Top 10 Search Engines for Pentesters and Bug Bounty Hunters
- shodan.io – SHODAN (Sentient Hyper Optimize Data Access Network) is a search engine that indexes all internet assets. It collects information about all systems and devices connected to the Internet, from a baby monitor to traffic signal lights, and scans for vulnerabilities.
- google.com – Google is a well-known and widely used search engine. In everyday life, it is used for many information acquisition queries. However, advanced searches on Google with queries that allow easier and faster access to the most accurate results are also possible. Google Dorking refers to these advanced Google search techniques.
- wigle.net – Maps and database of 802.11 wireless networks, with statistics, submitted by wardrivers, netstumblers, and net huggers.
- grep.app – grep.app is a search engine for codes on GitHub. GitHub is the most popular code host, hosting some of the most critical open-source projects. grep.app inquiries code from over 500,000 GitHub public repositories.
- app.binaryedge – Multifunctional team that focus its effort on acquiring, analyzing and classifying internet wide data, by combining efforts in the areas of Cybersecurity, Engineering and Data Science.
- onyphe.io – ONYPHE is a Cyber Defense Search Engine that scans various internet resources to provide open-source and cyber threat intelligence data. ONYPHE actively monitors the internet for devices connected to the global network. It also correlates scanned data with data gathered via Website URLs. The data is then made available via an API and its query language.
- viz.greynoise.io – GreyNoise is a cybersecurity platform that collects and analyzes Internet-wide scan and attack traffic. This data is made available through the web-based Visualizer and GreyNoise APIs so users can contextualize existing alerts, filter false-positives, identify compromised devices, and track emerging threats.
- censys.io – Censys.io is a web-based search platform for assessing attack surface for Internet connected devices. The tool can be used not only to identify Internet connected assets and Internet of Things/Industrial Internet of Things (IoT/IIoT), but Internet-connected industrial control systems and platforms.
- hunter.io – Hunter.io, A.K.A Email Hunter, is an email hunter tool that helps marketers find the contact information associated with any domain. This is ideal for companies that use cold emailing as a way to fill their pipeline. Furthermore, Email Hunter can be used to verify emails and do bulk tasks.
- fofa.info – FOFA is a cyberspace search engine developed by BAIMAOHUI. It help customers find IP assets quickly.
- zoomeye.org – ZoomEyeis the leader of global cyberspace mapping, China’s first and world-renowned cyberspace search engine driven by 404 Laboratory of Knownsec, and also a world-famous cyberspace search engine.
- leakix.net – LeakIX is a leak search engine for security and research professionals. LeakIX collects data on the most common security misconfigurations from the Internet.
- intelx.io – IntelligenceX is a search engine. Also, it can be used as a data archive.
- app.netlas.io – Non-intrusive Internet Scanner. Netlas.io scans every IPv4 address and crawls every known website and web application utilizing such protocols as HTTP, FTP, SMTP, POP3, IMAP, SMB/CIFS, SSH, Telnet, SQL and others. Collected data is enriched with additional info and available in Netlas.io Search Engine.
- searchcode.com – searchcode is a free source code search engine. Code snippets and open source (free sofware) repositories are indexed and searchable.
- urlscan.io – urlscan.io is a free service to scan and analyse third-party websites. When a. URL is submitted to urlscan.io, an automated process will browse to the URL. like a regular user and record the activity that this page navigation creates.
- publicwww.com – PublicWWW is commonly used as a source code search engine. It indexes the content of over 500 million websites, can search for an alphanumeric snippet, signature, or keyword within web page HTML, JS, and CSS codes, and downloads a list of websites containing it.
- fullhunt.io – FullHunt is the attack surface database of the entire Internet. FullHunt enables companies to discover all of their attack surfaces, monitor them for exposure, and continuously scan them for the latest security vulnerabilities. All, in a single platform, and more.
- socradar.io – SOCRadar is a cloud-based, artificial intelligence-powered Digital Risk Protection Platform with cyber threat intelligence capabilities. The SOCRadar platform is a cybersecurity early warning system that combines Cyber Threat Intelligence, Digital Risk Protection, and External Attack Surface Management into a single solution.
- binaryedge.io – BinaryEdge is a cybersecurity/data Science company that collects, analyzes, and categorizes data from the internet. BinaryEdge analyzes data from across the web using a custom-built platform that combines machine learning and cybersecurity techniques. At the end of this analysis, it identifies the organizations’ attack surface in detail and provides a threat intelligence service.
- ivre.rocks – IVRE is an open-source framework for network recon. It relies on open-source well-known tools (Nmap, Masscan, ZGrab2, ZDNS and Zeek (Bro)) to gather data (network intelligence), stores it in a database (MongoDB is the recommended backend), and provides tools to analyze it.
- crt.sh – It’s a web interface. that lets you search for certs that have been logged by CT.
- vulners.com – Vulners is a security database that contains explanations for numerous software vulnerabilities. Cross-references between bulletins and a constantly updated database keep users up to date on the latest security threats by bringing together more than 100 data sources.
- pulsedive.com – Pulsedive is a free threat intelligence platform. Search, scan, and enrich IPs, URLs, domains and other IOCs from OSINT feeds or submit your own.