- https://web.archive.org/ (For JS snippets this can be extremely handy. See killbox.sh below that was written for a HackerOne event.)
- https://www.virustotal.com/en/documentation/public-api/ (You can fetch previously-scanned URLs via the API.)
- https://github.com/EdOverflow/hacks (There are some services in here that I rely on that could come in handy.)
- https://github.com and other Git services are great for reconnaissance (See https://edoverflow.com/2017/github-for-bugbountyhunters/ and https://edoverflow.com/2017/github-recon/).
- Google groups and Trello boards often expose valuable information about a target.