Skip to content

Latest commit

 

History

History
189 lines (140 loc) · 6.83 KB

README.md

File metadata and controls

189 lines (140 loc) · 6.83 KB

SerpScan

SerpScan

GitHub last commit GitHub issues

Serpscan is a powerful PHP tool designed to allow you to leverage the power of dorking straight from the comfort of your command line.

Table of Contents

About Serpscan

Serpscan is a powerful PHP script designed to allow you to leverage the power of dorking straight from the comfort of your command line.

Serpscan offers powerfull use of (Google,Bing,Yahoo,Yandex,Badiu) search directives, by analyzing results from searches using multiple external tools.

You can run the tool in your PC or [VPS].

Features

  • Scan multiple domains
  • Subdomain Enumeration
  • Checks alive subdomain
  • Finds URLs from all search engines
  • Finds js files
  • Search endpoints in js files
  • Finds parameters
  • Finds directories
  • Export results in html,json
  • You can customize you dorks in config file

Prerequisites

Name Repository
subfinder https://github.com/projectdiscovery/subfinder
httpx https://github.com/projectdiscovery/httpx
hakrawler https://github.com/hakluke/hakrawler

Docker

Copy the commaand and use it for docker.

docker run -it alaa0x2/serpscan:latest php /usr/src/SerpScan/start.php -d domain.com -t html

Installation

  1. git clone https://github.com/Alaa-abdulridha/SerpScan.git
  2. cd SerpScan
  3. chmod 777 install.sh
  4. ./install.sh
  • You should add your SerpApi Key to the conf.php file
  • You can grab your key from serpapi
  • Also you can add your dorks to the config file without any problems
<?php

require __DIR__ . '/vendor/autoload.php';
require __DIR__ . '/SAPI.class.php';

ini_set('max_execution_time', 0);
set_time_limit(0);
date_default_timezone_set('Asia/Riyadh');

// Replace with your API key.
$APIKey = 'API_KEY'

$outputPath = 'result';
$usePackage = true;

$domainsFile = 'domains.txt';

// query need to search , {{DOMAIN}} not change ever
$engine = [
	['google', 'q', [
		'subDomain' 	=> 'site:.{{DOMAIN}}', // not change key
		'SQLErrors'		=> 'site:{{DOMAIN}} intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"',
		'PubDocum'		=> 'site:{{DOMAIN}} ext:doc | ext:docx | ext:odt | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv',
		'PHP_Err_Warn'	=> 'site:{{DOMAIN}} "PHP Parse error" | "PHP Warning" | "PHP Error"',
		'PHP_INFO'		=> 'site:{{DOMAIN}} ext:php intitle:phpinfo "published by the PHP Group"',
		'DirLIstVuln'	=> 'site:{{DOMAIN}} intitle:index.of',
		'ConfigsFiles'	=> 'site:{{DOMAIN}} ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini | ext:env',
		'PastingSites'	=> 'site:pastebin.com | site:paste2.org | site:pastehtml.com | site:slexy.org | site:snipplr.com | site:snipt.net | site:textsnip.com | site:bitpaste.app | site:justpaste.it | site:heypasteit.com | site:hastebin.com | site:dpaste.org | site:dpaste.com | site:codepad.org | site:jsitor.com | site:codepen.io | site:jsfiddle.net | site:dotnetfiddle.net | site:phpfiddle.org | site:ide.geeksforgeeks.org | site:repl.it | site:ideone.com | site:paste.debian.net | site:paste.org | site:paste.org.ru | site:codebeautify.org  | site:codeshare.io | site:trello.com "{{DOMAIN}}"',
		'DBFiles'		=> 'site:{{DOMAIN}} ext:sql | ext:dbf | ext:mdb',
		'SearchGit'		=> 'site:github.com | site:gitlab.com "{{DOMAIN}}"',
		'SearchStack'	=> 'site:stackoverflow.com "{{DOMAIN}}"',
		'LogsFiles'		=> 'site:{{DOMAIN}} ext:log',
		'BackupFiles'	=> 'site:{{DOMAIN}} ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup',
		'LoginPages'	=> 'site:{{DOMAIN}} inurl:login | inurl:signin | intitle:Login | intitle:"sign in" | inurl:auth',
		'SignupPages'	=> 'site:{{DOMAIN}} inurl:signup | inurl:register | intitle:Signup',
	]],

	['baidu', 'q', [
		'subDomain' => 'site:.{{DOMAIN}}', // not change key
	]],

	['bing', 'q', [
		'subDomain' => 'site:.{{DOMAIN}}', // not change key
	]],

	['yahoo', 'p', [
		'subDomain' => 'site:.{{DOMAIN}}', // not change key
	]],

	['yandex', 'text', [
		'subDomain' => 'site:{{DOMAIN}}', // not change key
	]]
];

Usage

php serpscan.php -d target .com -t html

Flag Description Example
-d Domain to scan subdomains for php start.php -d target.com -t html
-t The template of result (html,json) php start.php -d target.com -t html
-w File containing list of domains to enumerate php start.php -w domains.txt -t html

Environment tested

CentOS & Ubuntu By using the Install.sh

Windows 10, by manually installation.

Results


SerpScan

Credits

SerpScan has been possible thank you to the following projects.

Disclaimer

  • SerpScan was written for education purposes only.

Todo

Feel free to contribute:

  • Improve the tree view within the results report.
  • Improving the report by marking the dead subdomains from the alive ones.
  • Making the install.sh file to support the other linux distributions.
  • Creating install.bat to make an easy installation for windows.