LeakIX
https://leakix.net/
這個比較恐怖,可以查到 server 上有哪些服務有漏洞
例如那些 server 有未加密的 elasticsearch 資料庫、phpinfo() 資訊洩漏、Apache httpd Status 資訊洩漏...
shodan
https://www.shodan.io/
可以查詢網路上各主機的公開資訊
ONYPHE
https://www.onyphe.io/
搜尋 server 資訊
https://fofa.info/
簡中,需登入
跟 shodan很像
IVRE
https://ivre.rocks/
IVRE is an open-source framework for network recon. It relies on open-source well-known tools (Nmap, Masscan, ZGrab2, ZDNS and Zeek (Bro)) to gather data (network intelligence), stores it in a database (MongoDB is the recommended backend), and provides tools to analyze it.
Intelligence X
https://intelx.io/
OSINT
Certificate Search
https://crt.sh/
Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)
Netlas
https://app.netlas.io/
Database of products and technologies that form the Internet
urlscan.io
https://urlscan.io/
Website scanner for suspicious and malicious URLs
https://vulners.com/
SOCRadarLABS
https://socradar.io/
https://fullhunt.io/
漏洞資料庫
Pulsedive
https://pulsedive.com/
程式碼搜尋
searchcodehttps://searchcode.com/
grep.app
https://grep.app/
PublicWWW
https://publicwww.com/
HITCON ZeroDay
https://zeroday.hitcon.org/vulnerability
ZeroDay 是一個銜接資安專家與組織間的良性溝通橋樑的漏洞提報平台,專門協助接獲漏洞通報並提報予組織和修正漏洞等服務
CVE security vulnerability database
https://www.cvedetails.com/browse-by-date.php
"CVEdetails.com is a free CVE security vulnerability database/information source. You can view CVE vulnerability details, exploits, references, metasploit modules, full list of vulnerable products and cvss score reports and vulnerability trends over time"/> <meta name="keywords" content="sec
Free Bug Bounty Program and Coordinated Vulnerability Disclosure | Open Bug Bounty
https://www.openbugbounty.org/
這些主要是查詢個資洩漏
https://intelx.io
https://leakcheck.net
https://leak-lookup.com
https://ghostproject.fr
OWASP 推薦的源碼掃描工具
Source Code Analysis Tools
https://owasp.org/www-community/Source_Code_Analysis_Tools