Awesome Hacker Search Engines is a community-maintained, open-source reference of 400+ specialized search engines purpose-built for security work. Whether you’re mapping an organization’s external attack surface, hunting for leaked credentials before an adversary finds them, or tracing a threat actor across the open web, this collection brings together the exact tools you need — organized by discipline so you can reach the right resource fast. No installation, no toolchain setup: every entry is a publicly accessible web resource you can use right now.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/edoardottt/awesome-hacker-search-engines/llms.txt
Use this file to discover all available pages before exploring further.
Who Is This For?
This toolkit is designed for security practitioners across every discipline:- Penetration Testers — Enumerate infrastructure, discover misconfigurations, and find exploitable vulnerabilities before an engagement even begins.
- Bug Bounty Hunters — Rapidly map a program’s attack surface, uncover exposed subdomains, search code repositories for leaked secrets, and verify disclosed findings.
- OSINT Analysts — Pivot across email addresses, phone numbers, social network profiles, images, and public records with purpose-built investigative tools.
- Red & Blue Teams — Red teams use these resources to simulate realistic threat-actor reconnaissance; blue teams use the same visibility to understand their exposure and monitor for emerging threats.
- Vulnerability Researchers — Track CVEs, PoC exploit code, advisories from every major vendor, and active exploitation in the wild — all from a single reference.
- Threat Intelligence Professionals — Hunt indicators of compromise, analyze malware samples, correlate threat actor infrastructure, and stay ahead of new campaigns.
All tools listed are publicly accessible web resources — no installation required. Always obtain proper written authorization before testing any target. Unauthorized reconnaissance may violate computer crime laws in your jurisdiction.
Browse by Category
Jump directly to the section you need:Reconnaissance
Servers, domains, DNS, certificates, URLs, and full attack-surface mapping tools — the foundation of any engagement.
Vulnerabilities & Exploits
CVE databases, exploit repositories, PoC code indexes, vendor advisories, and living-off-the-land technique libraries.
OSINT & People
Email address finders, phone lookups, social network search, reverse image search, and people-search aggregators.
Threat Intelligence
Threat actor profiling, malware sample databases, IOC feeds, credential leak monitoring, and web history archives.
Specialized Tools
Code search, Wi-Fi network databases, MAC/device lookup, dark-web hidden services, surveillance cameras, file search, crypto tracking, and vehicle records.
Category Reference
General
The README includes a General Search Engines section listing Google, Bing, Yahoo!, Yandex, DuckDuckGo, Brave, Baidu, Kagi, SearXNG, and more — broadly useful starting points that complement the specialized tools in every category below.Reconnaissance
| Category | What You’ll Find |
|---|---|
| Servers | Shodan, Censys, FOFA, ZoomEye, GreyNoise, Netlas, ODIN and more — query every internet-exposed host |
| Attack Surface | FullHunt, BinaryEdge, SecurityTrails, RedHunt Labs, Censys ASM — continuous external exposure mapping |
| Domains | WHOIS, subdomain enumeration, DNS history, BuiltWith, PhoneBook, Omnisint |
| DNS | DNSDumpster, RapidDNS, Chaos, PassiveDNS, DNSTwister, DNSlytics |
| Certificates | Crt.sh, CertSpotter, Censys Certificates, tls.bufferover.run |
| URLs | URLScan, PhoneBook, HackerTarget, CheckPhish, URLVoid |
Vulnerabilities & Exploits
| Category | What You’ll Find |
|---|---|
| Vulnerabilities | NVD, MITRE CVE, GitHub Advisory Database, VulDB, CVEDetails, OSV, Snyk, Vulners |
| Exploits | Exploit-DB, Sploitus, GTFOBins, LOLBAS, Payloads All The Things, HackerOne hacktivity |
OSINT & People
| Category | What You’ll Find |
|---|---|
| Email Addresses | Hunter.io, PhoneBook, IntelligenceX, RocketReach, EmailHippo |
| Phone Numbers | NumLookup, SpyDialer, WhitePages, Truepeoplesearch, SynapsInt |
| Social Networks | Facebook, LinkedIn, Twitter/X, Reddit, TikTok, and 15+ more |
| People | TruePeopleSearch, Pipl, BeenVerified, Intelius, Whatsmyname, TheOrg |
| Images | Google/Yandex/Bing reverse image search, FaceCheck.id, PimEyes, TinEye, FotoForensics |
Threat Intelligence
| Category | What You’ll Find |
|---|---|
| Threat Intelligence | MITRE ATT&CK, VirusTotal, PulseDive, bazaar.abuse.ch, Hybrid Analysis, Cisco Talos |
| Credentials | Have I Been Pwned, Dehashed, LeakCheck, CrackStation, WhiteIntel, Hudson Rock |
| Leaks | WikiLeaks, Snusbase, BreachDirectory, Distributed Denial of Secrets, OCCRP Aleph |
| Web History | Wayback Machine, Archive.ph, CommonCrawl, CachedPages |
Specialized
| Category | What You’ll Find |
|---|---|
| Code | GitHub/GitLab code search, grep.app, SearchCode, PublicWWW, SourceGraph |
| WiFi Networks | Wigle.net, wifimap.io, OpenWiFiMap |
| Device Information | MAC vendor lookup tools — MACVendorLookup, macaddress.io |
| Hidden Services | AHMIA, OnionLand, tor.link — Tor network search engines |
| Surveillance Cameras | Insecam.org, WorldCams, Skylinewebcams, EarthCam |
| Files | Pastebin, files.fm, filesearch.link, SearchFTPs |
| Crypto | ChainAbuse, Blockchair, BlockCypher — blockchain intelligence |
| Vehicle | FaxVin, EpicVin, AutoCheck, PlatesMania, GOV.UK DVLA lookup |
About the Project
Awesome Hacker Search Engines was created and is actively maintained by edoardottt. The project began as a personal reference and grew into one of the most comprehensive, community-driven directories of security search engines available anywhere. It is published under the MIT License, meaning it is fully open source and free to use, share, and build upon. The list is continuously updated as new tools emerge, existing services change, and the broader security tooling landscape evolves. Tools that are confirmed non-functional are moved to a dedicated “Not Working / Paused” section rather than silently removed, so researchers always have an accurate picture of what’s currently active.Contributing
The project thrives on community contributions. If you know of a security search engine that belongs here — or spot an entry that has moved, changed scope, or gone offline — please contribute via the GitHub repository:- Open an issue to report broken links, suggest new tools, or ask questions: github.com/edoardottt/awesome-hacker-search-engines/issues
- Open a pull request to add or update entries directly: github.com/edoardottt/awesome-hacker-search-engines/pulls
All contributions are reviewed before merging. New entries should be publicly accessible, genuinely useful for security research, and accompanied by a short description explaining what the tool does.