CVE Certified
GHDB

Google Hacking Database

Files containing juicy info

No usernames or passwords, but interesting stuff none the less.

DATE Title Summary
2014-07-29 http://www.google.com/search?q=filetype:sql site:c... filetype:sql site:com and "insert into" admin "2014" http://facebook.c...
2014-07-04 filetype:sql site:gov and "insert into" filetype:sql site:gov and "insert into" find sql files with data on governments ...
2014-06-03 ("DMZ" | "Public IP" | "P... Files with information DMZ, public IP, private IP network segments, etc. Daniel Maldonado h...
2014-03-31 filetype:pdf "acunetix website audit" &q... Finds reports generated by Acunetix scans. - Andy G - twitter.com/vxhex ...
2014-03-27 inurl:clientaccesspolicy filetype:xml intext:allow... Locates clientaccesspolicy.xml files used by silverlight to determine the cross domain policy ...
2014-03-27 inurl:crossdomain filetype:xml intext:allow-access... Locates crossdomain.xml files used by flash/flex/silverlight to determine the cross domain pol...
2014-02-05 site:bitbucket.org inurl:.bash_history Finding Sensitive data site:bitbucket.org inurl:.bash_history By Pharos ...
2013-11-27 intext:phpMyAdmin SQL Dump filetype:sql intext:INS... intext:phpMyAdmin SQL Dump filetype:sql intext:INSERT INTO `admin` (`id`, `user`, `password`) V...
2013-11-27 inurl:mikrotik filetype:backup mikrotik url backups uploaded.. then.. credentials cracked via http://mikrotikpasswordrecove...
2013-11-25 filetype:xml inurl:sitemap Sitemaps, the opposite of Web Robots Exclusion Detail directory and page map -- -[Volun...
2013-11-25 inurl:"jmx-console/HtmlAdaptor" intitle:... JBoss http://docs.jboss.org/jbossas/docs/Server_Configuration_Guide/4/html/Connecting_to_the_J...
2013-11-25 inurl:tar filetype:gz Tar files Contain user and group information (in addition to potentially useful files) -- ...
2013-11-25 filetype:bak (inurl:php | inurl:asp | inurl:rb) This one could be used to find all sorts of backup data, but this example is limited to just c...
2013-11-25 site:github.com inurl:"id_rsa" -inurl:&q... Finds private SSH keys on GitHub. - Andy G - twitter.com/vxhex ...
2013-11-25 site:github.com inurl:"known_hosts" &quo... Finds SSH known_hosts files on GitHub. - Andy G - twitter.com/vxhex ...
2013-11-25 inurl:/wp-content/uploads/ filetype:sql Google dork for WordPress database backup file (sql): inurl:/wp-content/uploads/ filetype:sq...
2013-11-25 inurl:config "fetch = +refs/heads/*:refs/remo... Git config file Easy way to find Git Repositories -- -[Voluntas Vincit Omnia]- website...
2013-11-25 filetype:php intext:"PROJECT HONEY POT ADDRES... Project Honey Pot anti-spammer detection (http://www.projecthoneypot.org/) Can identify the ...
2013-11-25 inurl:github.com intext:sftp-conf.json +intext:/wp... Find FTP logins and full path disclosures pushed to github inurl:github.com intext:sftp-conf...
2013-09-24 inurl:*/webalizer/* intitle:"Usage Statistics... *Obrigado,* ...