資安相關的搜尋網站/工具

2022110909:19

LeakIX
https://leakix.net/
這個比較恐怖,可以查到 server 上有哪些服務有漏洞
例如那些 server 有未加密的 elasticsearch 資料庫、phpinfo() 資訊洩漏、Apache httpd Status 資訊洩漏...


shodan
https://www.shodan.io/
可以查詢網路上各主機的公開資訊


ONYPHE
https://www.onyphe.io/
搜尋 server 資訊


https://fofa.info/
簡中,需登入
跟 shodan很像


IVRE
https://ivre.rocks/
IVRE is an open-source framework for network recon. It relies on open-source well-known tools (Nmap, Masscan, ZGrab2, ZDNS and Zeek (Bro)) to gather data (network intelligence), stores it in a database (MongoDB is the recommended backend), and provides tools to analyze it.


Intelligence X
https://intelx.io/
OSINT


Certificate Search
https://crt.sh/
Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)


Netlas
https://app.netlas.io/
Database of products and technologies that form the Internet


urlscan.io
https://urlscan.io/
Website scanner for suspicious and malicious URLs



https://vulners.com/

SOCRadarLABS
https://socradar.io/


https://fullhunt.io/
漏洞資料庫


Pulsedive
https://pulsedive.com/



 

程式碼搜尋

searchcode
https://searchcode.com/

grep.app
https://grep.app/


PublicWWW
https://publicwww.com/




HITCON ZeroDay
https://zeroday.hitcon.org/vulnerability
ZeroDay 是一個銜接資安專家與組織間的良性溝通橋樑的漏洞提報平台,專門協助接獲漏洞通報並提報予組織和修正漏洞等服務


CVE security vulnerability database
https://www.cvedetails.com/browse-by-date.php
"CVEdetails.com is a free CVE security vulnerability database/information source. You can view CVE vulnerability details, exploits, references, metasploit modules, full list of vulnerable products and cvss score reports and vulnerability trends over time"/> <meta name="keywords" content="sec


Free Bug Bounty Program and Coordinated Vulnerability Disclosure | Open Bug Bounty
https://www.openbugbounty.org/





這些主要是查詢個資洩漏
https://intelx.io
https://leakcheck.net
https://leak-lookup.com
https://ghostproject.fr





OWASP 推薦的源碼掃描工具
Source Code Analysis Tools
https://owasp.org/www-community/Source_Code_Analysis_Tools