Shodan Search Engine#
Website: https://www.shodan.io/
Shodan Search Engine is a search engine specifically designed for internet-connected devices. Unlike traditional search engines like Google, which primarily search web content, Shodan focuses on discovering and indexing various internet-connected devices and services worldwide.
Shodan can help users find the following types of devices and services:
Servers and routers: Including servers with protocols such as HTTP, FTP, SSH, Telnet, etc.
Internet of Things (IoT) devices: Such as smart home devices (cameras, smart bulbs, thermostats, etc.), industrial control systems (SCADA), medical devices, etc.
Network devices: Such as firewalls, intrusion detection systems, VPN devices, etc.
Databases: Such as MySQL, MongoDB, Elasticsearch, etc., instances open on the internet.
GreyNoise Search Engine#
Website: https://viz.greynoise.io/
GreyNoise is a security intelligence platform focused on internet background noise. Its main function is to identify and filter noise in network traffic to help security professionals effectively deal with network threats.
GreyNoise's focus areas are mainly as follows:
Background noise identification: GreyNoise collects and analyzes background noise traffic from various sources through large-scale scanning of the internet. This background noise is often generated by automated scripts, scanners, botnets, and other non-malicious activities. It can identify the IP addresses that generate noise traffic and label them as low-risk, reducing false positives.
Threat intelligence: GreyNoise provides detailed intelligence about IP addresses, including whether they are involved in background noise activity, activity types, and frequencies. Users can use this information to distinguish real threats from harmless background noise and improve threat detection accuracy.
Integration and API support: GreyNoise provides API interfaces for easy integration with existing security tools and platforms such as SIEM (Security Information and Event Management) systems, firewalls, IDS/IPS, etc. Users can query IP address information through the API and integrate GreyNoise's intelligence data into their own security workflows.
Real-time search and monitoring: Users can search for specific IP addresses or IP ranges in real-time to see if these IPs are engaged in background noise activity. GreyNoise supports setting up alerts to notify users when specific types of background noise activity are detected.
Data visualization: GreyNoise provides intuitive visualization interfaces that allow users to view the distribution and trends of background noise through charts, maps, etc. This helps users better understand and analyze background noise data in the network environment.
Classification and labeling: GreyNoise classifies and labels background noise sources, such as scanners, botnet nodes, cloud service IPs, etc., to help users quickly identify and understand the nature of noise traffic.
WiGLE Search Engine#
Website: https://wigle.net/
WiGLE (Wireless Geographic Logging Engine) is a search engine specifically designed for collecting and searching wireless network information. It aggregates Wi-Fi and cellular network data from around the world and continuously updates and expands it through contributions from the user community. The main purpose of WiGLE is to provide geolocation and related information about wireless networks to help users understand and analyze the wireless network environment.
WiGLE Search Engine's focus areas are mainly as follows:
Wireless network database: WiGLE contains a vast database that records Wi-Fi and cellular network information worldwide. Each network record includes information such as SSID (network name), BSSID (MAC address), encryption type, signal strength, and geolocation.
Geolocation search: Users can search for wireless network information in specific areas through WiGLE's map interface. The map displays the distribution of networks, helping users understand the wireless network coverage in a particular area.
Network analysis: WiGLE provides detailed information and historical data about specific networks, allowing users to analyze network trends, signal strength fluctuations, etc.
User community contributions: WiGLE relies on user community-contributed data. Users can upload wireless network information they have collected to expand the database. This crowdsourcing model ensures the breadth and timeliness of the data.
API and data export: WiGLE provides API interfaces that allow developers to access and use wireless network data for development and integration. Users can also export wireless network data for specific areas or types for offline analysis and research.
Wireless network security: WiGLE's data can be used to detect and analyze the security of wireless networks, helping users identify unencrypted or weakly encrypted networks and take measures to improve security.
Censys Search Engine#
Website: https://search.censys.io/
Censys is a search engine specifically designed for internet asset discovery and monitoring. Similar to Shodan, but with different functionalities and focuses. Censys primarily collects detailed information about devices, services, and security-related information through internet scanning to help users identify and analyze publicly exposed internet assets.
Censys regularly scans the entire internet, collecting detailed information about devices, servers, applications, and services. This information includes open ports, service types, operating systems, certificate information, etc. Users can use Censys to search for specific internet assets, including IP addresses, domain names, certificate fingerprints, etc. The search results provide detailed asset information to help users identify and assess their exposed assets. Censys generates detailed security reports to help users understand the security status of their internet assets and provide improvement recommendations.
Hunter Search Engine#
Website: https://hunter.io/
Hunter.io is a search engine and tool specifically designed for discovering and verifying email addresses. It primarily helps users find email addresses related to companies or domains and verify the validity of these addresses. Hunter.io is widely used in marketing, sales, recruitment, and business development.
Hunter.io's focus areas include the following:
Email lookup: Users can enter a company name or domain, and Hunter.io will return email addresses related to that company or domain. It generates results based on information collected from public web pages and databases.
Email verification: Hunter.io provides email address verification functionality to check the validity of input email addresses. The verification process includes format checks, domain validation, email existence checks, etc.
Bulk search and verification: Hunter.io allows users to upload files for bulk email address lookup and verification, suitable for handling large amounts of data.
Domain search: Users can enter a domain name, and Hunter.io will return all email addresses found under that domain, along with their format patterns.
Contact discovery: By inputting an article or webpage URL, Hunter.io can find the author of the page and their contact email address.
API interface: Hunter.io provides API interfaces for developers to integrate its functionality into their own applications or workflows.
