Search Engines

Search engines that assist me in offensive security and beyond.

CYBERSECURITYTOOLSSEARCH

Rick

3/11/20263 min read

blue and white smoke illustration
blue and white smoke illustration

Let's start with the basics. Searching online for the information you seek can be chaotic at first, but it will be clear after reading this post. Of course there are more search engines and tools than the ones I'm going to mention below, so bear with me and have your own research too. These are my suggestions and the tools I use so far.

CVE.org

Lets start with a database. CVE.org will be one of your best friends in offensive cybersecurity that will give you the information you need to exploit the target system. The full name is Common Vulnerabilities and Exposures for some reason! You will find CVEs that users across the world submit, that will expose vulnerabilities on systems. You can use them inside linux environments in combination with metasploit, or manually as reference, in order to find the weaknesses of a system and eventually exploit it.
In defensive cybersecurity on the other hand, you should check for CVEs of the systems you manage or monitor to know their weak points. Knowing your vulnerable spots will help you understand how you can strengthen them and prevent attackers from taking over control.
In the same principles, with a different interfaces you will find nvd.nist.gov, which is an official website of the US government.

exploit-db.com

Here, the name is pretty much self explanatory, it's a database for exploits. Inside the website you will find lists of codes for exploitation from various authors. Many of these exploits are tested and marked as verified. The structure is interesting, since you get intel from google hacking database, you can read the exploits' papers, shellcodes, and submit your own of course. Additionally, you can find a Linux tool manual, called searchsploit, which will assist you finding exploits inside your VM.

Have I Been Pwned

One of my favourite online tools is the HIBP search engine. It's simple enough, yet powerful and can humble even the most private individuals. By adding your email in the search bar and hit search button, the site checks all the compromised email databases out there for your email. To put it simple, if your email has been breached or appeared to a privacy breach of any company or organizations out there, you will see it on the screen.
I have 3 commercial emails that I use on games, shopping and services and 2 of them have been breached, resulting from compromised systems such as Yahoo, Twitter, Heroes of Newearth and more. Therefore, I change passwords to them every month the last 2 years, better safe than sorry.

Shodan

If you want to search for devices connected to the internet, using types and versions of servers as a filter, routers, webcams, networking equipment, industrial control systems and IoT devices, then Shodan is your playground. Imagine that you are a not-so-ethical hacker. You can cause damage with your skills because you can exploit everything that comes across your path so far. It's a useful search engine that will find you more targets, without really being able to know who owns the target machine at first glance, but still your research skills should cover that information.

Censys

Similar to the tool above, Censys, focuses on internet-connected hosts, websites, certificates and other internet assets. Both tools are valuable in their way. Use cases of this one include enumerating domains in use, auditing open ports and services, along with discovering rogue assets within a network.

VirusTotal

An interesting tool that will help you discover viruses multiple profiles. VirusTotal provides a virus-scanning service for user to upload files or file hash, to provide URLs, IPs, domain names in order to scan them against numerous antivirus engines and website scanners as a single operation. Your new online antivirus friend, or is it?
Using domain names, IPs and URLs, you can also do a whois lookup, without actually using who.is. Don't get me wrong, it's a useful tool too, but if you want more information, for example if the IP is flagged as malicious or the domain name is associated with sketchy actions, or just want to check for viruses, then VirusTotal is your go-to tool.

who.is

Last search engine of this list, is who.is. You can search based on WHOIS or RDAP protocols, DNS records, and get nameserver information for any domain name. For Comprehensive domain and IPs' information, such as registration data, contact details, nameservers, DNS records, and more for any domain name, you will find this tool really fruitful.

*Note: These tools can be used both in offensive and defensive security means, each giving valuable information for the cause of your task.
**Note: Clicking on the tools' names you will get you redirected there

There are definitely many search engines out there, depending on the case you're in. One can use Google, social media of any kind to build a profile for anyone/anything wants to search for, in an extensive way. These are just some of the search tools I have used, and I recommend them for what they do, mostly collecting data of a kind that is needed depending on the scenario.

-Rick

Contact

Reach out anytime by the contact form

© 2026. All rights reserved.