A collection of online resources and tools to assist with domain, IP address and general DNINT investigations, as well as website enumeration, exploits, CCTV, webcams and more.
An API which allows you to search for WHOIS records by company name, owner name or keyword. Currently has over 430 million records dating as far back as 1986. Requires registration.
Search for WHOIS records and other data via domain name, email address or keyword. For enhanced results, a paid subscription is required.
Find the registrant and other domains owned by the same person with their reverse WHOIS. Find domain history, domains on same IP, network owner and more.
A great online tool for locating information about a website or IP address. Offers WHOIS lookups, DNS records, IP tools, and other website enumeration tools. Created by @netbootcamp, so be sure to follow them for updates.
Search WHOIS information in over 2,000 extensions including international ccTLDs and gTLDs.
A great WHOIS search tool that offers downloadable databases, historical WHOIS records and more.
Internet Protocol Addresses (IP)
Search an IPv4 or IPv6 address and view the most recent torrents that have been downloaded or that the user is currently seeding.
A database of abuse reports. Search an IP address and see if it has been included in any abuse reports, malicious activity reports, and spam campaigns.
A BGP toolkit and ASN routing lookup tool that allows you to debug and investigate information about IP addresses, ASN, IXs, BGP, ISPs, prefixes and domain names.
Provides detailed IP geo-location information.
An IP lookup tool featuring proxy and VPN detection. A free API is also available. Requires a paid subscription for best results.
IP Quality Score
A collection of fraud detection tools including proxy and VPN detection, bot detection, email validation, and lots of other tools. Offers many free tools. Requires a paid subscription to be able to use everything.
Simple tool that provides basic information about an IP address. Geo-location, ISP, and proxy/VPN/TOR node detection.
A great collection of various networking tools. Ping, traceroute, WHOIS, nslookup, domain dossier and so on.
Find neighboring websites, hostnames, and domains. Get an idea who runs a host, the hosting density, and neighboring hosts.
Contains information about the public IPv4 and IPv6 addresses, networks and domains owned by companies and organizations across the world along with city-level IP geolocation data and autonomous system information. Also offers a free API.
A user-maintained database of networks. Provides a wealth of interconnection data.
Gathers public information about IP numbers, domain names, host names, autonomous systems, routes, etc. It then indexes the data in a big database and provides free access to the data.
Search for information about IP addresses, domains, malicious links, phishing sites and more.
Provides information about IP addresses, also offers a great CLI tool. Requires a paid subscription.
Domain Name System (DNS) Records
Search for historical reverse DNS records. Currently has over 230 billion records retrieved from 2008 to now.
Search for DNS records via domain name.
Checks the health and configuration of DNS and mail servers.
Allows users to gather a large amount of data about a given website or IP address.
Offers loads of great tools such as DNS, MX, WHOIS and SPF lookups along with multiple reverse search tools.
The anti-phishing domain name search engine and DNS monitoring service, Search a domain name and this tool will show you related domain names that could potentially be used for phishing campaigns.
Domains App makes it easy to see domains availability across extensions and notifies you about any WHOIS or DNS changes.
Research domain information and all associated data, including records, IP addresses, page metadata, location and much more. Has over 315 million indexed domains.
The Favicon Finder
A free online service to finding icons on websites. Just enter in a target URL.
SOCRadar Deep Web Report
Search a domain and get a simple report of the companies exposure. Requires a paid subscription to view full reports.
Search well-known resources, phrases, and terms served by ad sites across the web.
Scan a domain and visualize that domains ads.
A great tool for analyzing the style characteristics of a particular website.
Simply enter a URL and this free tool will crawl the target site and provide a list of all URLs.
Web Page Monitoring
A change detection and notification service that sends you an email when your favorite web pages have changed.
A service that enables you to automatically collect new information from any web page. Select which pages to monitor, and this will find which pages have changed, and collect all the new content for you.
