Everybody knows what a search engine is – Google, Bing and Yahoo! being the most popular. But what if you want to search for something not normally found on a standard search engine? Are other public search engines safe? What else can they be used for?
Search engines can also be valuable tools for analysts, security researchers, and others. These tools can help security professionals find tracking threats, exposed devices, preparing for spear phishing simulations, and more.
Security professionals often need to quickly look up and correlate data during reconnaissance, when discovering vulnerabilities, OSINT, finding security breaches in networks, and so on. There are search engines specifically designed to be used by security professionals to map a digital footprint.
The 10 best search engines used by hackers
RiskXchange has chosen the top ten search engines often used by security professionals, hackers and by those wishing to perform a deeper search offered by the likes of Google and other “commercial” search engines.
The following list provides the top ten search engines where security professionals obtain information about connected devices, breached credentials, private information on individuals, and more.
Shodan is a search engine and network security monitor that indexes data from any type of electronic device connected to the internet. It’s similar to Google but you see search results in various forms including types of devices, IP addresses, country, SSH, Telnet, and HTTP server banners. But the real value of this search engine is in its ability to help both red teams (offensive security professionals) and blue teams (defensive security professionals).
Shodan can play an important role for the defenders in providing visibility to their devices and open ports, and search for device vulnerabilities to known exploits. Blue teams can retrieve OSINT data and identify devices they need to secure. Shodan helps red teams and penetration testers with reconnaissance and information gathering. Shodan also offers one of the best cybersecurity APIs on the market.
Censys can identify, investigate and remediate all relevant risks to your attack surface. It can also discover the “unknown unknowns” on your network, including: Exposed Internal Services, Exposed Login Services, Out-of-date TLS configurations, and other risky entry points for attackers.
Fuelled by the deepest & broadest internet scan data available today, Censys scans the most ports and houses the biggest certificate database in the world, to provide the freshest and most thorough view of your assets; both known and unknown.
Censys claims to use the most advanced and comprehensive scanning technology which scans the entire internet constantly, including obscure ports. It also uses a combination of banner grabs and deep protocol handshakes to provide industry-leading visibility and an accurate depiction of what is live on the internet.
GreyNoise collects and analyses untargeted, widespread, and opportunistic scan and attack activity that reaches every server directly connected to the internet. Mass scanners (such as Shodan and Censys), search engines, bots, worms, and crawlers generate logs and events omnidirectionally on every IP address in the IPv4 space. GreyNoise allows the ability to filter this useless noise out.
ZoomEye is a Cyberspace Search Engine recording information of devices, websites, services and components. This search engine has two powerful detection engines Xmap and Wmap aiming at devices and websites in the cyberspace. It can be used to identify all the services and components through 24/7 continuous detection. Therefore, it is easier for researchers to understand the component coverage and the damage scope of vulnerabilities.
Although being regarded as a "hacker-friendly" search engine, ZoomEye is not designed to initiate attacks towards network devices or websites. The recorded data is for security research use only. It is more like a navigational chart in cyberspace.
Hunter is a popular search engine that helps you find all the email addresses that belong to a domain or organisation. When you use Hunter, you access data from one unique source: the public web. It analyses millions of websites to index the most up to date business data. Like search engines, Hunter constantly keeps an index of the entire web and organises data that isn't in any other database.
WiGLE is a popular search engine for wireless network mapping. WiGLE’s interface map shows hotspots and nearby networks by merging the information and location of wireless networks into a central database present via web and desktop apps. It is often used by security professionals to monitor for any insecure networks or whether they are vulnerable to attack. Everyday users can also use WiGLE to find open networks nearby.
Billed as the ultimate solution for digital marketing and affiliate marketing research, PublicWWW allows users to perform specific searches in the following ways, something that is not possible with other regular search engines:
References to StackOverflow questions in HTML, .CSS and .JS files
Web designers and developers who hate IE
Sites with the same analytics id: "UA-19778070-"
Sites using the following version of nginx: "Server: nginx/1.4.7"
Advertising networks users: "adserver.adtech.de"
Sites using same Adsense account: "pub-9533414948433288"
WordPress with theme: "/wp-content/themes/twentysixteen/"
Find related websites through the unique HTML codes they share, i.e. widgets & publisher IDs
Identify sites using certain images or badges
Find out who else is using your theme
Identify sites that mention you
References to use a library or a platform
Find code examples on the internet
Figure out who is using what JS widgets on their sites.
PublicWWW also has the following features:
Up to 1 000 000 results per search request
API for developers who want to integrate our data
Download results as a CSV file
Snippets for search results
Results are sorted by website popularity
Searches are typically completed within a few seconds
544 253 416 web pages indexed
Webserver response HTTP headers are also indexed
Websites in the top 1 million are revealed for free
Results from the top 3 million upon registering, the rest are paid.
HIBP is a free resource for anyone to quickly assess whether they have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach. The site came about after what was, at the time, the largest ever single breach of customer accounts — Adobe. The creator often did a post-breach analysis of user credentials and kept finding the same accounts exposed repeatedly, often with the same passwords which then put the victims at further risk of their other accounts being compromised.
This site provides a service to the public. Data breaches are rampant, and many people don't appreciate the scale or frequency with which they occur. By aggregating the data, it not only helps victims learn of compromises of their accounts but also highlights the severity of the risks of online attacks on today's internet.
Used by government agencies, leading financial and insurance institutions, and media companies all over the world, Pipl's unique identity resolution engine connects the world's personal, professional and social identity data to give analysts and investigators an unmatched global index of over 3 billion trusted identity profiles.
The search engine offers its own API, which developers can use to integrate Pipl’s identity information into their applications and allows security professionals to verify identity and to stop credential breaches and account takeovers.
Reposify was founded by a team with multidisciplinary experience in cybersecurity, cloud infrastructure and software development working together to help organisations safeguard their external attack surface.
Reposify helps organisations take control of their assets by providing complete and continuous visibility and insight at scale. It is the new way organisations manage and protect their internet-facing assets. Its outside-in approach to managing organisations’ external attack surface is the only scalable way to reduce exposures and secure the perimeter-less network.
RiskXchange provides a powerful AI-assisted, yet simple automated and centralised unique 360-degree cybersecurity risk rating management approach. We generate objective, quantitative reporting on a company's cybersecurity risk and performance, that enables organisations with evolving business requirements, to conduct business securely in today's open, collaborative, digital world.
RiskXchange is an information security technology company, that helps companies of all sizes fight the threat of cyber threats by providing instant risk ratings for any company across the globe. RiskXchange was founded and is led by recognised experts within the security industry, who have held leading roles within companies such as IBM Security.
Find out more here.