What might a PenTester find using strategic search engine enumeration?

Strategic search engine enumeration focuses on crafting queries to uncover information that’s unintentionally exposed on the public web, especially documents or data that should be private. The strongest outcome you’d expect from this approach is discovering a Word document that contains passwords or a password list. People sometimes upload or leave documents with credentials exposed, and search engines can surface those if you use queries that look for document types and keywords like password or credentials (for example, filetype:docx intext:password). This highlights a common risk: sensitive data sitting in an accessible file that anyone with the right query can find. The other options are less aligned with this technique. A network diagram in a PDF could be exposed, but it doesn’t inherently reveal credentials. A malware sample hash is unlikely to be a primary find from public search queries in the way exposed credentials are. An email address list scraped from social media is plausible OSINT, but it’s more about social sources than the classic public document leakage that search engine enumeration targets.