banner
andrewji8

Being towards death

Heed not to the tree-rustling and leaf-lashing rain, Why not stroll along, whistle and sing under its rein. Lighter and better suited than horses are straw sandals and a bamboo staff, Who's afraid? A palm-leaf plaited cape provides enough to misty weather in life sustain. A thorny spring breeze sobers up the spirit, I feel a slight chill, The setting sun over the mountain offers greetings still. Looking back over the bleak passage survived, The return in time Shall not be affected by windswept rain or shine.
telegram
twitter
github
HomeArchives

11 Top Search Engines Loved by Security Professionals

#工具67
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
There are numerous internet-connected devices and online services, and some search engines provide detailed overviews of the online status of these devices and services. These search engines allow security personnel to protect them and their data from online threats. Some of the top search engines for finding specific information about exposed IoT devices, security vulnerabilities, and leaked personal data are ONYPHE, Shodan, Censys, PublicWWW, GreyNoise, Hunter, BinaryEdge, Have I Been Pwned, Fofa, ZoomEye, and WiGLE. These search engines offer various features such as scanning the internet, collecting threat intelligence data, identifying vulnerable devices, and searching for leaked data.

The number of connected devices and online services is large and growing, fortunately, some search engines provide detailed overviews of the online status of these devices and services, allowing security personnel to take measures to protect them and their data from online threats.

These cybersecurity search engines provide information about each device or service, such as operating systems, open ports, and IP addresses. Here are 11 search engines that security researchers use to find specific information about exposed IoT devices, security vulnerabilities, leaked personal data, and more.

11 Top Search Engines#

1. ONYPHE#

image
The ONYPHE search engine can comprehensively scan the Internet and collect open-source network threat intelligence data for various network defense engines. ONYPHE can also actively scan connected devices on the Internet and cross-reference the scanned data with information collected from website URLs. After data processing, it provides query services for this data through APIs and query languages.

Network security analysts mainly use ONYPHE to identify and collect information about attacked devices, and can search ONYPHE's database using keywords such as IP addresses, domains, geographical location data, and inetnum details.

Link: https://www.onyphe.io/

2. Shodan#

image
Shodan is a powerful OSINT tool that monitors and searches a shocking range of network data. It is also one of the few engines that can inspect Operational Technology (OT). Without tools like Shodan, there would be a significant gap in collecting open-source intelligence in industries deploying IT and OT.

Creating an account on Shodan is free, but the information that can be queried for free is very limited. If users want to further query more information, they need to purchase Shodan's membership services. In addition to the personal version, Shodan also offers paid versions such as Small Business and Enterprise Advanced, where Small Business can scan up to 65,536 IP addresses and return up to 20 million results; Enterprise Advanced provides unlimited results and up to 327,680 IP scans per month, as well as vulnerability search filters and advanced support services.

Link: https://www.shodan.io/

3. Censys#

image
Like Shodan, Censys also searches for connected devices and provides detailed information about each device, including operating systems, IP addresses, and open ports. Censys continuously collects data from connected devices and servers, providing accurate information about the devices, including TLS and SSL protocols and open ports. This information is crucial for monitoring and protecting connected devices and services. Additionally, it can identify server versions, routers, operating system versions, web application firewalls, unpatched vulnerabilities, and other details.

Link: https://censys.com/

4. PublicWWW#

image
PublicWWW is a powerful resource for digital and affiliate marketing research, and it can also help security researchers identify websites related to malicious activities through active library queries.

For users who want to search websites through source code, this search engine is their preferred resource. Users can search for keywords, alphanumeric fragments, or signatures in CSS, HTML, or JS code.

Link: https://publicwww.com/

5. GreyNoise#

image
GreyNoise is a search engine that allows researchers to know who is scanning the Internet, enabling them to distinguish between targeted scans and random scans to strengthen their defense mechanisms.

GreyNoise uses advanced machine learning algorithms to detect and classify network activities. Users can also use this search engine to identify and classify noise-related activities, such as vulnerability scans, automatic port scans, and malware distribution. By entering an IP address or keyword, GreyNoise Visualizer generates relevant information.

GreyNoise also has an API that allows seamless integration of its information into existing security applications and infrastructure.

Link: https://www.greynoise.io/

6. Hunter#

image
Hunter is a user-friendly search engine that allows users to easily find and verify email addresses related to specific individuals, domains, or companies.

For example, when entering the name of an organization, users will see a verified email list linked to that domain, including their activity status and the source of obtaining them. It also displays the user's full name, position, and social media accounts.

Link: https://hunter.io/

7. BinaryEdge#

image
BinaryEdge is a machine learning-based security search engine designed to collect, analyze, and classify public Internet data to generate real-time threat intelligence streams and reports.

This search engine can collect various information, including open ports and vulnerable services, vulnerabilities and exposures affecting IP addresses, invalid SSL certificates, and accessible remote desktop data. Additionally, it supports email account verification to identify potential data leaks.

Link: https://www.binaryedge.io/

8. Have I Been Pwned#

image
"Have I Been Pwned," created by renowned cybersecurity lecturer Troy Hunt, is a free open-source intelligence search website that allows users to enter their email addresses to check if they are at risk of data breaches. Users can simply enter their username or email address in the search box to see if the corresponding credentials have been leaked.

It is reported that the website's database contains a large amount of leaked data, including billions of email addresses, usernames, passwords, and other personal data stolen by cybercriminals and published on the Internet.

Link: https://haveibeenpwned.com/

9. Fofa (Domestic)#

image
FOFA is a search engine developed by China's cybersecurity company Huashun Xianan. It is designed to map the global cyberspace and is an important source of Internet assets discovered on the public network. This makes it a valuable tool for security researchers to assess and protect their public-facing assets.

By continuously detecting global Internet assets, FOFA has accumulated over 4 billion assets and 350,000 fingerprint rules. This allows for accurate identification of most software and hardware network assets.

FOFA's search function covers various assets, including cameras, printers, operating systems, and databases. Users can also perform searches on IP, domain, and host, among others.

Link: https://en.fofa.info/

10. ZoomEye (Domestic)#

Screenshot_4

ZoomEye is a network space search engine created by China's cybersecurity company Knownsec. It allows users to search for and monitor online devices and services. The free OSINT tool uses Wmap and Xmap to collect data from open devices and web services and perform fingerprint analysis.

By entering keywords, IP addresses, or any query, ZoomEye generates data including the total number of hosted websites and discovered devices, open port information, and vulnerability reports.

Link: https://www.zoomeye.org/

11. WiGLE#

image

WiGLE is a website that integrates location and other data from wireless networks worldwide. This data is collected by volunteers who download the application to their phones, which records all the access points they encounter along with their GPS coordinates. All this data is then input into the WiGLE database. The data is presented to users in an easy-to-use website and application.

Link: https://www.wigle.net/

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.