Hacker Search Engines

Posted by
List of Best Hacker-Friendly Search Engines

General Search Engines


  • Shodan – Search Engine for the Internet of Everything
  • Censys Search – Search Engine for every server on the Internet to reduce exposure and improve security.
  • Onyphe.io – Cyber Defense Search Engine for open-source and cyber threat intelligence data
  • ZoomEye – Global cyberspace mapping
  • GreyNoise – The source for understanding internet noise
  • Natlas – Scaling Network Scanning
  • Netlas.io – Discover, Research and Monitor any Assets Available Online
  • FOFA – Cyberspace mapping


  • NIST NVD – National Vulnerability Database
  • MITRE CVE – Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities
  • GitHub Advisory Database – Security vulnerability database inclusive of CVEs and GitHub-originated security advisories
  • cloudvulndb.org – The Open Cloud Vulnerability & Security Issue Database
  • osv.dev – Open Source Vulnerabilities
  • Vulners.com – Your Search Engine for Security Intelligence
  • opencve.io – Easiest way to track CVE updates and be alerted about new vulnerabilities
  • security.snyk.io – Open Source Vulnerability Database
  • Mend Vulnerability Database – The largest open-source vulnerability DB
  • Rapid7 – DB – Vulnerability & Exploit Database
  • CVEDetails – The ultimate security vulnerability data source
  • VulnIQ – Vulnerability intelligence and management solution
  • SynapsInt – The unified OSINT research tool
  • Aqua Vulnerability Database – Vulnerabilities and weaknesses in open source applications and cloud-native infrastructure
  • Vulmon – Vulnerability and exploit search engine
  • VulDB – Number one vulnerability database
  • ScanFactory – Realtime Security Monitoring
  • Trend Micro Zero Day Initiative – Publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers
  • Google Project Zero – Vulnerabilities including Zero Days


  • Exploit-DB – Exploit Database
  • Sploitus – Convenient central place for identifying the newest exploits
  • Rapid7 – DB – Vulnerability & Exploit Database
  • Vulmon – Vulnerability and exploit search engine
  • packetstormsecurity.com – Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
  • 0day.today – Ultimate database of exploits and vulnerabilities
  • LOLBAS – Living Off The Land Binaries, Scripts and Libraries
  • GTFOBins – Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
  • Payloads All The Things – A list of useful payloads and bypasses for Web Application Security
  • XSS Payloads – The wonderland of JavaScript unexpected usages, and more
  • exploitalert.com – Database of Exploits

Attack Surface

Code Search Engines

  • GitHub Code Search – Search globally across all of GitHub, or scope your search to a particular repository or organization
  • grep.app – Search across a half million git repos
  • publicwww.com – Find any alphanumeric snippet, signature or keyword in the web page’s HTML, JS and CSS code
  • SearchCode – Search 75 billion lines of code from 40 million projects
  • NerdyData – Find companies based on their website’s tech stack or code
  • RepoSearch – Source code search engine that helps you find implementation details, example usages or just analyze code
  • SourceGraph – Understand and search across your entire codebase
  • HotExamples – Search code examples from over 1 million projects
  • WP Directory – Lightning-fast regex searching of code in the WordPress Plugin and Theme Directories

Mail Addresses




  • DNSDumpster – DNS recon & research, find & lookup DNS records
  • Chaos – Enhance research and analyse changes around DNS for better insights
  • RapidDNS – dns query tool which makes querying subdomains or sites of the same ip easy
  • DNSdb – Passive DNS historical database
  • Omnisint – Reverse DNS lookup
  • HackerTarget – Collect information about IP Addresses, Networks, Web Pages and DNS records
  • passivedns.mnemonic.no – Web interface for querying passive DNS data collected in our malware lab
  • ptrarchive.com – Over 230 billion reverse DNS entries from 2008 to the present
  • dnshistory.org – Domain Name System Historical Record Archive
  • DNSTwister – The anti-phishing domain name search engine and DNS monitoring service
  • DNSviz – Tool for visualizing the status of a DNS zone
  • C99.nl – Over 57 quality APIs and growing
  • PassiveTotal – Security intelligence that scales security operations and response
  • wannabe1337.xyz – Online Tools


WiFi Networks

  • Wigle.net – Maps and database of 802.11 wireless networks with statistics
  • wifimap.io – Connect to all Free WiFi Hotspots using WiFi Map App all over the World!
  • wificafespots.com – Free WiFi Cafe Spots
  • wifispc.com – Free map of Wi-Fi passwords anywhere you go!
  • openwifimap.net – HTML5 map with OpenWiFiMap data
  • mylnikov.org – Public API implementation of Wi-Fi Geo-Location database

Device Information


Hidden Services

Social Networks

These can be useful for osint and social engineering.

Phone Numbers

Threat Intelligence

  • MITRE ATT&CK – Globally-accessible knowledge base of adversary tactics and techniques
  • PulseDive – Threat intelligence made easy
  • ThreatCrowd – A Search Engine for Threats
  • ThreatMiner – Data Mining for Threat Intelligence
  • VirusTotal – Analyze suspicious files, domains, IPs and URLs to detect malware and other breaches
  • vx-underground.org – Malware library
  • bazaar.abuse.ch – Malware sample database
  • feodotracker.abuse.ch – List of botnet Command&Control servers
  • sslbl.abuse.ch – All malicious SSL certificates
  • urlhaus.abuse.ch – Propose new malware urls
  • threatfox.abuse.ch – Indicator Of Compromise (IOC) database
  • yaraify.abuse.ch – Scan suspicious files such as malware samples or process dumps against a large repository of YARA rules
  • Rescure – Curated cyber threat intelligence for everyone
  • otx.alienvault – The World’s First Truly Open Threat Intelligence Community
  • urlquery.net – Service for detecting and analyzing web-based malware
  • socradar.io – Extension to your SOC team
  • VirusShare – System currently contains 48 million malware samples
  • WikiLeaks – News leaks and classified media provided by anonymous sources
  • PassiveTotal – Security intelligence that scales security operations and response
  • malapi.io – Windows APIs used for malicious purposes
  • filesec.io – Latest file extensions being used by attackers
  • leakix.net – Search engine indexing public information and an open reporting platform linked to the results
  • tria.ge – Fully automated solution for high-volume malware analysis using advanced sandboxing technology
  • Polyswarm – Launchpad for new technologies and innovative threat detection methods
  • Cisco Talos – The threat intelligence organization at the center of the Cisco Security portfolio
  • scamsearch.io – Find your scammer online & report them
  • CyberCampaigns – Threat Actor information and Write-Ups

Web History

  • Web Archive – Explore more than 702 billion web pages saved over time
  • Archive.ph – Create a copy of a webpage that will always be up even if the original link is down
  • CachedPages – Get the cached page of any URL
  • stored.website – View cached web pages/website
  • CommonCrawl – Open repository of web crawl data
  • UK Web Archive – Collects millions of websites each year, preserving them for future generations


  • NetoGraph – Captures and indexes detailed, low-level snapshots of website behaviour
  • DorkSearch – Speed up your Dorking
  • usersearch.org – Find someone by username or email on Social Networks, Dating Sites, Forums, Crypto

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.