30 Search Engines for Cybersecurity Researchers (Part 1 of 3)
written by anshul vyas
This is the first of the three parts of the search engines which are used by the Security Researchers.
1. DeHashed: View leaked credentials
Among the most popular and advanced security and anti-fraud tools available online, DeHashed is one of the most advanced and popular. Through the DeHashed platform, users can search for and retrieve information from hacked databases. Using various hacker databases, the DeHashed platform lets users search for information published or leaked by hackers.
This platform makes it possible for users to retrieve their leaked information quickly and prevent the information from being misused by hackers or other harmful elements on the web. It’s one of the fastest and most significant data breach search engines out there. Its straightforward interface and ease of use make it popular with users who want to locate their leaked information quickly and easily.
2. Security Trails: Extensive DNS data
With SecurityTrails, organizations can see how their threat attack surface is — the networks and servers that are accessible from the wider internet — by collecting and maintaining vast amounts of current and historical internet records, such as domain names, registration data, and DNS information.
3. DorkSearch: Really fast Google dorking
You can use DorkSearch to find prebuilt templates for different types of Google Dorks.
4. ExploitDB: Archive of various exploits
An Exploit Database is an archive of publicly available exploits and vulnerabilities in software developed for vulnerability researchers and penetration testers. Through direct submissions, mailing lists, and other public sources, it assembles the most comprehensive collection of exploits, shellcodes, and papers, and presents them in a easily navigable and freely accessible format.
5. ZoomEye: Gather information about targets
A search engine developed by Chinese company Knownsec Inc., Zoomeye uses maps to collect data and analyze fingerprints from open devices and web services. Its first version was released in 2013. The current version is Version 3.
6. Pulsedive: Search for threat intelligence
At pulsedive.com, you can find over 35 million searchable IOCs, free of charge, which are generated using user submissions and threat intelligence feeds. Pulsedive is an analyst-centered threat intelligence platform. Using Pulsedive’s free threat intelligence data set, highlight IPs, domains, and URLs on any website to enrich them.
7. GrayHatWarefare: Search public S3 buckets
There are currently 48,623 open S3 buckets in GrayhatWarfare’s free tool, which is a searchable database created by software engineer GrayhatWarfare. As a popular way to cache content, Amazon’s S3 cloud storage, or Simple Storage Service, is used by both the public and private sectors. Files are assigned buckets that are secure and private by default, but can easily be set to be public by the user.
8. PolySwarm: Scan files and URLs for threats
As a launchpad for new technologies and innovative threat detection methods, PolySwarm competes to keep you safe in real time. A network of threat detection engines powers PolySwarm. Combining commercial engines with specialized solutions, it offers wide coverage.
9. Fofa: Search for various threat intelligence
With FOFA, users can find IP assets easily, match network assets quickly, and speed up the follow-up process. This cyberspace search engine is developed by BAIMAOHUI. There are many examples, including vulnerability scope analysis, application distribution statistics, popularity ranking statistics, and so on.
10. LeakIX: Search publicly indexed information
There are some capabilities that separate LeakIX from Shodan, both visually and based on queries used, but the web-based platform offers a very similar visual experience to Shodan. What I think the platform’s value is is its ability to provide insight into compromised devices, servers, and database schemas on the internet, now yes, Shodan tags ‘compromised’ servers in much the same way, but it’s not as comprehensive.
