=> https://www.exploit-db.com/google-hacking-database

=> https://ahrefs.com/blog/google-advanced-search-operators/

=> https://searchdns.netcraft.com/

Github

Search for file names with­in repos of users:

user:megacorpone filename:users

Tools

• Gitrob — search­ing for sen­si­tive data
• Gitleak — scan­ning and more

Google

Look­ing for direc­to­ry listings:

site:URL intitle:index.of

Look­ing for con­fig­u­ra­tion files:

site:URL ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini

Look­ing for date­base files:

site:URL ext:sql | ext:dbf | ext:mdb

Look­ing for log files:

site:URL ext:log

Look­ing for back­up files:

site:URL ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup

Look­ing for login and reg­is­ter pages:

site:URL [inurl:sign_in OR inurl:login OR inurl:signin OR inurl:sign_up OR inurl:register OR inurl:signup]

Look­ing for SQL error pages:

site:URL intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"

Look­ing for some inter­esst­ing file suffixes:

site:URL ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv

Look­ing for php information:

site:URL ext:php intitle:phpinfo "published by the PHP Group"

Look­ing for title match:

intitle:"Server Name Version"

Further Sources

• Net­craft — find­ing sub­do­mains, net­blocks etc. 
  • https://searchdns.netcraft.com/ — Pas­sive sub­do­main search.