150+ Hacker Search Engines and Tools

[Man]

Huge selection! In this article, we have collected the tools that our team members themselves use in their work.

The article consists of 8 large sections:

• Metasearch engines and search combines;
• Tools for working with dorks;
• Search by email and logins;
• Search by phone numbers;
• Search the TOR network;
• Search the Internet of Things, IP, domains and subdomains;
• Search for vulnerability data and indicators of compromise;
• Search the source code.

This article contains the tools that our team members use in their work. And yet, this selection will be useful not only for hackers, but also for developers, journalists, HR, marketers and anyone who searches a lot on the Internet.

Metasearch engines and search combines

Online services

• Hopain Tools, Inteltechniques, IntelligenceX, Aware OSINT Tools are the home pages for dozens of general-purpose and special-purpose search engines. All are clearly OSINT-oriented.
• Fagan Finder is a panel with dozens of search engines for libraries, archives and databases.
• Dogpile, iZito, zapmeta are metasearch engines that aggregate results from Google, Yandex, Bing and other popular search engines and display them on one page.
• Metaosint is a search engine for search engines. It provides a convenient interface for searching other tools.
• Synapsint is a metasearch engine with the ability to search by IP, SSL, ASN, CVE, email and phone numbers.
• ThatsThem is a combined search engine for names, addresses, phones, email addresses and IP.
• Carrot2 is a search engine with a built-in text clustering algorithm . Automatically groups thematically related sources.
• Isearchfrom — simulates Google search queries from different countries. Helps to understand how regional restrictions affect search results.
• Answerthepublic is an English-language search engine that provides common search queries for a given phrase.

Utilities

• C - search from command line in 106 sources.
• SpiderFoot is a tool for automating search queries and exporting results to CSV, JSON, GEXF. It is tailored for red team tasks. It has a built-in web interface.
• Query-Server is a tool for sending search queries to Google, Yahoo, Bing, Ask, DuckDuckGo, Baidu, Exalead, Quora, Parsijoo, Dailymotion, Mojeek and Youtube and writing the results to CSV, JSON or XML.
• Recon-ng is an open source reconnaissance framework. It allows you to search for almost everything from logins, phone numbers and addresses to files with accounting reports that have become publicly available. It looks like the Metasploit Framework.
• Querytool is a Google Sheets based OSINT tool designed for complex searches of people, email addresses, files and more.
• Maltego Community Edition is a free OSINT tool for collecting information from Whois, search engines, social networks and finding correlations between people, email addresses, logins, companies, websites, domains, etc.
• sn0int is a framework for collecting and semi-automatically processing information about subdomains, IP addresses, compromised accounts, phone numbers and social media profiles.
• theHarvester is a command-line tool for collecting information for reddit teaming. It allows you to perform active and passive reconnaissance using various search engines. It collects names, email addresses, IP addresses, subdomains and URLs.
• ReconSpider is a crawler for searching IP addresses, emails, websites, organizations and searching for information from different sources.
• Mr.Holmes is a tool for collecting information about user domains, names and phone numbers using public sources and Google Dorks.
• Datasploit is an OSINT tool that can be found inKali orBlackArch Linux . It is designed to collect data on a specific domain, email, username or phone number and save reports in text files, HTML and JSON.
• YaCy is a decentralized, open-source search enginethat allows you to deploy your own search engine.

Tools for working with dorks

Online services

• Google Hacking Database is a growing catalog of dorks with built-in search.
• Dorksearch is a search engine with a built-in dork constructor.
• Bug Bounty Helper is another online google dorks builder for finding "sensitive" pages.

Utilities

• pagodo - automates the search for potentially vulnerable web pages using dorks from the aforementioned Google Hacking Database.
• Grawler is a PHP utility with a web interface for automating the use of Google Dorks, cleaning and saving search results.
• DorkScout is another tool for automating search using dorks. It is written in Golang.
• oxDork is a utility for searching for vulnerabilities and misconfigurations of web servers.
• ATSCAN SCANNER is designed for searching using dorks and mass scanning of web resources for vulnerabilities.
• Fast Google Dorks Scan is an automated tool for collecting information about a specific website using dorks.
• SiteDorks is a ready-made set of search queries for Google, Bing, Ecosia, DuckDuckGo, Yandex, Yahoo, etc. Includes 527 websites.

Search by email and logins

Online services

• Snusbase - indexes information from leaks and provides access to search for compromised email addresses, logins, names, IP addresses, phones and password hashes.
• have i been pwned? — a data leak search engine that lets you check which incidents a specific email address has been involved in.
• Hunter andSkymem - search for corporate email addresses by URL.
• whatsmyname — search for accounts in various services by login. The service is based onpublic JSON .
• User Searcher is a free tool that will help you find a user by login on more than 2 thousand websites.
• CheckUserNames, Instant Username Search, Namecheckr, peekyou, usersearch are online services for searching user accounts by login.

