Open in app

Sign in

Write

Sign in

Hello HUNTER!

Yet Another Search Engine For Security Researchers

HunterBot
3 min readNov 19, 2022

Introduction

Traditional internet search engines like Google, Bing, and DuckDuckGo are easy to use and the results are often accurate and precise. But what if you are a security researcher who needs access to information not usually found on these popular search engines?

HUNTER is yet another web-based search engine for security researchers capable of performing fingerprint retrieval of internet-connected devices and services. It can help in finding different things like computers running a certain piece of software (such as Nginx). Which version of Tomcat is the most popular? How many anonymous FTP servers there are? How many hosts a new vulnerability affects?

HUNTER Filters

Filters are special keywords that HUNTER uses to let you narrow search results based on the meta-data of a service or device. You can view all available filters in Query Guide.

Using HUNTER Dorks

With the numerous data points and filters available in HUNTER, knowing a few tricks or “dorks” can help filter and find relevant results for your IP intelligence research.

Become a HUNTER

To begin using HUNTER dorks, you’ll first need to log in (or create an account and log in) with your Google account by clicking on the “Sign In” button on the right-hand side.

Products and Services

A fingerprint in cybersecurity is a set of data that can be used to detect products, protocols, and devices. HUNTER’s fingerprints tag more than five hundred network protocols and over two thousand products.

To find most popular database servers, the following search query can be used:

  1. MySQL protocol=”mysql”
  2. Redis protocol=”redis”
  3. MongoDB protocol=”mongodb”
  4. Microsoft SQL Server protocol=”mssql”
  5. PostgreSQL protocol=”postgresql”

To lookup the most popular web-based database applications instances:

  1. Elasticsearch product.name=”Elasticsearch Information Page”
  2. phpMyAdmin product.name=”phpMyAdmin”
  3. Adminer product.name=”Adminer”
  4. Couchbase Console product.name=”Couchbase Server”

Filtering by Country, City

The Country or City filter can be applied to specify the geographic location of internet hosts.

Filter by country ip.country=”UA”

Filter by city ip.city=”Kiev”

Domains and Hostnames

Subdomain enumeration and hostname collection with domain filter can help enlarge your attack surface as you get more assets to find vulnerabilities. More than that, with its help, you can hunt for open cloud storage buckets.

To look up AWS S3 Buckets and Azure Blobs:

domain.suffix=”s3.amazonaws.com"||domain="store.core.windows.net"

SSL certificates

SSL certificates filter is helpful to find real IP (Origin) address of website and self-signed SSL certificates.

cert.subject=”example.com”||cert.issuer=”example.com”

To be continued…

HUNTER is developed by a small community of dedicated security engineers. Further development of new features like API is on-going. Following HUNTER on Twitter and subscribing Hunter4Good Telegram Channel to get more useful dorks and news about HUNTER.

Cybersecurity
Infosec
IoT
Technology
Attack Surface Management

--

--

HunterBot

Written by HunterBot

15 Followers

https://hunter.how/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams