黑客搜索引擎 | Awesome Hacker Search Engines

黑客搜索引擎 | Awesome Hacker Search Engines

在渗透测试、漏洞评估、红/蓝团队工作、漏洞赏金等过程中有用的精选搜索引擎列表

中文翻译

通用搜索引擎

黑客搜索引擎 | Awesome Hacker Search Engines

服务器

黑客搜索引擎 | Awesome Hacker Search Engines
  • Shodan – 万物互联的搜索引擎
  • Censys 搜索– 互联网上每台服务器的搜索引擎,以减少暴露并提高安全性。
  • Onyphe.io – 用于开源和网络威胁情报数据的网络防御搜索引擎
  • ZoomEye – 全球网络空间测绘
  • GreyNoise – 了解互联网噪音的来源
  • Natlas – 缩放网络扫描
  • Netlas.io – 发现、研究和监控任何可用的在线资产
  • FOFA – 网络空间映射
黑客搜索引擎 | Awesome Hacker Search Engines

漏洞

黑客搜索引擎 | Awesome Hacker Search Engines

漏洞利用

黑客搜索引擎 | Awesome Hacker Search Engines
  • Exploit-DB – 漏洞利用数据库
  • Sploitus – 用于识别最新漏洞利用的便利中心位置
  • Rapid7 – DB – 漏洞和利用数据库
  • Vulmon – 漏洞利用搜索引擎
  • packetstormsecurity.com – 信息安全服务、新闻、文件、工具、漏洞利用、咨询和白皮书
  • 0day.today – 漏洞利用和漏洞的终极数据库
  • LOLBAS – Living Off The Land 二进制文件、脚本和库
  • GTFOBins – 精选的 Unix 二进制文件列表,可用于绕过错误配置系统中的本地安全限制
  • Payloads All The Things – Web 应用程序安全的有用有效载荷和绕过列表
  • XSS Payloads – JavaScript 意外仙境用法的等等
  • exploitalert.com – 漏洞数据库

攻击面

黑客搜索引擎 | Awesome Hacker Search Engines

代码搜索引擎

  • GitHub 代码搜索– 在整个 GitHub 中进行全局搜索,或将搜索范围限定在特定存储库或组织
  • grep.app – 搜索 50 万个 git仓库
黑客搜索引擎 | Awesome Hacker Search Engines
  • publicwww.com – 在网页 HTML、JS 和 CSS 代码中查找任何字母数字片段、签名或关键字
  • SearchCode – 从 4000 万个项目中搜索 750 亿行代码
  • NerdyData – 根据网站的技术堆栈或代码查找公司
  • RepoSearch – 源代码搜索引擎,可帮助您查找实现细节、示例用法或仅分析代码
  • SourceGraph – 了解和搜索整个代码库
  • HotExamples – 从超过 100 万个项目中搜索代码示例
  • WP Directory – 在 WordPress 插件和主题目录中快速正则表达式搜索代码

邮件地址

黑客搜索引擎 | Awesome Hacker Search Engines

域名

黑客搜索引擎 | Awesome Hacker Search Engines

网址

域名系统

黑客搜索引擎 | Awesome Hacker Search Engines
  • DNSDumpster – dns 侦察和研究,查找和查找 dns 记录
  • Chaos – 加强研究并分析 DNS 周围的变化以获得更好的见解
  • RapidDNS – dns 查询工具,可以轻松查询同一 ip 的子域或站点
  • DNSdb – 被动 DNS 历史数据库
  • Omnisint – 反向 DNS 查找
  • HackerTarget – 收集有关 IP 地址、网络、网页和 DNS 记录的信息
  • passivedns.mnemonic.no – 用于查询在我们的恶意软件实验室中收集的被动 DNS 数据的 Web 界面
  • ptrararchive.com – 从 2008 年到现在超过 2300 亿个反向 DNS 条目
  • dnshistory.org – 域名系统历史记录存档
  • DNSTwister – 反钓鱼域名搜索引擎和 DNS 监控服务
  • DNSviz – 可视化 DNS 区域状态的工具
  • C99.nl – 超过 57 个优质 API 并且还在不断增加
  • PassiveTotal – 可扩展安全操作和响应的安全情报
  • wannabe1337.xyz – 在线工具

证书

黑客搜索引擎 | Awesome Hacker Search Engines

无线网络

黑客搜索引擎 | Awesome Hacker Search Engines
  • Wigle.net – 带有统计数据的 802.11 无线网络地图和数据库
  • wifimap.io – 使用 WiFi 地图应用程序连接到世界各地的所有免费 WiFi 热点!
  • wificafespots.com – 免费 WiFi 咖啡馆点
  • wifispc.com – 随时随地查看 Wi-Fi 密码的免费地图!
  • openwifimap.net – 带有 OpenWiFiMap 数据的 HTML5 地图
  • mylnikov.org – Wi-Fi 地理位置数据库的公共 API 实现

设备信息

黑客搜索引擎 | Awesome Hacker Search Engines

证书

黑客搜索引擎 | Awesome Hacker Search Engines

隐藏服务

黑客搜索引擎 | Awesome Hacker Search Engines
黑客搜索引擎 | Awesome Hacker Search Engines

社交网络

这些对于 osint 和社会工程很有用。

电话号码

威胁情报

黑客搜索引擎 | Awesome Hacker Search Engines
黑客搜索引擎 | Awesome Hacker Search Engines
黑客搜索引擎 | Awesome Hacker Search Engines
  • leakix.net – 搜索引擎索引公共信息和链接到结果的开放报告平台
  • tria.ge – 使用高级沙盒技术进行大容量恶意软件分析的全自动解决方案
  • Polyswarm – 新技术和创新威胁检测方法的发射台
  • Cisco Talos – 位于思科安全产品组合中心的威胁情报组织
  • scamsearch.io – 在线查找骗子并举报他们
  • Cyber​​Campaigns – 威胁参与者信息和评论

网络历史

  • Web Archive – 探索随时间推移保存的超过 7020 亿个网页
黑客搜索引擎 | Awesome Hacker Search Engines
  • Archive.ph – 创建一个网页的副本,即使原始链接已关闭,该网页也会始终打开
  • CachedPages – 获取任何 URL 的缓存页面
  • stored.website – 查看缓存的网页/网站
  • CommonCrawl – 开放的网络抓取数据存储库
  • UK Web Archive – 每年收集数百万个网站,为子孙后代保存它们

未分类

  • NetoGraph – 捕获和索引网站行为的详细、低级快照
  • DorkSearch – 加速你的 Dorking
  • usersearch.org – 在社交网络、约会网站、论坛、加密论坛、聊天网站和博客上通过用户名或电子邮件查找某人
黑客搜索引擎 | Awesome Hacker Search Engines

不工作/暂停

英文原版

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

General Search Engines

Servers

  • Shodan – Search Engine for the Internet of Everything
  • Censys Search – Search Engine for every server on the Internet to reduce exposure and improve security.
  • Onyphe.io – Cyber Defense Search Engine for open-source and cyber threat intelligence data
  • ZoomEye – Global cyberspace mapping
  • GreyNoise – The source for understanding internet noise
  • Natlas – Scaling Network Scanning
  • Netlas.io – Discover, Research and Monitor any Assets Available Online
  • FOFA – Cyberspace mapping

Vulnerabilities

  • NIST NVD – National Vulnerability Database
  • MITRE CVE – Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities
  • GitHub Advisory Database – Security vulnerability database inclusive of CVEs and GitHub originated security advisories
  • cloudvulndb.org – The Open Cloud Vulnerability & Security Issue Database
  • osv.dev – Open Source Vulnerabilities
  • Vulners.com – Your Search Engine for Security Intelligence
  • opencve.io – Easiest way to track CVE updates and be alerted about new vulnerabilities
  • security.snyk.io – Open Source Vulnerability Database
  • Mend Vulnerability Database – The largest open source vulnerability DB
  • Rapid7 – DB – Vulnerability & Exploit Database
  • CVEDetails – The ultimate security vulnerability datasource
  • VulnIQ – Vulnerability intelligence and management solution
  • SynapsInt – The unified OSINT research tool
  • Aqua Vulnerability Database – Vulnerabilities and weaknesses in open source applications and cloud native infrastructure
  • Vulmon – Vulnerability and exploit search engine
  • VulDB – Number one vulnerability database
  • ScanFactory – Realtime Security Monitoring
  • Trend Micro Zero Day Initiative – Publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers
  • Google Project Zero – Vulnerabilities including Zero Days

Exploits

  • Exploit-DB – Exploit Database
  • Sploitus – Convenient central place for identifying the newest exploits
  • Rapid7 – DB – Vulnerability & Exploit Database
  • Vulmon – Vulnerability and exploit search engine
  • packetstormsecurity.com – Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
  • 0day.today – Ultimate database of exploits and vulnerabilities
  • LOLBAS – Living Off The Land Binaries, Scripts and Libraries
  • GTFOBins – Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
  • Payloads All The Things – A list of useful payloads and bypasses for Web Application Security
  • XSS Payloads – The wonderland of JavaScript unexpected usages, and more
  • exploitalert.com – Database of Exploits

Attack Surface

Code Search Engines

  • GitHub Code Search – Search globally across all of GitHub, or scope your search to a particular repository or organization
  • grep.app – Search across a half million git repos
  • publicwww.com – Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code
  • SearchCode – Search 75 billion lines of code from 40 million projects
  • NerdyData – Find companies based on their website’s tech stack or code
  • RepoSearch – Source code search engine that helps you find implementation details, example usages or just analyze code
  • SourceGraph – Understand and search across your entire codebase
  • HotExamples – Search code examples from over 1 million projects
  • WP Directory – Lightning fast regex searching of code in the WordPress Plugin and Theme Directories

