Here are a list of helpful resources and APIs available for researchers
- SHODAN – Search for hosts on the Internet
- Binary Edge – Dynamically run scans on the Internet
- Censys – Search for certificates and hosts on the Internet
- Security Trails – Search historical DNS & WHOIS information
- Urlscan.io – Fingerprint an application
- Seclists – wordlists, useful for recon, endpoint, and content discovery
- Nuclei Templates – YAML’ized Templates to fingerprint and find simple vulnerabilities
- Intrigue API
- Search Organization-specific attack surface
- Search BGP data by organization
- Infer Vulnerabilities on Assets
- Meta Lists