Enter a URL that you would like to monitor, then enter an email address and this will send you emails everytime that page changes.
Provides knowledge and information for online publishers, investors, media agencies and advertisers to make the right decisions. For example you can find, in the listed countries, how many some visitors or users a website has.
Offers archives and statistics of website defacements and other cyber vandalism.
Uniform Resource Locators [URL] Redirects and Backlinks
A free URL redirection checker that allows you to see the complete path a redirected URL goes through.
Allows you to do a full trace of URL redirects.
A tool for tracking and recording the redirection paths of a URL.
SEO Spyglass Backlink Checker
Allows you to find out how many sites are linking to a certain web page. Requires registration to view full results.
A free link research tool that enables you to check the backlinks of any website. Enter a domain name in the search box and click the 'Get backlink data' button to get an immediate link analysis.
The Wireless Geographic Logging Engine is a website for collecting crowd-sourced wardriving information about the different wireless networks and cell towers around the world. Users can register on the website and upload hotspot data like GPS coordinates, SSID, MAC address and the encryption type used on the hotspots discovered. Great way to get an address from a Wi-Fi SSID.
A free API that allows you to get latitude and longitude by Wi-Fi BSSID or MAC address.
API and database. The project seems idle since 2018 but the service is still online.
Similar to Wigle, this is a interactive, crowd-sourced map of wireless access points.
A community project to collect information on cell tower and Wi-Fi base stations and plot them on a map. The project itself was founded in 2009.
Database and map for free network Wi-Fi access points from all over the world.
Helps find all the free Wi-Fi hotspots available per destination and elsewhere in the world.
Find open free and public Wi-Fi hotspots practically anywhere in the world.
Another site that shows you publicly open Wi-Fi networks by location. They also offer a mobile app.
The UK's biggest Wi-Fi hotspot network. Over 5 million available hotspots nation wide.
User Agent Parser
Lookup a browser user-agent and view details about it such as software versions, OS types, and more.
A simple tool that displays your current user agent strings.
Internet of Things (IoT) Search
A search engine that lets the user find specific types of computers and IoT devices connected to the internet using a variety of filters.
The search engine for finding internet devices, like computers, servers, and other smart devices.
Another search engine which is used mostly to see open devices that are vulnerable and most often used by pentesters to test or exploit their vulnerabilities over the internet. Zoomeye lets user find specific connected network devices.
A search engine for the internet of things (IoT), providing a unique geographical index of connected objects around the world, including energy, radiation, weather, and air quality devices as well as seismographs, iBeacons, ships, aircraft and even animal trackers.
Collects, analyzes, and labels mass internet scan and attack activity into a feed of Anti-Threat Intelligence (ATI).
This is described as a "collection of nmaps". Catalogs things like open ports and software versions.
A cyber defense search engine for open-source and cyber threat intelligence data. Collected by crawling various sources available on the Internet and active internet scanning.
FOFA is a cyberspace search engine. It help customers find IP assets quickly. Essentially a clone of Shodan.
Search engine indexing open ports on the internet. It focuses on listing the databases and table names and keeps an history of every successful connection.
Focuses on acquiring, analyzing and classifying internet wide data by combining efforts in the areas of cybersecurity, data science and machine learning. Requires registration.
CCTV and Webcams
A searchable global network of live streaming webcam feeds.
Directory of open webcams organized by country and location.
Catalogues live webcams that have been found via search engines. Allows you to view camera feeds plotted on a map.
Live cameras directory. Claims to be the world's biggest directory of online surveillance security camera feeds. Searchable by location or camera manufacturer.
A directory of open IP cameras. Appears to be outdated, but still worth mentioning.
A directory of live camera feeds organized by location.
Surveillance Under Surveillance
Shows you cameras and guards almost everywhere. You can see where they are located and, if the information is available, what type they are, the area they observe, or other interesting facts.
Ukraine Live Cams
A large collection of live and real-time webcams in Ukraine plotted on 3D map.
