CVE Certified
GHDB

Google Hacking Database

Files containing juicy info

No usernames or passwords, but interesting stuff none the less.

DATE Title Summary
2014-11-18 ext:txt inurl:gov intext:"Content-Type: text/... ext:txt inurl:gov intext:"Content-Type: text/plain; charset=utf-8" AND intext:"R...
2014-11-17 ext:msg OR ext:eml site:gov OR site:edu Mails leak by Rootkit. ...
2014-10-21 filetype:log intext:org.apache.hadoop.hdfs Dork : filetype:log intext:org.apache.hadoop.hdfs List of Log files which contain details ab...
2014-10-09 intext:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 AN... Looks for text files with SHA1 of "password". These could be tips (not very useful),...
2014-10-09 (intext:mail AND intext:samAccountName) AND (filet... Search for samAccountName (an ActiveDirectory attribute). 50/50 success, some usernames disclo...
2014-09-15 "google confidential" filetype:pdf "google confidential" filetype:pdf Google leaking their own files ...
2014-07-29 http://www.google.com/search?q=filetype:sql site:c... filetype:sql site:com and "insert into" admin "2014" http://facebook.c...
2014-07-04 filetype:sql site:gov and "insert into" filetype:sql site:gov and "insert into" find sql files with data on governments ...
2014-06-03 ("DMZ" | "Public IP" | "P... Files with information DMZ, public IP, private IP network segments, etc. Daniel Maldonado h...
2014-03-31 filetype:pdf "acunetix website audit" &q... Finds reports generated by Acunetix scans. - Andy G - twitter.com/vxhex ...
2014-03-27 inurl:clientaccesspolicy filetype:xml intext:allow... Locates clientaccesspolicy.xml files used by silverlight to determine the cross domain policy ...
2014-03-27 inurl:crossdomain filetype:xml intext:allow-access... Locates crossdomain.xml files used by flash/flex/silverlight to determine the cross domain pol...
2014-02-05 site:bitbucket.org inurl:.bash_history Finding Sensitive data site:bitbucket.org inurl:.bash_history By Pharos ...
2013-11-27 intext:phpMyAdmin SQL Dump filetype:sql intext:INS... intext:phpMyAdmin SQL Dump filetype:sql intext:INSERT INTO `admin` (`id`, `user`, `password`) V...
2013-11-27 inurl:mikrotik filetype:backup mikrotik url backups uploaded.. then.. credentials cracked via http://mikrotikpasswordrecove...
2013-11-25 filetype:xml inurl:sitemap Sitemaps, the opposite of Web Robots Exclusion Detail directory and page map -- -[Volun...
2013-11-25 inurl:"jmx-console/HtmlAdaptor" intitle:... JBoss http://docs.jboss.org/jbossas/docs/Server_Configuration_Guide/4/html/Connecting_to_the_J...
2013-11-25 inurl:tar filetype:gz Tar files Contain user and group information (in addition to potentially useful files) -- ...
2013-11-25 filetype:bak (inurl:php | inurl:asp | inurl:rb) This one could be used to find all sorts of backup data, but this example is limited to just c...
2013-11-25 site:github.com inurl:"id_rsa" -inurl:&q... Finds private SSH keys on GitHub. - Andy G - twitter.com/vxhex ...