A web search engine or Internet search engine is a software system that is designed to carry out web search (Internet search), which means to search the World Wide Web in a systematic way for particular information specified in a textual web search query. The search results are generally presented in a line of results, often referred to as search engine results pages (SERPs).
1) Shodan
Launched in 2013, Shodan is a search engine used to find Internet of Things (IoT) connected devices around the world. Webcams, security systems and routers are only some of the devices which, once connected to the Web, can offer a glimpse into our lives behind locked doors should poor security turn the key.
Shodan makes it possible to detect devices that are connected to the internet at any given time, the locations of those devices and their current users. Such devices could be in almost any type of system, including business networks, surveillance cameras, industrial control systems (ICS) and smart homes. Shodan attempts to grab the system’s banner directly, gathering the data by way of the associated server’s ports. Banner grabbing is a key step for penetration testing as it helps identify vulnerable systems. Shodan also searches corresponding exploits in the search platform’s exploit section.
Shodan is a search engine for finding specific devices, and device types, that exist online. The most popular searches are for things like webcam, linksys, cisco, netgear, SCADA, etc.
It works by scanning the entire Internet and parsing the banners that are returned by various devices. Using that information, Shodan can tell you things like what web server (and version) is most popular, or how many anonymous FTP servers exist in a particular location, and what make and model the device may be.
USING FILTERS
As with any search engine, Shodan works well with basic, single-term searches, but the real power comes with customized queries.
Here are the basic search filters you can use:
- city: find devices in a particular city
- country: find devices in a particular country
- geo: you can pass it coordinates
- hostname: find values that match the hostname
- net: search based on an IP or /x CIDR
- os: search based on operating system
- port: find particular ports that are open
- before/after: find results within a timeframe
Find Apache servers in San Francisco:
apache city:"San Francisco"
Find Nginx servers in Germany:
nginx country:"DE"
Find GWS (Google Web Server) servers:
"Server: gws" hostname:"google"
Find Cisco devices on a particular subnet:
cisco net:"216.219.143.0/24"
To combine filters, simply keep adding them on. You can also do this by clicking filters in the left sidebar for a given result set. So if you want to search for Nginx servers in San Francisco, that are running on port 8080, that are also running Tomcat, you could do the following:
- Apache city:"San Francisco" port:"8080"
- product:"Apache Tomcat/Coyote JSP engine"
You can use the “Explore” button on the main Shodan site to look at common searches and results, which are illuminating. You’ll find things like:
- Webcams
- SCADA
- Traffic lights
- Routers
- Default passwords
- Etc.
Link :- Shodan
2) Censys
Censys is a public search engine that enables researchers to quickly ask questions about the hosts and networks that compose the internet.
You can search for records that meet certain criteria (e.g., IPv4 hosts in Germany manufactured by Siemens, or browser trusted certificates for github.com), generate reports on how websites are configured (e.g., what cipher suites are chosen by popular websites?), and track how networks have patched over time.
LInk :- Censys
3) GreyNoise
GreyNoise helps security teams prioritize alerts that matter by quienting ones that don't. We collect, analyze and label mass internet scan and attack activity into a feed of Anti-Threat intelligence. Founded in 2017
Link :- GreyNosie
4) ZoomEye
“Build The Best Cyberspace Search Engine” is what we do now and continue to do.
ZoomEye is an IOT OSINT search engine that lets users find connected devies. Using Xmap and Wmap to search for devices connected to the internet, and it lets the user find specific network components(ip, services, etc).
Link :- ZoomEye
5) Hunter
Hunter is a search engine that helps you find all of the email addresses that belong to a domain or organization. Enter the name of the company, and you'll get a comprehensive list of verified emails under that domain.
Link :- Hunter
6) Wigle.net
Wigle is a search engine for wireless network mapping. In fact, the first thing you see when you enter WIGLE's interface is a map that, when zoomed in, shows hotspots and nearby networks.Link :- WIGLE.net
7) PUBLICWWW
Ultimate solution for digital marketing and affiliate marketing research, publicWWW allow you to perform searches this way.
Link :- PUBLICWWW
8) HAVEIBEENPWNED
HaveIBeenPwned, or HIBP, is a free data breach service that helps users find out whether they have been affected by a data breach. Developer by Troy Hunt, one of the cybersecurity legends. Top 8 Search Engine For Hackers
Link :- HaveIBeenPwned
I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)
Disclaimer
This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing malicious or damaging attacks. Performing any hacks without written permission is illegal ..!
All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.
All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.
- Hacking Truth by Kumar Atul Jaiswal