A list of search engines useful during Penetration testing, vulnerability assessments, red team operations, bug bounty and more

General • Servers • Vulnerabilities • Exploits • Attack surface • Code • Mail addresses • Domains • URLs • DNS • Certificates • WiFi networks • Device Info • Credentials • Social Networks • Phone numbers • Threat Intelligence • Web History

• Google
• Bing
• Yahoo!
• Yandex

• Shodan - Search Engine for the Internet of Everything
• Onyphe.io - Cyber Defense Search Engine for open-source and cyber threat intelligence data
• ZoomEye - Global cyberspace mapping
• GreyNoise - The source for understanding internet noise
• Natlas - Scaling Network Scanning
• Netlas.io - Discover, Research and Monitor any Assets Available Online
• FOFA - Cyberspace mapping

• NIST NVD - National Vulnerability Database
• MITRE CVE - Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities
• osv.dev - Open Source Vulnerabilities
• cloudvulndb.org - The Open Cloud Vulnerability & Security Issue Database
• Vulners.com - Your Search Engine for Security Intelligence
• opencve.io - Easiest way to track CVE updates and be alerted about new vulnerabilities
• security.snyk.io - Open Source Vulnerability Database
• Rapid7 - DB - Vulnerability & Exploit Database
• CVEDetails - The ultimate security vulnerability datasource
• VulnIQ - Vulnerability intelligence and management solution
• SynapsInt - The unified OSINT research tool
• Aqua Vulnerability Database - Vulnerabilities and weaknesses in open source applications and cloud native infrastructure

• Exploit-DB - Exploit Database
• Sploitus - Convenient central place for identifying the newest exploits
• Rapid7 - DB - Vulnerability & Exploit Database

• FullHunt.io - Attack surface database of the entire Internet
• BynaryEdge - We scan the web and gather data for you
• Censys - Attack Surface Management Solutions
• RedHunt Labs - Discover your Attack Surface, Continuously
• SecurityTrails - The Total Internet Inventory
• criminalip.io - Cyber Threat Intelligence Search Engine and Attack Surface Management(ASM) platform
• overcast-security.com - We make tracking your external attack surface easy

• GitHub Code Search
• grep.app - Search across a half million git repos
• publicwww.com - Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code
• SearchCode - Search 75 billion lines of code from 40 million projects
• NerdyData - Find companies based on their website's tech stack or code
• RepoSearch - Source code search engine that helps you find implementation details, example usages or just analyze code
• SourceGraph - Understand and search across your entire codebase

• Hunter.io - Find professional email addresses in seconds
• PhoneBook - Lists all domains, email addresses, or URLs for the given input domain
• IntelligenceX - Search engine and data archive
• Reacher.email - Open-Source Email Verification
• RocketReach - Your first-degree connection to any professional
• email-format.com - Find the email address formats in use at thousands of companies
• EmailHippo - Email address verification technology
• ThatsThem - Reverse email lookup
• verify-email.org - Checks whether the mailbox exists or not
• Melissa - Emailcheck - Check email addresses and verify they are live
• VoilaNorbert - I can find anyone's email address
• SynapsInt - The unified OSINT research tool
• skymem.info - Find email addresses of companies and people

• PhoneBook - Lists all domains, email addresses, or URLs for the given input domain
• IntelligenceX - Search engine and data archive
• Omnisint - Subdomain enumeration
• Riddler - Allows you to search in a high quality dataset
• RobTex - Various kinds of research of IP numbers, Domain names, etc
• CentralOps - DomainDossier - Investigate domains and IP addresses
• DomainIQ - Comprehensive Domain Intelligence
• whois.domaintools.com - Industry’s fastest domain discovery engine and broadest, most accurate data
• grayhatwarfare.com - domains - How to search URLs exposed by Shortener services
• whoisology.com - Deep Connections Between Domain Names & Their Owners
• who.is - WHOIS Search, Domain Name, Website, and IP Tools
• pentest-tools.com - Discover subdomains and determine the attack surface of an organization
• BuiltWith - Find out what websites are Built With
• MoonSearch - Backlinks checker & SEO Report
• sitereport.netcraft.com - Find out the infrastructure and technologies used by any site
• SynapsInt - The unified OSINT research tool
• spyonweb.com - Find out related websites
• statscrop.com - Millions of amazing websites across the web are being analyzed with StatsCrop
• securityheaders.com - Scan your site now
• visualsitemapper.com - Create a visual map of your site
• similarweb.com - The easiest and fastest tool to find out what's really going on online
• buckets.grayhatwarfare.com - Public buckets
• C99.nl - Over 57 quality API's and growing!

• PhoneBook - Lists all domains, email addresses, or URLs for the given input domain
• IntelligenceX - Search engine and data archive
• URLScan - A sandbox for the web
• HackerTarget - Collect information about IP Addresses, Networks, Web Pages and DNS records
• MOZ Link Explorer - The world's best backlink checker with over 40 trillion links
• shorteners.grayhatwarfare.com - Search URLs exposed by Shortener services

• DNSDumpster - dns recon & research, find & lookup dns records
• RapidDNS - dns query tool which make querying subdomains or sites of a same ip easy
• DNSdb - Passive DNS historical database
• Omnisint - Reverse DNS lookup
• HackerTarget - Collect information about IP Addresses, Networks, Web Pages and DNS records
• passivedns.mnemonic.no - Web interface for querying passive DNS data collected in our malware lab
• ptrarchive.com - Over 230 billion reverse DNS entries from 2008 to the present
• dnshistory.org - Domain Name System Historical Record Archive
• DNSTwister - The anti-phishing domain name search engine and DNS monitoring service
• DNSviz - Tool for visualizing the status of a DNS zone
• C99.nl - Over 57 quality API's and growing

• Crt.sh - Certificate Search
• CTSearch - Certificate Transparency Search Tool
• TLS.BufferOver.run - Quickly find certificates in IPv4 space
• CertSpotter - Monitors your domains for expiring, unauthorized, and invalid SSL certificates
• SynapsInt - The unified OSINT research tool
• Censys - Certificates - Certificates Search

• Wigle.net - Maps and database of 802.11 wireless networks with statistics

• MAC Vendor Lookup - Look up the vendor for a specific MAC Address
• macvendors.com - Find MAC Address Vendors. Now.
• macaddress.io - MAC address vendor lookup
• maclookup.app - Find the vendor name of a device by entering an OUI or a MAC address

• Have I Been Pwned - Check if your email or phone is in a data breach
• Dehashed - Free deep-web scans and protection against credential leaks
• Leak-Lookup - Search across thousands of data breaches
• Snusbase - Stay on top of the latest database breaches
• LeakCheck.io - Make sure your credentials haven't been compromised
• crackstation.net -Massive pre-computed lookup tables to crack password hashes
• breachdirectory.org - Check if your information was exposed in a data breach

These can be useful for osint and social engineering.

• Facebook
• Instagram
• YouTube
• Twitter
• LinkedIn
• Reddit
• Pinterest
• Tumblr
• Flickr
• SnapChat
• Whatsapp
• Quora
• TikTok
• Vimeo
• Medium
• WeChat
• VK
• Weibo
• Tinder

• RocketReach - Your first-degree connection to any professional
• NumLookup - Free reverse phone lookup
• WhitePages - Find people, contact info & background checks
• National Cellular Directory - Begin your comprehensive people search now
• Phone Validator - Is it a cell phone or is it a landline or is it a fake?
• Free Carrier Lookup - Enter a phone number and we'll return the carrier name
• sync.me - Find out who called
• EmobileTracker - Track Mobile Owner Name, Location and Mobile Service Provider
• SpyDialer - Free Reverse Lookup Search
• Reverse Phone Lookup - Find Out The Owner Of A Phone Number
• ThatsThem - Reverse phone lookup
• thisnumber.com - International Phone Directories
• usphonebook.com - Free Reverse Phone Number Lookup
• truepeoplesearch.com - Get current address, cell phone number, email address, relatives, friends and a lot more
• SynapsInt - The unified OSINT research tool
• C99.nl - Over 57 quality API's and growing

• PulseDive - Threat intelligence made easy
• ThreatCrowd - A Search Engine for Threats
• ThreatMiner - Data Mining for Threat Intelligence
• VirusTotal - Analyze suspicious files, domains, IPs and URLs to detect malware and other breaches
• vx-underground.org - Malware library
• Rescure - Curated cyber threat intelligence for everyone
• otx.alienvault - The World's First Truly Open Threat Intelligence Community
• urlquery.net - Service for detecting and analyzing web-based malware
• bazaar.abuse.ch - Malware sample database
• feodotracker.abuse.ch - List of botnet Command&Control servers
• sslbl.abuse.ch - All malicious SSL certificates
• urlhaus.abuse.ch - Propose new malware urls
• threatfox.abuse.ch - Indicator Of Compromise (IOC) database
• socradar.io - Extension to your SOC team

• Web Archive - Explore more than 702 billion web pages saved over time
• Archive.ph - Create a copy of a webpage that will always be up even if the original link is down
• CachedPages - Get the cached page of any URL
• stored.website - View cached web pages/website
• CommonCrawl - Open repository of web crawl data

• NetoGraph
• DNS.BufferOver.run
• Chaos
• PassiveTotal

If you want to propose changes, just open an issue.