An interactive map of openly accessible traffic camera feeds in the United States.
A real-time cyber attack map. By far the most 1337 looking attack map out there.
Akamai Attack Visualizations
This real-time visualization shows the phishing, malware, and command & control threats that Akamai is blocking (for customers) through its Intelligent Platform and its unprecedented insights into DNS and IP traffic.
Fortinet Threat Map
Interactive map that displays statistics of active cyber attacks in real-time.
Sophos Threat Intelligence
A static threat tracking map. All data comes from SophosLabs monitoring and malware research activities. Map is not in real-time.
NetScout Omnis Threat Map
Displays DDoS attacks observed globally in real-time as well as other statistics such as size, type, sources, destinations, time span and more.
SonicWall Worldwide Attacks
Provides a graphical view of worldwide attacks over the last 24 hours. It shows which countries are being attacked and where the attack originates. This interactive map shows not only malware attacks, but ransomware, encrypted traffic, intrusion attempts, and spam/phishing attacks. Also included are attack site statistics for the past 24 hours.
Find public AWS and Azure buckets and documents via keyword.
GreyHatWarfare Bucket Search
A great tool that lists open AWS S3 buckets and helps you search for interesting files. Requires registration for limited free use. Requires a paid subscription to access advanced features.
Exploits and PoC
An archive of exploits, vulnerabilities, shellcode, 0days, security articles, whitepapers and more. Ran by Offensive Security.
The Google Hacking Data Base is an index of search queries (we call them dorks) used to find publicly available information, intended for pentesters and security researchers.
The mission of the CVE program is to identify, define, and catalog publicly disclosed cyber-security vulnerabilities.
The U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). Enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
You can browse for vendors, products and versions and view CVE entries, vulnerabilities, related to them. You can view statistics about vendors, products and versions of products. Vulnerability data is updated daily using NVD feeds.
A vulnerability database documenting and explaining security vulnerabilities, threats, and exploits since 1970.
Crowdsourced CVE intelligence and trends.
A database and marketplace for both public and 0day exploits.
An outdated database of router exploits.
Claims to be the largest correlated database of vulnerabilities and exploits.
Advanced Persistent Threats [APTs]
MITRE ATT&CK Groups
Great collection of known APT groups that are currently in operation as well as groups that are no longer active.
SOCRadar Daily APT Feed
Collects APT IOC feeds from several public and private sources and sensors. These feeds are free and refreshed daily. Requires you to provide an email address.
Malware and Malware Analysis
The best source for malware samples available on the internet. They also have large archives of various whitepapers, zines and other interesting things.
Malware Traffic Analysis
A source if pcap files and malware samples. Since the summer of 2013, this site has published over 2,000 blog entries about malicious network traffic. Almost every post on this site includes pcap files and/or malware samples.
A live feed of malicious indicators of compromise (IOCs). Including domains, URLs, hashes, and IP addresses.
The primary goal of Malpedia is to provide a resource for rapid identification and actionable context when investigating malware.
A research project at the Bern University of Applied Sciences (BFH). Home of some great projects such as MalwareBazzar, botnet C&C trackers, SSL blacklists and more.
A project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.
FireHOL IP Lists
This site analyses all available security IP Feeds, mainly related to on-line attacks, on-line service abuse, malwares, botnets, command and control servers and other cybercrime activities.
Provides ransomware tracking in real-time, tracking ransomware groups and their victims.
A constantly updated database that tracks ransomware operators.
Another catalogue of classic Firefox add-ons created before WebExtensions apocalypse.
An index of registered domains, sorted by TLD. Allows you to download lists of registered TLDs in .csv format. Requires registration and a paid subscription. However, some TLD lists are free.
Another index of registered domains sorted by TLDs. Updated daily. Requires paid subscription and registration to access their data sets.
An Internet security portal containing original IT security news, digital warfare news, geopolitics, proprietary and general advisories, analyses, forums, and a large archive of website defacements.