Google Hacking Database (GHDB)

Search the Google Hacking Database or browse GHDB categories

Files containing juicy info

No usernames or passwords, but interesting stuff none the less.

DATE Title Summary
2004-04-20 allinurl:/examples/jsp/snp/snoop.jsp These pages reveal information about the server including path information, port information, e...
2004-04-16 inurl:"newsletter/admin/" These pages generally contain newsletter administration pages. Some of these site are password ...
2004-04-16 inurl:"newsletter/admin/" intitle:"... These pages generally contain newsletter administration pages. Some of these site are password ...
2004-04-13 "Index of" / "chat/logs" This search reveals chat logs. Depending on the contents of the logs, these files could contain...
2004-04-08 inurl:vbstats.php "page generated" This is your typical stats page listing referrers and top ips and such. This information can ce...
2004-04-05 "#mysql dump" filetype:sql This reveals mySQL database dumps. These database dumps list the structure and content of datab...
2004-04-05 intitle:index.of cleanup.log This search reveals potential location for mailbox files by keying on the Outlook Express clean...
2004-04-05 intitle:index.of inbox dbx This search reveals potential location for mailbox files. In some cases, the data in this direc...
2004-04-05 intitle:index.of inbox This search reveals potential location for mailbox files. In some cases, the data in this direc...
2004-03-30 "Host Vulnerability Summary Report" This search yeids host vulnerability scanner reports, revealing potential vulnerabilities on ho...
2004-03-30 "Network Vulnerability Assessment Report"... This search yeids vulnerability scanner reports, revealing potential vulnerabilities on hosts a...
2004-03-29 "Thank you for your order" +receipt After placing an order via the web, many sites provide a page containing the phrase "Thank...
2004-03-29 "not for distribution" confidential The terms "not for distribution" and confidential indicate a sensitive document. Resu...
2004-03-24 inurl:changepassword.asp This is a common script for changing passwords. Now, this doesn't actually reveal the password,...
2004-03-22 "Most Submitted Forms and Scripts" "... More www statistics on the web. This one is very nice.. Lots of directory info, and client acce...
2004-03-16 inurl:admin filetype:xls This search can find Excel spreadsheets in an administrative directory or of an administrative ...
2004-03-14 intitle:admin intitle:login This search can find administrative login pages. Not a vulnerability in and of itself, this que...
2004-03-14 inurl:admin intitle:login This search can find administrative login pages. Not a vulnerability in and of itself, this que...
2004-03-04 intitle:index.of ws_ftp.ini ws_ftp.ini is a configuration file for a popular FTP client that stores usernames, (weakly) enc...
2004-03-04 intitle:index.of dead.letter dead.letter contains the contents of unfinished emails created on the UNIX platform. Emails (fi...
2004-03-04 intitle:index.of "Apache" "server a... This is a very basic string found on directory listing pages which show the version of the Apac...
2004-03-04 intitle:"wbem" compaq login "Compaq... These devices are running HP Insight Management Agents for Servers which "provide device i...
2004-03-04 inurl:main.php Welcome to phpMyAdmin From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administ...
2004-03-04 inurl:main.php phpMyAdmin From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administ...
2004-03-04 "phpMyAdmin" "running on" inur... From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administ...
2004-03-04 "robots.txt" "Disallow:" filet... The robots.txt file serves as a set of instructions for web crawlers. The "disallow" ...
2004-03-04 intitle:"Usage Statistics for" "Gen... The webalizer program shows web statistics for web servers. This information includes who is vi...
2004-03-04 intitle:"statistics of" "advanced w... the awstats program shows web statistics for web servers. This information includes who is visi...
2004-03-04 ipsec.conf The ipsec.conf file could help hackers figure out what uber-secure users of freeS/WAN are prote...
2004-03-04 ipsec.secrets from the manpage for ipsec_secrets: "It is vital that these secrets be protected. The file...
2004-03-04 ipsec.secrets from the manpage for ipsec_secrets: "It is vital that these secrets be protected. The file...
2004-03-04 cgiirc.conf This is another less reliable way of finding the cgiirc.config file. CGIIRC is a web-based IRC ...
2004-03-04 cgiirc.conf CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists the options for...
2004-03-04 phpMyAdmin dumps From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administ...
2004-03-04 phpMyAdmin dumps From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administ...
2003-08-19 mystuff.xml - Trillian data files This particular file contains web links that trillian users have entered into the tool. Trillia...
2003-07-10 site:edu admin grades I never really thought about this until I started coming up with juicy examples for DEFCON 11.....
2003-06-30 haccess.ctl (VERY reliable) haccess.ctl is the frontpage(?) equivalent of the .htaccess file. Either way, this file decribe...
2003-06-30 haccess.ctl (one way) this is the frontpage(?) equivalent of htaccess, I believe. Anyhow, this file describes who can...
2003-06-30 "generated by wwwstat" More www statistics on the web. This one is very nice.. Lots of directory info, and client acce...