July 5, 2026
Leaked files, hurt feelings
Show HN: Osint tool that finds exposed files on domains
A file-finding website drops, and the comments instantly turn into a trust meltdown
TLDR: A new tool lets people search websites for files and setup mistakes left exposed to the public. Commenters were split between curiosity and outrage, with some mocking the results, some laughing at obvious blunders, and others accusing the project of aggressively scanning sites without permission.
A new Show HN project promises to help people search websites for accidentally exposed files and sloppy setup mistakes. In plain English: it’s a tool for spotting digital embarrassments sitting out in public. But the real spectacle wasn’t the tool itself — it was the comment section, where readers bounced between fascinated, horrified, and fully ready to throw tomatoes.
One of the loudest reactions was pure skepticism. A commenter tried searching government sites and got nothing, basically side-eyeing the whole thing with a sarcastic “doubt.” Another reader said the results were both interesting and deeply underwhelming, claiming a lot of what turned up looked like tiny hobby projects or outright phishing sites. Ouch. That gave the thread a strong “is this useful research or just internet dumpster-diving?” energy.
Then came the accidental comedy: people were stunned by how many websites apparently still leak .DS_Store files — those hidden Mac folder files nobody means to upload. It became a mini punchline for just how messy the web still is. And the biggest drama bomb? One furious commenter accused the project of relentlessly poking at their servers from the moment they went live, saying they had to install blocking tools just to keep it out. That turned the vibe from curious to “wait, is this helpful scanning or annoying harassment?” Add one nostalgic commenter reminiscing about the wild old days of finding password files through search engines, and suddenly the whole thread felt like a chaotic reunion of internet detectives, grumpy admins, and security rubberneckers.
Key Points
- •The article presents a Show HN OSINT tool for finding exposed files on domains.
- •The tool searches observed domains for exposed paths and misconfigurations.
- •It supports substring search over domain names.
- •Searches are case-insensitive.
- •Queries must be at least three characters long, with examples including "staging.", ".org", and "test-".