# .git folders 
inurl:\"/.git\" https://domainname.com -github

# Backup files
site:https://domainname.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup

# Exposed documents
site:https://domainname.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv

# Confidential documents
inurl:Company Name not for distribution | confidential | "employee only" | proprietary | top secret | classified | trade secret | internal | private filetype:xls OR filetype:csv OR filetype:doc OR filetype:pdf

# Config files
site:https://domainname.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:env | ext:ini

# Database files
site:https://domainname.com ext:sql | ext:dbf | ext:mdb

# Other files
site:https://domainname.com intitle:index.of | ext:log | ext:php intitle:phpinfo \"published by the PHP Group\" | inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd | shadow | passwd | boot.ini | inurl:backdoor | inurl:readme | inurl:license | inurl:install | inurl:setup | inurl:config | inurl:\"/phpinfo.php\" | inurl:\".htaccess\" | ext:swf

# SQL errors 
site:https://domainname.com intext:\"sql syntax near\" | intext:\"syntax error has occurred\" | intext:\"incorrect syntax near\" | intext:\"unexpected end of SQL command\" | intext:\"Warning: mysql_connect()\" | intext:\"Warning: mysql_query()\" | intext:\"Warning: pg_connect()\"

# PHP errors
site:https://domainname.com \"PHP Parse error\" | \"PHP Warning\" | \"PHP Error\"

# Wordpress files
site:https://domainname.com inurl:wp-content | inurl:wp-includes

# Project management sites
site:trello.com | site:*.atlassian.net "Company Name"

# Sub-subdomains enumeration
site:*.https://domainname.com

# GitLab/GitHub/Bitbucket
site:github.com | site:gitlab.com | site:bitbucket.org "Company Name"

# Cloud buckets S3/GCP
site:.s3.amazonaws.com | site:storage.googleapis.com | site:amazonaws.com "Company Name"

# Traefik
intitle:traefik inurl:8080/dashboard "Company Name"

# Jenkins
intitle:\"Dashboard [Jenkins]\" "domainname"

# Login pages
site:https://domainname.com inurl:signup | inurl:register | intitle:Signup

# Open redirects
site:https://domainname.com inurl:redir | inurl:url | inurl:redirect | inurl:return | inurl:src=http | inurl:r=http

# Code share sites
site:sharecode.io | site:controlc.com | site:codepad.co |site:ideone.com | site:codebeautify.org | site:jsdelivr.com | site:codeshare.io | site:codepen.io | site:repl.it | site:jsfiddle.net "domainname"

# Other 3rd parties sites
site:gitter.im | site:papaly.com | site:productforums.google.com | site:coggle.it | site:replt.it | site:ycombinator.com | site:libraries.io | site:npm.runkit.com | site:npmjs.com | site:scribd.com "domainname"

# Stackoverflow
site:stackoverflow.com "https://domainname.com"

# Pastebin-like sites
site:justpaste.it | site:heypasteit.com | site:pastebin.com "domainname"

# Apache Struts RCE
site:https://instacart.com ext:action | ext:struts | ext:do

# Linkedin employees
site:linkedin.com employees https://domainname.com