Google Hacking Database (GHDB)

Search the Google Hacking Database or browse GHDB categories

Files containing juicy info

No usernames or passwords, but interesting stuff none the less.

DATE Title Summary
2004-03-30 "Network Vulnerability Assessment Report"... This search yeids vulnerability scanner reports, revealing potential vulnerabilities on hosts a...
2004-03-29 "Thank you for your order" +receipt After placing an order via the web, many sites provide a page containing the phrase "Thank...
2004-03-29 "not for distribution" confidential The terms "not for distribution" and confidential indicate a sensitive document. Resu...
2004-03-24 inurl:changepassword.asp This is a common script for changing passwords. Now, this doesn't actually reveal the password,...
2004-03-22 "Most Submitted Forms and Scripts" "... More www statistics on the web. This one is very nice.. Lots of directory info, and client acce...
2004-03-16 inurl:admin filetype:xls This search can find Excel spreadsheets in an administrative directory or of an administrative ...
2004-03-14 intitle:admin intitle:login This search can find administrative login pages. Not a vulnerability in and of itself, this que...
2004-03-14 inurl:admin intitle:login This search can find administrative login pages. Not a vulnerability in and of itself, this que...
2004-03-04 intitle:index.of ws_ftp.ini ws_ftp.ini is a configuration file for a popular FTP client that stores usernames, (weakly) enc...
2004-03-04 intitle:index.of dead.letter dead.letter contains the contents of unfinished emails created on the UNIX platform. Emails (fi...
2004-03-04 intitle:index.of "Apache" "server a... This is a very basic string found on directory listing pages which show the version of the Apac...
2004-03-04 intitle:"wbem" compaq login "Compaq... These devices are running HP Insight Management Agents for Servers which "provide device i...
2004-03-04 inurl:main.php Welcome to phpMyAdmin From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administ...
2004-03-04 inurl:main.php phpMyAdmin From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administ...
2004-03-04 "phpMyAdmin" "running on" inur... From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administ...
2004-03-04 "robots.txt" "Disallow:" filet... The robots.txt file serves as a set of instructions for web crawlers. The "disallow" ...
2004-03-04 intitle:"Usage Statistics for" "Gen... The webalizer program shows web statistics for web servers. This information includes who is vi...
2004-03-04 intitle:"statistics of" "advanced w... the awstats program shows web statistics for web servers. This information includes who is visi...
2004-03-04 ipsec.conf The ipsec.conf file could help hackers figure out what uber-secure users of freeS/WAN are prote...
2004-03-04 ipsec.secrets from the manpage for ipsec_secrets: "It is vital that these secrets be protected. The file...
2004-03-04 ipsec.secrets from the manpage for ipsec_secrets: "It is vital that these secrets be protected. The file...
2004-03-04 cgiirc.conf This is another less reliable way of finding the cgiirc.config file. CGIIRC is a web-based IRC ...
2004-03-04 cgiirc.conf CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists the options for...
2004-03-04 phpMyAdmin dumps From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administ...
2004-03-04 phpMyAdmin dumps From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administ...
2003-08-19 mystuff.xml - Trillian data files This particular file contains web links that trillian users have entered into the tool. Trillia...
2003-07-10 site:edu admin grades I never really thought about this until I started coming up with juicy examples for DEFCON 11.....
2003-06-30 haccess.ctl (VERY reliable) haccess.ctl is the frontpage(?) equivalent of the .htaccess file. Either way, this file decribe...
2003-06-30 haccess.ctl (one way) this is the frontpage(?) equivalent of htaccess, I believe. Anyhow, this file describes who can...
2003-06-30 "generated by wwwstat" More www statistics on the web. This one is very nice.. Lots of directory info, and client acce...
2003-06-30 "produced by getstats" Another web statistics package. This one originated from a google scan of an ivy league college...
2003-06-27 "This report was generated by WebLog" These are weblog-generated statistics for web sites... A roadmap of files, referrers, errors, s...
2003-06-27 robots.txt The robots.txt file contains "rules" about where web spiders are allowed (and NOT all...
2004-11-18 phpinfo() this brings up sites with phpinfo(). There is SO much cool stuff in here that you just have to ...
2003-06-24 AIM buddy lists These searches bring up common names for AOL Instant Messenger "buddylists". These li...
2003-06-24 mt-db-pass.cgi files These folks had the technical prowess to unpack the movable type files, but couldn't manage to ...
2003-06-24 sQL data dumps sQL database dumps. LOTS of data in these. So much data, infact, I'm pressed to think of what e...
2003-06-24 Financial spreadsheets: finances.xls "Hey! I have a great idea! Let's put our finances on our website in a secret directory so ...
2003-06-24 Financial spreadsheets: finance.xls "Hey! I have a great idea! Let's put our finances on our website in a secret directory so ...
2003-06-24 ICQ chat logs, please... ICQ (http://www.icq.com) allows you to store the contents of your online chats into a file. The...