Search engines for security professionals and pentesters

The 15 most important search engines and tools for security professionals, pentesters or even Cyber ​​enthusiasts.

Search engines are many. We have already looked at some of the most famous ones together. But would professional security professionals or pentesters use Google, Quant, or Startpage search for their work? Certainly not.

Because there are other and much better (sometimes chargeable) options for the professional search for vulnerabilities or for everything that has to do with OSINT. Today we show you the 15 most important and well-known search engines and tools for security professionals, pentesters or even cyber enthusiasts.

shodan.io – an IoT search engine

shodan.ioshodan.io

shodan.io

Shodan was and is the world’s first search engine for internet-enabled devices (IoT). A lot of things that can somehow connect to the Internet can be found here.

censys.io – how big is my attack surface?

Even a well-trained and equipped security team can’t know everything. Censys Attack Surface Management discovers unknown and unmanaged Internet assets – including services, hosts, websites, storage areas and cloud accounts. And this across all clouds and networks in real time.

Censys is not for nothing, but if you want or need to know how big a possible attack surface is, you are certainly well advised to use this very special and professional search engine.

hunter.io – an email address search engine

shodan.iohunter.io - eine Suchmaschine für E-Mail-Adressen

hunter. io – a search engine for email addresses

As with Shodan, the basic functions are free here. So if you can find yourself with just a few searches (20) per month can use the service for free.

Hunter is a very powerful tool. The domain search returns a list of people working in a company with their name and email address.

However, registration is required to actually read email addresses and use search filters can.

fullhunt.io – the search engine for security gaps and vulnerabilities

On the contrary to Censys you can also use and try out FullHunt for free. Up to 100 You can search for free per month. However, the respective searches are limited to 300 Limited results.

Detecting attack surfaces and security vulnerabilities in good time is becoming increasingly important. If you want to deal seriously with this topic or even have to, sooner or later you will certainly not be able to avoid FullHunt.

onyphe. io – cyber defense and find threats

One thing right away. ONYPHE is not exactly cheap! But you also get a lot on offer.

ONYPHE is a cyber defense search engine for open source and cyber threat data that by crawling various sources available on the Internet or by listening to Internet background noise.

onyphe.io

This search engine is certainly not suitable for everyone. As already mentioned, the “fun” doesn’t exactly come cheap. Professional procurement of information has its price. From approx. 065 Euro per month you are part of it. The complete package then costs just under 1. 000€.

socradar.io – monitor the dark web

SOCRadar-Suchmaschine
SOCRadar

SOCRadar is also a fairly professional search engine. This very extensive and practical tool can and should also be used as an early warning system.

Because SOCRadar also collects data from hacker forums and chats on the deep web (darknet), including Telegram/Discord/IRC hacker channels.

You can also use SOCRadar for free . But then it is quite (very) limited in its functions. Registration is also absolutely necessary here in order to be able to use this tool.

binaryedge.io – scanner and own honeypots

BinaryEdge is also a very comprehensive search engine for security gaps and vulnerabilities, which should primarily be of interest to companies and security experts.

We continuously collect and correlate data from web-accessible devices so businesses can see how large their attack surface is and what they reveal to potential attackers.

binaryedge.io

You must also register with this “search engine”. However, one is here with at least 250 Requests per month served fairly well.

ivre.rocks – an open-source framework for network reconnaissance

IVRE, as the title suggests, is open-source and therefore free for everyone to use. IVRE uses well-known open source tools such as Nmap, Massscan, ZGrab2, ZDNS and Zeek to collect data from a network (network intelligence).

The collected data are stored in a database summarized and can be searched at will. Really a very handy thing and a great tool.

crt. sh – a search engine for web certificates

This search engine is also completely free and open source. There isn’t much to say about it. You simply enter a domain name or organization name in the search field and all the certificates issued for this site will be listed in a clear and concise manner and with a lot of useful information.

Die Suchmaschine vulners.comshodan.io
vulners.com

If you are specifically looking for one or the other security gap, threat or InfoSec message, you can warmly recommend this search engine.

You also have to register here in order to be able to use the tool for free. If you want to use the complete service, you can use up to 1. 075Pay € per month.

publicwww.com – the source code search engine

Pulsedive - mehr als nur eine Suchmaschine
PublicWWW

A bit unusual at first glance, but certainly indispensable for one or the other job to be done. The search for a source code cannot be done with a “normal” search engine.

PublicWWW is an interesting solution for your research in the field of digital marketing and affiliate marketing. You have to register here too. Prices range from “Free” to approx. 407€ per month.

PublicWWW - eine Suchmaschine für Source Codes
Pulsedive – more than just a search engine

Pulsedive processes millions of IPs, domains and URLs collected from dozens of feeds and user submissions worldwide. Clearly presented information and lots of options, which you can also use free of charge.

intelx.io – Open Source Intelligence and OSINT

Intelligence X is a very special search engine. You want to search the deepest and most hidden areas of the internet? No problem. It does not matter whether it is information about a specific Bitcoin address. You can also search Donald Trump’s email server or even Hillary Clinton’s emails.

If it’s anywhere on the web, Intelligence X will find the information you’re looking for. You have to register here too. But at least you can use the search for free. However, if you want to use the whole thing professionally, you pay up to 21.000€ per year.

wigle.net – Information about wireless networks around the world

wigle.net
wigle.net

Wigle is a huge database of information on pretty much every wireless network out there. You have to register here too, but it’s completely free and community-based.

greynoise.io

GreyNoise basically does the same as ONYPHE. GreyNoise collects, analyzes and flags data about IPs that scan the internet and flood security tools with noise.

Security researchers waste less time on irrelevant or even harmless activities and can focus on concrete threats.

Login is required you can also look at GreyNoise. But you can use the tool for free. Have fun trying it out!

Tarnkappe.info


48558210About Sunny 48558210

Sunny has been writing since 2019 for the invisibility cloak. There he writes the reading tips and prefers to report on topics such as data protection, hacking and share hosting. But he can also be found again and again in our monthly commentary, in the interviews and in “Unter dem Radar” – the podcast by Tarnkappe.info.

Related Articles

Back to top button