Google Hacking Database (GHDB)

GHDB indexes thousands of advanced searches that target information people have inadvertently left online, such as

Excel spreadsheets that include Social Security numbers
Text files with passwords
Sequel database backups that include passwords
technical drawings on network topology
etc.

Google Hacking

A method where creative search queries are used to uncover easily accessible public information

Useful Google Searches

“site:”

“site:” - limits a search to a given domain
- ex - site:engineering.nyu.edu

“link:”

“link:” - shows all sites linked to a specified domain
- Useful in identifying the target's business and/or personal relationships.
- ex - link:engineering.nyu.edu

“intitle:”

“intitle:” - shows pages whose title matches the search criteria
- Useful in identifying open VPN ports, command consoles, web management and consoles for different applications.
- ex - intitle:tandon

“inurl:”

“inurl:” - shows pages whose URL matches the search string
- If we know the format of the URL for a particular management application or software, we could potentially determine if the target is using it with this search function.
- ex - inurl:nyu

“related:” - shows similar pages
- This could help to provide an indication as to the kind of business or any sort of commerce that's going on between the target and another entity.
- ex - related:engineering.nyu.edu