<Keyword> <site name>
site:*.wikimedia.org Find php (or any datatype), txt and log files
site:*.example.org ext:php | ext:txt | ext:logOld files (which haven't been deleted but are no longer in use) may be in Google's archives. Refer to OWASP testing guide v4's "Google Hacking" for more info.
Look up the target on github, gitlab, bitbucket etc
Gitrob can be used to query Github and search sensitive files from the command line itself for specific organisations.
Trufflehog is a tool that searches for secrets, you can use that on the repos.
If you can find a company's cloud storage container (like an Amazon S3 bucket), then you might see interesting things there. They can be easy to misconfigure.
Shodan
Ichidan
data.com
Take a look at LinkedIn, and the company website's "Careers" page. You'll probably find:
technologies used by the company.
employee names
Run a whois search to get a website owner's information:
Name
Email address
Search these in password dumps, correlate with admin accounts.
Ripe.net - whois Internet.ee - whois for estonian sites
Surprisingly, you can get a bunch of information from virustotal:
Subdomains
Scanned files
Go to "Search" on virustotal and search for the domain you care about.
Last updated