11 search engines for cybersecurity research you can use right now
Staying ahead in cybersecurity requires constant learning and adaptation. If you’re interested in cybersecurity research, explore the resources outlined below.
DNSdumpster
DNSdumpster is a free domain research tool that can discover hosts related to a domain. Finding visible hosts from the attackers’ perspective is an important part of the security assessment process.
Exploit Database
Exploit Database is a CVE-compliant archive of public exploits and corresponding vulnerable software developed for use by penetration testers and vulnerability researchers. They aim to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources and present them in a freely-available and easy-to-navigate database.
FullHunt
FullHunt is the attack surface database of the Internet. FullHunt enables companies to discover their attack surfaces, monitor them for exposure, and continuously scan them for the latest security vulnerabilities.
GreyNoise
GreyNoise collect, analyze, and label data on IPs that scan the internet and saturate security tools with noise. This unique perspective helps analysts spend less time on irrelevant or harmless activity, and more time on targeted and emerging threats.
Intelligence X
Intelligence X differentiates itself from other search engines:
- The search works with selectors, i.e. specific search terms such as email addresses, domains, URLs, IPs, CIDRs, Bitcoin addresses, IPFS hashes, etc.
- It searches in places such as the darknet, document sharing platforms, whois data, public data leaks and others.
- It keeps a historical data archive of results, similar to how the Wayback Machine from archive.org stores historical copies of websites.
Netlas
Netlas offers a collection of internet intelligence apps that provide accurate technical information on IP addresses, domain names, websites, web applications, IoT devices, and other online assets.
ONYPHE
ONYPHE is a cyber defense search engine dedicated to attack surface discovery and attack surface management. They scan the internet and dark web for exposed assets and crawl the links just like a web search engine. Their data is searchable with a web form or directly from numerous APIs.
Searchcode
Searchcode allows you to search 75 billion lines of code from 40 million projects. It helps you find real-world examples of functions, APIs and libraries in 243 languages across 10+ public code sources.
Shodan
Shodan is a search engine for Internet-connected devices. Discover how internet intelligence can help you make better decisions. The entire Shodan platform (crawling, IP lookups, searching, and data streaming) is available to developers. Use their API to understand whether users connect from a VPN, whether the website you’re visiting has been compromised, and more.
urlscan.io
urlscan.io is a free service to scan and analyse websites. When a URL is submitted to urlscan.io, an automated process will browse to the URL like a regular user and record the activity that this page navigation creates. This includes the domains and IPs contacted, the resources (JavaScript, CSS, etc.) requested from those domains, as well as additional information about the page itself.
urlscan.io will take a screenshot of the page, record the DOM content, JavaScript global variables, cookies created by the page, and a myriad of other observations. If the site is targeting the users one of the more than 900 brands tracked by urlscan.io, it will be highlighted as potentially malicious in the scan results.
Wigle
Wigle consolidate location and information of wireless networks world-wide to a central database, and have user-friendly desktop and web applications that can map, query and update the database via the web.
More resources:
- 12 open-source penetration testing tools you might not know about
- 20 cybersecurity projects on GitHub you should check out
- 8 open-source OSINT tools you should try