SerpScan -Automate your Recon using search engines

Serpscan is a powerful PHP tool designed to allow you to leverage the power of dorking straight from the comfort of your command line.


As in the title, today I’m presenting a new tool, but maybe it’s an idea more than a tool for those who are looking to make an automated vulnerabilities scanner for bug hunting, and for those companies who have plans to make a paid pen-testing services.

You’re a bug bounty hunter? — I’m not sure if you’re familiar with this information or no, but the top security companies and some of the TOP 100 hackers on the HackerOne platform are using automated tools that gathering information, Dorking, checking for CVE’s and making ready to go reports for them.

There are already a lot of scanners with built-in API that can be used, but these scanners cannot provide such a service which is SerpApi.

The idea here, you’re not going to check every dork manually one by one of course, so here it comes the SerpApi and SerpScan tool…

SerpApi is a service that gives you an API for the known search engines, such as Google, Bing, etc.

And the searches in Real-time, their API is based on different IPs, CAPTCHA solving technology, and more…

So What is SerpScan? —it is a powerful PHP script designed to allow you to leverage the power of Dorking straight from the comfort of your command line, You just have to enter your target, the tool automatically will gather the information about your target from all search engine pages.


  • Scan multiple domains.
  • Subdomain Enumeration.
  • Checks the alive subdomain.
  • Finds URLs from all search engines.
  • Finds js files.
  • Search endpoints in js files.
  • Finds parameters.
  • Finds directories.
  • Export results in HTML,JSON.
  • You can customize your dorks in the config file.

Right now there are already basic Dorks in the config.php file, and you could add as much as you want.


require __DIR__ . '/vendor/autoload.php';
require __DIR__ . '/SAPI.class.php';

ini_set('max_execution_time', 0);
// Replace with your API key.
$APIKey = 'a89ab7d75ddaab3c0ece0a1253ee64751148adbe221b1b35863879d8f09edeec';

$outputPath = 'result';
$usePackage = true;

$domainsFile = 'domains.txt';

// query need to search , {{DOMAIN}} not change ever
$engine = [
	['google', 'q', [
		'subDomain' 	=> 'site:.{{DOMAIN}}', // not change key
		'SQLErrors'		=> 'site:{{DOMAIN}} intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"',
		'PubDocum'		=> 'site:{{DOMAIN}} ext:doc | ext:docx | ext:odt | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv',
		'PHP_Err_Warn'	=> 'site:{{DOMAIN}} "PHP Parse error" | "PHP Warning" | "PHP Error"',
		'PHP_INFO'		=> 'site:{{DOMAIN}} ext:php intitle:phpinfo "published by the PHP Group"',
		'DirLIstVuln'	=> 'site:{{DOMAIN}} intitle:index.of',
		'ConfigsFiles'	=> 'site:{{DOMAIN}} ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini | ext:env',
		'PastingSites'	=> ' | | | | | | | | | | | | | | | | | | | | | | | | |  | | "{{DOMAIN}}"',
		'DBFiles'		=> 'site:{{DOMAIN}} ext:sql | ext:dbf | ext:mdb',
		'SearchGit'		=> ' | "{{DOMAIN}}"',
		'SearchStack'	=> ' "{{DOMAIN}}"',
		'LogsFiles'		=> 'site:{{DOMAIN}} ext:log',
		'BackupFiles'	=> 'site:{{DOMAIN}} ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup',
		'LoginPages'	=> 'site:{{DOMAIN}} inurl:login | inurl:signin | intitle:Login | intitle:"sign in" | inurl:auth',
		'SignupPages'	=> 'site:{{DOMAIN}} inurl:signup | inurl:register | intitle:Signup',

	['baidu', 'q', [
		'subDomain' => 'site:.{{DOMAIN}}', // not change key

	['bing', 'q', [
		'subDomain' => 'site:.{{DOMAIN}}', // not change key

	['yahoo', 'p', [
		'subDomain' => 'site:.{{DOMAIN}}', // not change key

	['yandex', 'text', [
		'subDomain' => 'site:{{DOMAIN}}', // not change key

The current dorks will check for :

 Publicly exposed documents
 Directory listing vulnerabilities
 Configuration files exposed
 Database files exposed
 Log files exposed
 Backup and old files
 Login pages
 SQL errors
 PHP errors / warnings
 Search / pasting sites
 Search and
 Signup pages


First, you need to download or clone the Github repo for this tool here

  1. git clone
  2. cd SerpScan
  3. chmod +x
  4. ./

The file here will support two systems only:

Ubuntu(Tested on 18 and 20) and CentOS 7.

It could be easily installed manually, I tested it on windows as well, there’s a Docker image provided with the tool.

To use Docker all you have to do is :

docker run -it alaa0x2/serpscan:latest php 
/usr/src/SerpScan/start.php -d -t html

However don’t forget to put your API key in config.php, You can grab your API key from


the Argument of -t must be used in all cases, you could enter multiple targets in the domains.txt file.

SerpScan in windows CMD

I will leave you with the results 🙂

This tool is just an example of what you could achieve by using SerpApi to automate your bug hunting 😀

Check the GitHub repo, there’s a sample of the report that is provided.

And as I mentioned before you could grab your API Key from

it’s the cheapest website out there and the best to provide you with this service with a great team, and they will provide you with a free 5000 search credits or more (Which it’s really a lot).


Alaa Abdulridha on EmailAlaa Abdulridha on FacebookAlaa Abdulridha on GithubAlaa Abdulridha on InstagramAlaa Abdulridha on LinkedinAlaa Abdulridha on Twitter
Alaa Abdulridha
My name is Alaa Abdulridha I'm a computer engineering student and cybersecurity researcher I'm interested in web application pen-testing and game development, also I'm interested in some bug bounty programs, I like a lot of things such as reverse engineering, reading the others code to learn and then to find my own exploits and teaching it to you, Do you want to know more about me? Click Here.