Search the Google Hacking Database or browse GHDB categories
Google Hacking Database (GHDB)
|2018-11-16||intitle:"index of /" authorized_keys||Sensitive Directories|
|2018-11-15||index of kcfinder/||Sensitive Directories|
|2018-11-15||index of /ckeditor||Sensitive Directories|
|2018-11-14||filetype:rdp default.rdp||Files Containing Juicy Info|
|2018-11-14||filetype:txt "License Key"||Files Containing Juicy Info|
|2018-11-14||intitle:"index of /" intext:/descargas/||Sensitive Directories|
|2018-11-14||intitle:"index of /" intext:/Download/||Sensitive Directories|
|2018-11-14||intext:"Powered by Abyss Web Server"||Web Server Detection|
|2018-11-14||intitle:"index of" pagefile.sys||Files Containing Juicy Info|
These searches reveal servers with specific vulnerabilities. These are found in a different way than the searches found in the "Vulnerable Files" section.
These pages contain such things as firewall logs, honeypot logs, network information, IDS logs... All sorts of fun stuff!
These files contain usernames, but no passwords... Still, Google finding usernames on a web site.
Examples of queries that can reveal online shopping infomation like customer data, suppliers, orders, credit card numbers, credit card info, etc
These are login pages for various services. Consider them the front door of a websites more sensitive functions.
These searches locate vulnerable servers. These searches are often generated from various security advisory posts, and in many cases are product or version-specific.