banner
andrewji8

Being towards death

Heed not to the tree-rustling and leaf-lashing rain, Why not stroll along, whistle and sing under its rein. Lighter and better suited than horses are straw sandals and a bamboo staff, Who's afraid? A palm-leaf plaited cape provides enough to misty weather in life sustain. A thorny spring breeze sobers up the spirit, I feel a slight chill, The setting sun over the mountain offers greetings still. Looking back over the bleak passage survived, The return in time Shall not be affected by windswept rain or shine.
telegram
twitter
github
HomeArchives

11 top search engines loved by security professionals

#工具65
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
There are numerous internet-connected devices and online services, and some search engines provide detailed overviews of the online status of these devices and services, allowing security personnel to protect them and their data from online threats. These security search engines provide information about each device or service, such as operating systems, open ports, and IP addresses. There are 11 top search engines that security researchers use to find specific information about exposed IoT devices, security vulnerabilities, and leaked personal data. These search engines include ONYPHE, Shodan, Censys, PublicWWW, GreyNoise, Hunter, BinaryEdge, Have I Been Pwned, Fofa, ZoomEye, and WiGLE. Each search engine has its own features and capabilities for monitoring and protecting internet-connected devices and services.

The number of connected devices and online services is vast and continues to grow. Fortunately, some search engines provide detailed overviews of the online status of these devices and services, allowing security personnel to take measures to protect them and their data from online threats.

These cybersecurity search engines provide information about each device or service, such as the operating system, open ports, and IP addresses. Here are 11 search engines that security researchers use to find specific information about exposed IoT devices, security vulnerabilities, leaked personal data, and more.

11 Top Search Engines#

1. ONYPHE#

ONYPHE search engine can comprehensively scan the internet and collect open-source network threat intelligence data for various network defense engines. ONYPHE can also actively scan connected devices on the internet and cross-reference the scan data with information collected from website URLs. After data processing, it provides query services through APIs and query languages.

Network security analysts primarily use ONYPHE to identify and collect information about targeted devices. They can search ONYPHE's database using keywords such as IP addresses, domains, geographical location data, and inetnum details.

Link: https://www.onyphe.io/

2. Shodan#

Shodan is a powerful OSINT (Open-Source Intelligence) tool that monitors and searches a shocking range of network data. It is also one of the few engines that can inspect Operational Technology (OT). Without tools like Shodan, there would be significant gaps in collecting open-source intelligence in industries deploying IT and OT.

Creating an account on Shodan is free, but the information that can be queried for free is limited. To further query more information, users need to purchase Shodan's membership services. In addition to the personal version, Shodan also offers paid versions for small businesses and enterprise advanced versions. The small business version can scan up to 65,536 IP addresses and return up to 20 million results. The enterprise advanced version provides unlimited results and up to 327,680 IP scans per month, including vulnerability search filters and advanced support services.

Link: https://www.shodan.io/

3. Censys#

Like Shodan, Censys also searches for connected devices and provides detailed information about each device, including the operating system, IP address, and open ports. Censys continuously collects data from connected devices and servers, providing accurate information about the devices, including TLS and SSL protocols and open ports. This information is crucial for monitoring and protecting connected devices and services. Additionally, it can identify server versions, routers, operating system versions, web application firewalls, unpatched vulnerabilities, and other details.

Link: https://censys.com/

4. PublicWWW#

PublicWWW is a powerful resource for digital and affiliate marketing research, and it can also help security researchers identify websites related to malicious activities through active library queries.

For users who want to search websites through source code, this search engine is their preferred resource. Users can search for keywords, alphanumeric fragments, or signatures in CSS, HTML, or JS code.

Link: https://publicwww.com/

5. GreyNoise#

GreyNoise is a search engine that allows researchers to know who is scanning the internet. This enables them to distinguish between targeted scans and random scans to strengthen their defense mechanisms.

GreyNoise uses advanced machine learning algorithms to detect and classify network activities. Users can also use this search engine to identify and classify noise-related activities, such as vulnerability scans, automatic port scans, and malware distribution. By entering an IP address or keyword, GreyNoise Visualizer generates relevant information.

GreyNoise also has an API that allows seamless integration of its information into existing security applications and infrastructure.

Link: https://www.greynoise.io/

6. Hunter#

Hunter is a user-friendly search engine that allows users to easily find and verify email addresses related to specific individuals, domains, or companies.

For example, when entering the name of an organization, users will see a verified email list linked to that domain, including their activity status and the source of obtaining them. It also displays users' full names, positions, and social media accounts.

Link: https://hunter.io/

7. BinaryEdge#

BinaryEdge is a machine learning-based security search engine designed to collect, analyze, and categorize public internet data to generate real-time threat intelligence streams and reports.

This search engine can collect various information, including open ports and vulnerable services, vulnerabilities and exposures affecting IP addresses, invalid SSL certificates, and accessible remote desktop data. Additionally, it supports email account verification to identify potential data leaks.

Link: https://www.binaryedge.io/

8. Have I Been Pwned#

"Have I Been Pwned" is a free open-source intelligence search website created by renowned cybersecurity lecturer Troy Hunt. It allows users to enter their email addresses to check if they are at risk of data breaches. By simply entering their username or email address in the search box, users can see if their credentials have been leaked.

The website's database contains a large amount of leaked data, including billions of email addresses, usernames, passwords, and other personal data stolen by cybercriminals and published on the internet.

Link: https://haveibeenpwned.com/

9. Fofa (Chinese)#

FOFA is a search engine developed by the Chinese cybersecurity company Huashun Xian'an. It is designed to map the global cyberspace and is an important source for discovering internet assets found on the public network. This makes it a valuable tool for security researchers to assess and protect their public-facing assets.

By continuously detecting global internet assets, FOFA has accumulated over 4 billion assets and 350,000 fingerprint rules. This allows for accurate identification of most software and hardware network assets.

FOFA's search capabilities cover various assets, including cameras, printers, operating systems, and databases. Users can also perform searches on IP addresses, domains, and hosts.

Link: https://en.fofa.info/

10. ZoomEye (Chinese)#

ZoomEye is a network space search engine created by the Chinese cybersecurity company Knownsec. It allows users to search for and monitor online devices and services. This free OSINT tool collects data from open devices and web services using Wmap and Xmap and performs fingerprint analysis.

By entering keywords, IP addresses, or any query, ZoomEye generates data including the total number of hosted websites and discovered devices, open port information, and vulnerability reports.

Link: https://www.zoomeye.org/

11. WiGLE#

WiGLE is a website that integrates location and other data from wireless networks worldwide. This data is collected by volunteers who download the application to their mobile phones, which records all the access points they encounter along with their GPS coordinates. All this data is then input into the WiGLE database. The data is presented to users in an easy-to-use website and application.

Link: https://www.wigle.net/

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.