Google Hacking Database (GHDB) -

Last update 23.05.2020 19:01:32






Examples of queries that can help an attacker gain a foothold into a web server

Files Containing Usernames


These files contain usernames, but no passwords... Still, Google finding usernames on a web site.

Vulnerable Servers


These searches reveal servers with specific vulnerabilities. These are found in a different way than the searches found in the "Vulnerable Files" section.

Web Server Detection


These links demonstrate Googles awesome ability to profile web servers.

Sensitive Directories


Googles collection of web sites sharing sensitive directories. The files contained in here will vary from sensitive to über-secret!

Vulnerable Files


HUNDREDS of vulnerable files that Google can find on websites.

Files Containing Passwords



Sensitive Online Shopping Info


Examples of queries that can reveal online shopping infomation like customer data, suppliers, orders, credit card numbers, credit card info, etc

Error Messages


Really verbose error messages that say WAY too much!

Various Online Devices


This category contains things like printers, video cameras, and all sorts of cool things found on the web with Google.

Files Containing Juicy Info


No usernames or passwords, but interesting stuff none the less.

Advisories and Vulnerabilities


These searches locate vulnerable servers. These searches are often generated from various security advisory posts, and in many cases are product or version-specific.

Network or Vulnerability Data


These pages contain such things as firewall logs, honeypot logs, network information, IDS logs... All sorts of fun stuff!

Pages Containing Login Portals


These are login pages for various services. Consider them the front door of a websites more sensitive functions.