Google Hacking Database (GHDB)

• Google Dorks List and Updated Database in 2023 (Box Piper)

Google search operators

• https://www.exploit-db.com/google-hacking-database/
• http://www.googleguide.com/advanced_operators_reference.html

Google Search for Reconnaissance

Information obtained	Google Search
Sub-domains (see sublistr3)	site:”domain.com” -site:”www.domain.com”
Confidential documents	site:”domain.com” (“do not distribute” | “internal use only” | “confidential”) (ext:pdf | ext:doc | ext:docx | ext:rtf | ext:ppt | ext:pptx | ext:odt | ext:sxw | ext:psw | ext:pps | ext:csv)
All publicly exposed documents	site:”domain.com” ext:doc | ext:docx | ext:odt | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv
Powerpoint files from a site	site:”domain.com” filetype:ppt
Email addresses from a domain	“@domain.com”
Passwords in Pastebin	site:”pastebin.com” “domain.com”
Search GitHub & GitLab	site:github.com | site:gitlab.com “domain.com”
Search StackOverflow	site:stackoverflow.com “domain.com”
Info that google stores about the page itself	info:”domain.com”
No HTML Files	site:domain.com -filetype:html
Technologies	inurl:domain.com “powered by”

Programming languages

Java Server Pages	ext:jsp
Coldfusion	ext:cfm
Perl	ext:pl
PHP	ext:php

Files & Configurations

Login pages	site:”domain.com” (inurl:login | intitle:login | inurl:admin | intitle:admin)
Directory listing misconfiguration	site:”domain.com” intitle:index.of site:”domain.com” intitle:”index of” “parent directory”
Configuration files	site:”domain.com” ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini | ext:env
Log files	site:”domain.com” ext:log
Backups & old files	site:”domain.com” ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup
PHP files	site:domain.com filetype:php
PHP errors/warnings	site:”domain.com” “PHP Parse error” | “PHP Warning” | “PHP Error”
phpinfo()	site:”domain.com” ext:php intitle:phpinfo “published by the PHP Group”

Databases

Database files	site:”domain.com” ext:sql | ext:dbf | ext:mdb
SQL errors (MySQL)	site:”domain.com” intext:”sql syntax near” | intext:”syntax error has occurred” | intext:”incorrect syntax near” | intext:”unexpected end of SQL command” | intext:”Warning: mysql_connect()” | intext:”Warning: mysql_query()”
SQL errors (PostgreSQL)	site:”domain.com” intext:”Warning: pg_connect()” | intext:”PostgreSQL query failed”
SQL errors (Oracle)	site:”domain.com” intext:”ORA-00933″ | intext:”ORA-00936″ | intext:”ORA-12541″

Exploits

firefox --search "Wordpress site:exploit-db.com"

Other searches

# Look for salary files
"payroll salary" filetype:xls

# searched through google cache
cache: URL [string]

# display info that google stores about the page itself
info:domain.com

In Google Search - View cached version of page
cache:domain.com

#-------------------------------------------------------------------------------
# Examples (vulnerable sites)
#-------------------------------------------------------------------------------

# Exposed Frontpage credentials
"# -FrontPage-" filetype:pwd inurl:(service | authors | administrators | users)

intitle:"VNC viewer for Java"

Devices

# Mobotix cameras connected on the internet, User name: admin, Default Password: meinsm
inurl:"/Control/UserImage.html"

# AXIS Cameras
inurl:/view/index.shtml

# Cameras
intitle:"netbotz appliance" "OK" -filetype:pdf

# Router
intitle:"SpeedStream Router Management Interface"

# Web accessible, open cisco routers
inurl:"level/15/exec/-/show"