VirusTotal Search Engine#
Website: https://www.virustotal.com/gui/home/search
VirusTotal is a comprehensive online service platform focused on analyzing suspicious files and URLs to identify viruses, worms, trojans, various types of malware, and other security threats. The platform was developed by a Spanish company called Hispasec Sistemas and was acquired by Google in 2012. It became part of Chronicle, a subsidiary of Google Cloud, in 2018.
VirusTotal's focus areas include the following:
Multi-engine scanning: VirusTotal analyzes files and URLs using results from multiple antivirus engines (over 70), providing layered detection and verification.
File scanning: Users can upload suspicious files, and VirusTotal will perform in-depth analysis and return detection results from various antivirus engines, including whether threats are detected and the types of threats.
URL scanning: Users can submit suspicious URLs, and VirusTotal will scan the content and behavior of the URL using multiple engines to determine if it contains malicious code or other security threats.
Domain and IP address information: VirusTotal provides detailed information about domains and IP addresses, including associated malicious activities, historical records, and reputation scores.
API interface: VirusTotal provides powerful API interfaces that allow developers to integrate VirusTotal's functionality into their security tools and workflows for automated security analysis.
Community interaction: Users can view and share scan results, participate in community discussions, and contribute intelligence information and analysis results.
Threat intelligence: By integrating multiple data sources and community contributions, VirusTotal provides detailed threat intelligence, including malware behavior, propagation methods, and attack targets.
PublicWWW Search Engine#
Website: https://publicwww.com/
PublicWWW is a search engine specifically designed for searching and analyzing website source code. It allows users to find web pages and websites that contain specific code snippets, keywords, HTML elements, etc. PublicWWW is widely used in market research, competitive analysis, SEO (Search Engine Optimization), web security, and compliance audits.
PublicWWW's focus areas include the following:
Source code search: Users can search website source code, including HTML, CSS, JavaScript, etc., to find specific code snippets, scripts, stylesheets, etc.
Keyword search: Users can enter specific keywords or phrases, and PublicWWW will return web pages and websites that contain these keywords.
Ad and analytics code search: Users can search for specific ad codes, analytics codes (such as Google Analytics ID), etc., to understand the advertising and analytics tools used on a website.
Competitive analysis: Users can search for competitors' website code to understand their technologies, plugins, ad networks, etc.
SEO research: Helps users find specific SEO strategies and techniques, including meta tags, link structures, keyword density, etc.
Security and compliance audits: Helps users identify and analyze potential security risks and compliance issues in websites, such as outdated plugins, vulnerable code, etc.
TinEye Search Engine#
Website: https://tineye.com/
TinEye is a search engine specifically focused on reverse image search. It allows users to find similar images and image sources on the internet by uploading an image or entering an image URL. TinEye was developed by Idée Inc. and is one of the earliest tools to provide reverse image search services. TinEye has a wide range of applications in copyright protection, brand management, marketing, and news verification.
TinEye's focus areas include the following:
Reverse image search: Users can search for similar or identical images on the internet by uploading an image file or entering an image URL, and TinEye will find and return matching or similar images.
Image matching: TinEye uses proprietary image recognition technology to match various versions of an image, including cropped, resized, flipped, color-adjusted versions, etc. TinEye employs advanced image recognition algorithms to accurately match various versions and variations of images. TinEye indexes billions of images to ensure users can find extensive matching results.
Source tracking: TinEye helps users find the original source of an image, providing information about the original publisher and usage.
Copyright protection: Helps photographers, designers, and brands protect their image copyrights by identifying unauthorized use of their works.
Brand management: Companies can use TinEye to monitor the use of their brand logos and product images to ensure brand consistency and copyright protection.
Image recognition API: TinEye provides API interfaces that allow developers to integrate its image recognition and search functionality into their own applications and websites.
HIBP Search Engine#
Website: https://haveibeenpwned.com/
Have I Been Pwned (HIBP) is an online service platform created by security expert Troy Hunt. It aims to help users check if their personal data has been exposed in data breaches. HIBP allows users to query whether their email addresses or usernames have appeared in known data breaches. The service provides individuals and businesses with an easy-to-use tool to check for data breaches, improve security awareness, and take protective measures.
HIBP Search Engine's focus areas include the following:
Data breach lookup: Users can enter an email address or username, and HIBP will check if it has appeared in known data breaches and provide relevant breach information.
Password breach lookup: Users can check if a specific password has appeared in known breached password databases, helping users avoid using compromised or weak passwords.
Notification service: Users can register their email addresses, and if those addresses appear in future data breaches, HIBP will send notifications to alert users to take appropriate actions.
Enterprise solutions: HIBP provides enterprise API and monitoring services to help businesses monitor their employees' or customers' email addresses for appearances in data breaches, enhancing overall security protection.
Developer API: HIBP provides extensive API interfaces that allow developers to integrate HIBP's functionality into their applications and systems for automated breach lookup and monitoring.
OSINT Framework#
Website: https://osintframework.com/
OSINT Framework is an online resource collection developed and maintained by Michael Bazzell. It aims to help users with open-source intelligence (OSINT) collection and analysis. The framework integrates a large number of online tools and resources covering various OSINT domains, including social media, search engines, network analysis, email tracking, etc. The main purpose of the OSINT Framework is to provide researchers, security professionals, investigators, and other professionals who need to collect and analyze information with a structured and easily navigable toolkit.
The OSINT Framework's focus areas include the following:
Efficient information collection: By integrating various OSINT tools and resources, users can efficiently collect and analyze the information they need, improving work efficiency.
Clear categorization: The OSINT Framework categorizes various tools and resources according to their purposes and functions, allowing users to quickly find tools relevant to their needs. Categories include social media, email, domain, dark web, geolocation, etc.
Diverse tools and resources: The framework integrates a large number of online tools and resources, including websites, search engines, databases, browser plugins, etc., covering various OSINT needs.