability and exploit search engine
• VulDB - Number one vulnerability database
• ScanFactory - Realtime Security Monitoring
• Trend Micro Zero Day Initiative - Publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers
• Google Project Zero - Vulnerabilities including Zero Days
• Trickest CVE Repository - Gather and update all available and newest CVEs with their PoC
• cnvd.org.cn - Chinese National Vulnerability Database
• InTheWild.io - Check CVEs in our free, open source feed of exploited vulnerabilities
• Vulnerability Lab - Vulnerability research, bug bounties and vulnerability assessments
• Red Hat Security Advisories - Information about security flaws that affect Red Hat products and services in the form of security advisories
• Cisco Security Advisories - Security advisories and vulnerability information for Cisco products, including network equipment and software
• Microsoft Security Response Center - Reports of security vulnerabilities affecting Microsoft products and services
• VARIoT - VARIoT IoT Vulnerabilities Database

Exploits

• Exploit-DB - Exploit Database
• Sploitus - Convenient central place for identifying the newest exploits
• Rapid7 - DB - Vulnerability & Exploit Database
• Vulmon - Vulnerability and exploit search engine
• packetstormsecurity.com - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
• 0day.today - Ultimate database of exploits and vulnerabilities
• LOLBAS - Living Off The Land Binaries, Scripts and Libraries
• GTFOBins - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
• Payloads All The Things - A list of useful payloads and bypasses for Web Application Security
• XSS Payloads - The wonderland of JavaScript unexpected usages, and more
• exploitalert.com - Database of Exploits
• Reverse Shell generator - Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode
• HackerOne hacktivity - See the latest hacker activity on HackerOne
• Bugcrowd Crowdstream - Showcase of accepted and disclosed submissions on Bugcrowd programs
• GTFOArgs - Curated list of Unix binaries that can be manipulated for argument injection
• shell-storm.org/shellcode - Shellcodes database for study cases
• Hacking the Cloud - Encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on their next cloud exploitation adventure
• LOLDrivers - Open-source project that brings together vulnerable, malicious, and known malicious Windows drivers
• PwnWiki - Collection of TTPs (tools, tactics, and procedures) for what to do after access has been gained
• CVExploits Search - Your comprehensive database for CVE exploits from across the internet
• VARIoT - VARIoT IoT exploits database
• LOOBins - Detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes
• Coalition Exploit Scoring System - Model that dynamically scores new and existing vulnerabilities to reflect their exploit likelihood
• WADComs - Interactive cheat sheet containing a curated list of offensive security tools and their respective commands to be used against Windows/AD environments
• LOLAPPS - Compendium of applications that can be used to carry out day-to-day exploitation
• Living off the Hardware - Resource collection that provides guidance on identifying and utilizing malicious hardware and malicious devices
• Living Off the Pipeline - How development tools commonly used in CI/CD pipelines can be used to achieve arbitrary code execution
• hackyx.io - The aim of this project is to easily find any resource related to IT security like CTF writeups, articles or Bug Bounty reports
• exploit.observer - The World's Largest Exploit & Vulnerability Intelligence Database and is freely accessible to all

Attack Surface

• FullHunt.io - Attack surface database of the entire Internet
• BinaryEdge - We scan the web and gather data for you
• Censys ASM - Attack Surface Management Solutions
• RedHunt Labs - Discover your Attack Surface, Continuously
• SecurityTrails - The Total Internet Inventory
• overcast-security.com - We make tracking your external attack surface easy
• IPInfo.io - The trusted source for IP address data
• IPData.co - IP Geolocation and Threat Intelligence API
• NetworksDB - Information about the public IPv4 and IPv6 addresses, networks and domains owned by companies and organisations across the world
• ASNlookup - Quickly lookup updated information about specific Autonomous System Number (ASN), Organization, CIDR, or registered IP addresses (IPv4 and IPv6) among other relevant data
• BGPtools - Browse the Internet ecosystem
• BGPview - Debug and investigate information about IP addresses, ASN, IXs, BGP, ISPs, Prefixes and Domain names
• BigDataCloud - The API provides comprehensive location and network data
• RADb - The world's largest public routing registry
• Deepinfo - Empower your security with the most comprehensive Internet data
• CloudFlare Radar - Global Internet traffic, attack, and technology trends and insights

Code

• GitHub Code Search - Search globally across all of GitHub, or scope your search to a particular repository or organization
• GitLab Code Search - Advanced search for faster, more efficient search across the entire GitLab instance
• Sourceforge - Complete Open-Source and Business Software Platform
• grep.app - Search across a half million git repos
• publicwww.com - Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code
• SearchCode - Search 75 billion lines of code from 40 million projects
• NerdyData - Find companies based on their website's tech stack or code
• RepoSearch - Source code search engine that helps you find implementation details, example usages or just analyze code
• SourceGraph - Understand and search across your entire codebase
• HotExamples - Search code examples from over 1 million projects
• WP Directory - Lightning fast regex searching of code in the WordPress Plugin and Theme Directories
• GitHub Gists - Instantly share code, notes, and snippets
• CodeBerg - Collaboration platform and Git hosting for free and open source software, content and projects
• Fedora Pagure - Open Source software code hosting system
• LaunchPad - Software collaboration platform that provides: Bug tracking, Code hosting, Code reviews, Ubuntu package building and hosting, Translations...
• repo.or.cz - Public Git hosting site
• gitorious.org - Read-only mirror of the former gitorious.org code hosting website
• Sourcehut - Collection of tools useful for software development
• android.googlesource.com - Git repositories on android
• deps.dev - Service developed and hosted by Google to help developers better understand the structure, construction, and security of open source software packages
• WebFinery - Search the source code of the web
• Google Code Archive - Data found on the Google Code Project Hosting Service, which was turned down in early 2016
• Snipplr - Code snippet search engine that allows users to search and share code snippets across various programming languages and frameworks
• Postman Public Collections - Explore the best APIs, collections, workspaces in the world on the Postman Public API Network
• ScriptMafia - Download full nulled scripts
• SearchFTPs - The most advanced FTP Search Engine service maintained by members
• Ecosyste.ms - An open API service providing package, version and dependency metadata of many open source software ecosystems and registries
• SwaggerHub - Search public APIs and Domains in SwaggerHub

Mail Addresses

• Hunter.io - Find professional email addresses in seconds
• PhoneBook - Lists all domains, email addresses, or URLs for the given input domain
• IntelligenceX - Search engine and data archive
• Reacher.email - Open-Source Email Verification
• RocketReach - Your first-degree connection to any professional
• email-format.com - Find the email address formats in use at thousands of companies
• EmailHippo - Email address verification technology
• ThatsThem - Reverse email lookup
• verify-email.org - Checks whether the mailbox