Mail Addresses

Domains

URLs

DNS

  • DNSDumpster – dns recon & research, find & lookup dns records
  • Chaos – Enhance research and analyse changes around DNS for better insights
  • RapidDNS – dns query tool which make querying subdomains or sites of a same ip easy
  • DNSdb – Passive DNS historical database
  • Omnisint – Reverse DNS lookup
  • HackerTarget – Collect information about IP Addresses, Networks, Web Pages and DNS records
  • passivedns.mnemonic.no – Web interface for querying passive DNS data collected in our malware lab
  • ptrarchive.com – Over 230 billion reverse DNS entries from 2008 to the present
  • dnshistory.org – Domain Name System Historical Record Archive
  • DNSTwister – The anti-phishing domain name search engine and DNS monitoring service
  • DNSviz – Tool for visualizing the status of a DNS zone
  • C99.nl – Over 57 quality API’s and growing
  • PassiveTotal – Security intelligence that scales security operations and response
  • wannabe1337.xyz – Online Tools

Certificates

  • Crt.sh – Certificate Search
  • CTSearch – Certificate Transparency Search Tool
  • tls.bufferover.run – Quickly find certificates in IPv4 space
  • CertSpotter – Monitors your domains for expiring, unauthorized, and invalid SSL certificates
  • SynapsInt – The unified OSINT research tool
  • Censys Search – Certificates – Certificates Search
  • PassiveTotal – Security intelligence that scales security operations and response
  • ciphersuite.info – TLS Ciphersuite Search. Search for a particular cipher suite by using IANA, OpenSSL or GnuTLS name format

WiFi Networks

  • Wigle.net – Maps and database of 802.11 wireless networks with statistics
  • wifimap.io – Connect to all Free WiFi Hotspots using WiFi Map App all over the World!
  • wificafespots.com – Free WiFi Cafe Spots
  • wifispc.com – Free map of Wi-Fi passwords anywhere you go!
  • openwifimap.net – HTML5 map with OpenWiFiMap data
  • mylnikov.org – Public API implementation of Wi-Fi Geo-Location database

Device Information

Credentials

Hidden Services

Social Networks

These can be useful for osint and social engineering.

Phone Numbers

Threat Intelligence

  • MITRE ATT&CK – Globally-accessible knowledge base of adversary tactics and techniques
  • PulseDive – Threat intelligence made easy
  • ThreatCrowd – A Search Engine for Threats
  • ThreatMiner – Data Mining for Threat Intelligence
  • VirusTotal – Analyze suspicious files, domains, IPs and URLs to detect malware and other breaches
  • vx-underground.org – Malware library
  • bazaar.abuse.ch – Malware sample database
  • feodotracker.abuse.ch – List of botnet Command&Control servers
  • sslbl.abuse.ch – All malicious SSL certificates
  • urlhaus.abuse.ch – Propose new malware urls
  • threatfox.abuse.ch – Indicator Of Compromise (IOC) database
  • yaraify.abuse.ch – Scan suspicious files such as malware samples or process dumps against a large repository of YARA rules
  • Rescure – Curated cyber threat intelligence for everyone
  • otx.alienvault – The World’s First Truly Open Threat Intelligence Community
  • urlquery.net – Service for detecting and analyzing web-based malware
  • socradar.io – Extension to your SOC team
  • VirusShare – System currently contains 48 million malware samples
  • WikiLeaks – News leaks and classified media provided by anonymous sources
  • PassiveTotal – Security intelligence that scales security operations and response
  • malapi.io – Windows APIs used for malicious purposes
  • filesec.io – Latest file extensions being used by attackers
  • leakix.net – Search engine indexing public information and an open reporting platform linked to the results
  • tria.ge – Fully automated solution for high-volume malware analysis using advanced sandboxing technology
  • Polyswarm – Launchpad for new technologies and innovative threat detection methods
  • Cisco Talos – The threat intelligence organization at the center of the Cisco Security portfolio
  • scamsearch.io – Find your scammer online & report them
  • CyberCampaigns – Threat Actor information and Write-Ups

Web History

  • Web Archive – Explore more than 702 billion web pages saved over time
  • Archive.ph – Create a copy of a webpage that will always be up even if the original link is down
  • CachedPages – Get the cached page of any URL
  • stored.website – View cached web pages/website
  • CommonCrawl – Open repository of web crawl data
  • UK Web Archive – Collects millions of websites each year, preserving them for future generations

Unclassified

  • NetoGraph – Captures and indexes detailed, low-level snapshots of website behaviour
  • DorkSearch – Speed up your Dorking
  • usersearch.org – Find someone by username or email on Social Networks, Dating Sites, Forums, Crypto Forums, Chat Sites and Blogs

Not working / Paused

from

转载请注明出处及链接

Leave a Reply

您的电子邮箱地址不会被公开。 必填项已用*标注