CVE Certified
GHDB

Google Hacking Database

Files containing juicy info

No usernames or passwords, but interesting stuff none the less.

DATE Title Summary
2013-11-25 filetype:bak (inurl:php | inurl:asp | inurl:rb) This one could be used to find all sorts of backup data, but this example is limited to just c...
2013-11-25 site:github.com inurl:"id_rsa" -inurl:&q... Finds private SSH keys on GitHub. - Andy G - twitter.com/vxhex ...
2013-11-25 site:github.com inurl:"known_hosts" &quo... Finds SSH known_hosts files on GitHub. - Andy G - twitter.com/vxhex ...
2013-11-25 inurl:/wp-content/uploads/ filetype:sql Google dork for WordPress database backup file (sql): inurl:/wp-content/uploads/ filetype:sq...
2013-11-25 inurl:config "fetch = +refs/heads/*:refs/remo... Git config file Easy way to find Git Repositories -- -[Voluntas Vincit Omnia]- website...
2013-11-25 filetype:php intext:"PROJECT HONEY POT ADDRES... Project Honey Pot anti-spammer detection (http://www.projecthoneypot.org/) Can identify the ...
2013-11-25 inurl:github.com intext:sftp-conf.json +intext:/wp... Find FTP logins and full path disclosures pushed to github inurl:github.com intext:sftp-conf...
2013-09-24 inurl:*/webalizer/* intitle:"Usage Statistics... *Obrigado,* ...
2013-09-24 intitle:index.of intext:.ssh Find peoples ssh public and private keys - tmc / #havok ...
2013-08-08 filetype:txt inurl:~~Wordpress2.txt This dork can be used to find symlinked Wordpress configuration files of other web sites ...
2013-08-08 filetype:txt inurl:wp-config.txt Easily hunt the Wordpress configuration file in of remote web sites Author : Un0wn_X ...
2013-08-08 inurl:~~joomla3.txt filetype:txt By this dork you can find juicy information joomla configuration files Author: Un0wn_X ...
2013-08-08 intitle:"WAMPSERVER Homepage" & inte... #Summary: Wampserver Homepage free access (*http://www.wampserver.com/).* #Author: g00gl3 5c0u...
2013-08-08 inurl:wp-content/uploads/dump.sql This is *Mohan Pendyala* (penetration tester) from india. Google Dork: *inurl:wp-content/u...
2013-08-08 inurl:fluidgalleries/dat/login.dat Works with every single fluidgalleries portofolio sites. Just decrypt the MD5 hash and login on...
2013-08-08 "information_schema" filetype:sql Dork: "information_schema" filetype:sql By: Cr4t3r ...
2013-08-08 inurl:"zendesk.com/attachments/token" si... zendesk is good ticketing system . It has thousands of clients. with the above dork you can s...
2013-04-23 allintext: /iissamples/default/ Searching for "allintext: /iissamples/default/" may provide interesting informatio...
2013-04-22 filetype:php -site:php.net intitle:phpinfo "p... Tries to reduce false positive results from similar dorks. Finds pages containing output from ...
2013-04-22 filetype:ini "This is the default settings fi... Finds PHP configuration files (php.ini) that have been placed in indexed folders. Php.ini defi...