Utilities

• Infoga is a tool that collects email account information from publicly available sources (search engines, PGP key servers, Shodan) and checks if the email has been leaked using the haveibeenpwned.com API.
• Holehe OSINT — checks if email is linked to accounts on sites such as twitter, instagram, imgur. Supports over 100 portals. Uses password recovery function.
• Mailcat - searches email addresses by nickname from 22 mail providers.
• WhatBreach is an OSINT tool that simplifies the task of detecting breaches involving a specific email address. It can download publicly available databases.
• h8mail andpwnedOrNot are tools for searching passwords for compromised email addresses in publicly available databases.
• Sherlock is a tool for searching social network accounts by user login.
• Snoop Project is a tool for searching by logins. According to the developer, it covers more than two and a half thousand sites.
• Maigret — collects a dossier on a person by login, checking accounts on two and a half thousand sites and collecting all available information from web pages. No API keys required. Fork of Sherlock.
• Social Analyzer is an API, command line interface, and web application for analyzing and searching person profiles on over 1,000 websites.
• NExfil is a python utility for searching profiles by username on 350 websites.
• SPY is another fast account name search engine that works with 210 sites.
• Blackbird is a tool for searching accounts by login in social networks.
• Marple - Makes it easy to search by login across public search engines from Google to Torch and Qwant.
• GHunt is a modular tool for collecting data about Google accounts.
• UserFinder is a tool for searching profiles by username.

Search by phone numbers

Utilities

• Moriarty is a utility for reverse (reverse) search by phone numbers. Allows you to find the owner, get links, social network pages and other information related to the number.
• Phomber - Searches for phone numbers on the internet and extracts all available data.
• PhoneInfoga is a well-known tool for finding international phone numbers. It first gives standard information such as country, region, carrier for any international phone number and then searches for its traces in search engines to help identify the owner.
• kovinevmv/getcontact — utility for obtaining information from GetContact application databases (not suitable for parsing, allows only a limited number of requests).

Search the TOR network

Online services

• IACA darkweb tools is a start page for two dozen search engines that work with TOR and are accessible from the regular web.
• Ahmia.fi is another TOR search engine. It stands out forits open source code .
• SearchDemon, Phobos, Tor66, ExcavaTOR, Raklet, SeИtoЯ, Torch, OnionLand Search are search engines operating within the TOR network.
• Exonera Tor is a database of IP addresses that were part of the Tor network. The search engine answers the question of whether a Tor relay was running on this IP address on a given date.
• Relay Search is a web application for discovering Tor relays and bridges, providing information about how they are configured. It is opensource .

Utilities

• TorBot is a handy Onion crawler. It collects URLs and page titles with a short description, gets email addresses from sites, checks if links are active, and saves reports in JSON. Can be run in Docker.
• VililantOnion - Onion crawler with keyword search support.
• Katana-ds is a Python tool for automating search using Google Dorks and with TOR support.
• OnionSearch is a Python3 script for automating .onion searches via public services.
• Devils Eye is an OSINT tool for searching the Darkweb. Does not require TOR to be installed. Can also search the i2p network.

Search by Internet of Things, IP, domains and subdomains

Online services

• Shodan is a famous search engine for collecting information about devices connected to the Internet.
• Censys Search, GreyNoise, ZoomEye, Netlas, CriminalIp are similar search engines to Shodan, but focused on IoT.
• Buckets by Grayhatwarfar is a publicly searchable database of open AWS Buckets, Azure Blobs, and Digital Ocean Spaces.
• Public buckets - search for public AWS S3 & Azure Blob buckets.
• macaddress.io, MAC Vendor Lookup, maclookup.app — determine the device manufacturer by MAC address, OUI or IAB.
• CIRT, Default Password Lookup, Router Password, Open Sez Me - search through databases of passwords installed by default on various devices.
• sitereport.netcraft - Provides a comprehensive summary of registration data and technologies used on a website.
• IPVoid is a set of tools for IP address research: blacklist check, Whois, DNS lookup, ping.
• who.is, DomainDossier, whois.domaintools — search by registration data and Whois.
• DNSDumpster is a domain research tool that can discover hosts associated with a domain.
• ip-neighbors - defines the location of the server and the names of hosts that share an IP address with it.
• ShowMyIP — mass search of IP addresses, allows checking up to 100 IP addresses simultaneously. The output can be downloaded and saved to a .csv file.
• MX Toolbox is another multifunctional tool that allows you to search by domain name, IP address or hostname.
• DNSViz is anopen source set of tools for analyzing and visualizing the Domain Name System .
• infosniper, ip2geolocation, ip2location, ipfingerprints, whoismind — search engines that allow you to find the approximate geographic location of an IP address, as well as other useful information, including ISP, time zone, area code, etc.
• webmeup, openlinkprofiler, Meet Link Explorer — search by backlinks.
• RapidDNS is a DNS query tool that makes it easy to find subdomains or sites with the same IP address.
• CTSearch, crt — search for SSL/TLS certificates issued for a specific domain.

