Credential security sits at the heart of nearly every modern breach. When usernames and passwords are stolen in one incident, attackers systematically reuse them across other services — a technique known as credential stuffing — because most users reuse passwords across multiple accounts. For defenders, the ability to proactively check whether employee or customer credentials have appeared in known breaches is a critical early-warning capability. Security teams use breach checkers and hash lookup tools to identify exposed accounts before attackers can exploit them, to investigate infostealer infections that exfiltrate credentials silently, and to educate users about password hygiene. These tools range from privacy-conscious public services like Have I Been Pwned to deep-dive commercial platforms offering plaintext password recovery, infostealer log intelligence, and automated credential monitoring at enterprise scale.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/edoardottt/awesome-hacker-search-engines/llms.txt
Use this file to discover all available pages before exploring further.
Breach Checkers & Leak Monitors
Have I Been Pwned
Check if your email or phone is in a data breach — the most trusted and widely used breach notification service, covering billions of compromised accounts.
Dehashed
Free deep-web scans and protection against credential leaks — search across breached databases by email, username, IP, name, phone, or VIN.
LeakCheck.io
Make sure your credentials haven’t been compromised — provides breach data lookup with source attribution across thousands of known breach incidents.
WhiteIntel
Check if a company or its customers was a victim of information stealer malware — queries real infostealer logs for compromised credentials and sessions.
Hudson Rock
Use Hudson Rock’s free cybercrime intelligence tools to learn how compromised credentials from infostealer infections are impacting your business.
hackedlist.io
Enter your domain to find credentials compromised by info-stealer malware — surfaces employee credentials harvested by Raccoon, Redline, and similar stealers.
HaveIBeenSold
Lets you find out whether or not your email has been sold to third parties — tracks data broker and marketing list exposure beyond traditional breach databases.
ScatteredSecrets
Search data breaches to see if your password has been compromised — provides breach notification and password exposure checking with source details.
InfoStealers.info
OSINT made simple — instant insights from Infostealer data, helping researchers and defenders understand the scope of stealer-based credential theft.
NiamonX PwnedLookup
AI-powered platform for credential leak monitoring, infostealer intelligence and breach investigations — proactive credential exposure awareness at scale.
Leak.sx
Search across leaked account data — a lookup resource used by security researchers to verify credential exposure across aggregated breach datasets.
Hash Decryption & Password Tools
crackstation.net
Massive pre-computed lookup tables to crack password hashes — supports MD5, SHA1, SHA256, and other common hash algorithms with a 15 billion entry database.
HashKiller
Pre-cracked hashes, easily searchable — a large database of already-cracked MD5 and SHA1 hashes built from publicly available wordlists and rainbow tables.
Hashes.com
Decrypt and crack your MD5, SHA1, SHA256, MySQL, MD5 Email, SHA256 Email, and NTLM hashes for free online using a community hash cracking platform.
Hashmob
The Largest Password Recovery Community — collaborate with other researchers to crack hashes and contribute plaintext passwords to the shared knowledge base.
ntlm.pw
Instantly look up NTLM hashes and resolve them to plaintext passwords using a database with 8 billion+ entries — ideal for Active Directory incident response.
BugMeNot
Find and share logins for websites that require registration — a community repository of shared login credentials for bypassing mandatory account creation.
LeakedPassword
Search across multiple data breaches to see if your password has been compromised — helps users understand the real-world exposure of their passwords.