Google Hacking Database

The Google Hacking Database (GHDB) is a compendium of Google hacking search terms that have been found to reveal sensitive data exposed by vulnerable servers and web applications. The GHDB was launched in 2000 by Johnny Long to serve penetration testers. In 2010, Long turned the database over to Offensive Security and it became part of exploit-db.com. It was also expanded to include not only the Google search engine but also other search engines like Microsoft’s Bing as well as other repositories such as GitHub.

Some of the categories of search engine queries in the GHDB include:

  • Product-specific advisories
  • Error messages that contain sensitive information such as directory paths
  • Files with sensitive data, passwords, and user names
  • Sensitive online shopping data
  • Detailed information about web servers