- https://scans.io/
- https://commoncrawl.org/
- https://web.archive.org/ (For JS snippets this can be extremely handy. See killbox.sh below that was written for a HackerOne event.)
- https://www.shodan.io/
- https://opendata.rapid7.com/
- https://www.virustotal.com/en/documentation/public-api/ (You can fetch previously-scanned URLs via the API.)
- https://securitytrails.com/
- https://threatcrowd.org/
- https://dnsdumpster.com/
- https://crt.sh/
- https://github.com/EdOverflow/hacks (There are some services in here that I rely on that could come in handy.)
- https://github.com and other Git services are great for reconnaissance (See https://edoverflow.com/2017/github-for-bugbountyhunters/ and https://edoverflow.com/2017/github-recon/).
- https://pastebin.com/
- Google groups and Trello boards often expose valuable information about a target.
- https://github.com/infosec-au/assetnote-poc
- https://github.com/pentester-io/commonspeak
- https://github.com/arkadiyt/bounty-targets
- https://github.com/misterch0c/twitterBFTD
By EdOverflow