Utilities

• IVRE is a framework for network reconnaissance. An alternative to Shodan, ZoomEye, Censys and GreyNoise.
• OWASP Amass is a network scanner with the function of searching for information in open sources. Aggregates information from dozens of different search engines and databases.
• Infoooze is a NodeJs based OSINT tool. It combines a port and subdomain scanner, DNS lookup, URL scanner, Whois lookup and a number of other tools.
• Automater is a URL, IP address, and MD5 hash mining utility designed to make the work of security analysts easier. It is installed by default in Kali Linux.
• Raccoon is a tool designed for reconnaissance and information gathering with an emphasis on simplicity. It usesNmap for port scanning and a number of passive data mining techniques to gather comprehensive information about the target.
• Mitaka is designed to find IP addresses, MD5, ASN and Bitcoin addresses.
• Photon is a scanner for working with information from open sources. It is designed to scan specific websites in search of (pdf, png, xml, etc.), keys, subdomains and much more. Exports the received data to JSON.
• AttackSurfaceMapper is a scanner with open source search capabilities. Searches for subdomains and their associated IP addresses.
• HostHunter - Uses open source reconnaissance methods to match IP addresses to hostnames. Exports search results to CSV or TXT files.
• Subfinder is a modular tool for detecting subdomains using passive reconnaissance methods. It is intended for bughunters and pentesters.
• Sublist3r - designed to search for subdomains using OSINT.
• WASP Amass - Performs network mapping using open source information.
• Anubis is another utility for detecting subdomains and collecting information about them from open sources.
• DOME is a python script that performs active and/or passive scanning to get subdomains and find open ports.
• Belati - A tool for scraping publicly available data and documents from websites Inspired byFoca andDatasploit .

Search for vulnerability data and indicators of compromise

Online services

• MITRE CVE is a search engine, database, and generally accepted classification of vulnerabilities.
• NIST NVD - Search the official US government vulnerability database.
• GitHub Advisory Database is a vulnerability database that includes CVEs and security advisories.
• CVEDetails, osv.dev, VulDB, maltiverse are a number of other sources of data on vulnerabilities and indicators of compromise.
• opencve.io is a CVE search engine with built-in alerts for new threats.
• security.snyk.io andMend Vulnerability Database, Vulncode-DB are open source vulnerability databases.
• Cloudvulndb is a project that accumulates vulnerabilities and security issues of cloud service providers.
• Vulnerability Database is a system for searching information about current threats.
• Rapid7 - DB is a database that contains details of over 180,000 vulnerabilities and 4,000 exploits. All exploits are included in Metasploit.
• Exploit DB is a CVE-compliant archive of publicly available exploits and vulnerable software.
• sploitus is a search engine for exploits and hacking tools.

Search by source code

Online services

• Searchcode — Search real-world examples of functions, APIs, and libraries in 243 languages across GitHub, GitLab, Bitbucket, GoogleCode, and other source code repositories.
• Sourcegraph is a fast and functional open-source repository search engine. It hasa self-hosted version .
• HotExamples — search for code examples of an open-source project. Allows you to see examples of using a particular class or method from several projects on one page.
• Libraries.io - Search 4,690,628 packages in 32 package managers.
• RepoSearch - search source code in SVN and GitHub repositories.
• grep.app — searches through Git contents. Useful for finding strings associated with vulnerabilities, indicators of compromise, and malware.
• Search from Cyber_detective - search 20 open source repositories using dorks.
• PublicWWW - allows you to find any alphanumeric fragment, including pieces of HTML, JavaScript, CSS code in the code of web pages.
• NerdyData - Search for websites that use specific technologies.

Utilities

• Gitrob is a tool that helps you find potentially sensitive files hosted in public repositories on Github. It clones the repository, goes through the commit history, flags suspicious files, and outputs the results to a web interface.
• Github Dorks is a utility for searching using dorks via the GitHub Search API. It is written in Python.
• gitGraber is a tool for monitoring GitHub and quickly searching for sensitive data, such as credits from Google, Amazon (AWS), Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe, Twilio.
• github-search is a collection of command-line tools for exploring Github.
• TheScrapper is designed to find email addresses and social network accounts in the source code of a website.