/***********************************************
 * released under (E) licensing ...            *
 ***********************************************/
/* contact ahuger@securityfocus.com for full license    */
/* code copyrighted by ~el8 -- don't infringe! */

/*
 * l4m3r l1zt3r v1.0 by uncle m4v1s
 * th1z 1z a s1mple t00l th@ ~el8 haz been uzing 4 several ye4rz,
 * ever s1nce pr0ject m4yh3m wuz 1st st4rt3d.
 * 1tz a 1-use t00l, juzt run th1z on any 0ne of the k-l4m3
 * s1tez upd8d by secur1tyf0cus.com on the1r ml-p0rtal, &
 * u n0w h4ve a l1zt 0f ret4rdz 2 hack and st34l "0day" from.
 * th1zt skr1pt g0ez back s3v3ral ye4rz s0 u get the ch4nc3 2
 * ch3ck 0ut r34l b0xez th@ were uz3d be4 the gr34t p4n-l4m3r
 * 3ff0rt 2 get sc3n3 sh3llz 2 h1de the1r 1dent1t3z.
 * by t4rg3tt1ng p0stz by p0l1te sekur1ty pr0fess10nalz &
 * 0wn1ng the1r `sh1t` and r4v4g1ng th3 kn0wn_h0stz 0n the ab0ve
 * b0x3z, we n0t1c3d the subtl3 c0rrel4t10n betw33n m4n & myth,
 * 4nd st4rt3d 2 rek0gn1z3 the k0rrel4t10n betw33n REAL PEOPLE &
 * the 0nl1ne 1dent1t3z they assum3d. 4 example, 0wn 4ll russ14n
 * bugtraq p0st3rz s1nce 1997 and u w1ll n0t1c3 4t l34zt 0ne 0f
 * th3m l0gg1ng 1nt0 z0l0.fr33lsd.n3t/c4nn4b1z.dataf0rce.net (hi str!)
 * 4nyh0w, 4z rule #2 of pr0jekt m4yh3m g0ez, if u c4nt st34l w4r3z
 * 0r sn1ff, rm the fukrz!
 * h4ppy hunt1ng
 */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <string.h>
#include <ctype.h>
#include <netinet/in.h>
#include <netdb.h>

#define PREFIX  "GET http://online.securityfocus.com"
#define BASE_CMD "GET http://online.securityfocus.com/archive/1"

struct sockaddr_in sinz;

struct target{
    char *lamercode;
    char *url;
} targets[] =
{ {"ARIS USERZ","GET http://online.securityfocus.com/archive/114"},
  {"bugtraq[lol]","GET http://online.securityfocus.com/archive/1"},
  {"bugtraq-es (bugtraq in spain jajaja)",
"GET http://online.securityfocus.com/archive/80"},
  {"bugtraq-jp & shadowpenguin friendz",
"GET http://online.securityfocus.com/archive/79"},
  {"cisspstudy [inspired by dr. crispin cowin]",
"GET http://online.securityfocus.com/archive/99"},
  {"focus-ids [cant sekure a b0x so they use ids]",
"GET http://online.securityfocus.com/archive/96"},
  {"choose this if u have linux 0day",
"GET http://online.securityfocus.com/archive/91"},
  {"choose this if u have win32 0day",
"GET http://online.securityfocus.com/archive/88"},
  {"choose this if u have solaris 0day",
"GET http://online.securityfocus.com/archive/92"},
  {"scan here for bo2k",
"GET http://online.securityfocus.com/archive/100"},
  {"forensics (prolly not worth it, they r already 0wned)",
"GET http://online.securityfocus.com/archive/104"},
  {"honeynet [leave burneye encrypted kopiez"
" of nmap 4 lance sp1tzner here]",
"GET http://online.securityfocus.com/archive/119"},
  {"incidents [see how well pr0ject m4yh3m is d0ing",
"GET http://online.securityfocus.com/archive/75"},
  {"pen-test [people like s1 here hehe]",
"GET http://online.securityfocus.com/archive/101"},
  {"sec-papers [4 the literary inkl1n3d like warzael zarcae",
"GET http://online.securityfocus.com/archive/112"},
  {"security-basics PAHAHAHAHAHA n3wb13z ripe 4 the picking",
"GET http://online.securityfocus.com/archive/105"},
  {"security-certification [l4m3rz who have subskr1b3d"
" 2 security-basics longer than 2 weekz",
"GET http://online.securityfocus.com/archive/106"},
  {
"security-jobs [own theze fuckerz quick, they r desperately"
" trying 2 publish 0day]"
,"GET http://online.securityfocus.com/archive/77"},
  {"vpn [hehe launch pptphack here]",
"GET http://online.securityfocus.com/archive/50"},
  {"vuln-dev <- th3 m0ther l4m3r sh1p h4z l4nd3d",
"GET http://online.securityfocus.com/archive/82"},
  {"choose this if u have shopping kart cgi po1z0n byte warez",
"GET http://online.securityfocus.com/archive/107"}
};

void printdates(char *url)
{
    char *ptr;
    int bday,bmonth,byear,eday,emonth,eyear,num;
#define MAGIC "/archive/1/"
    ptr=strstr(url,MAGIC);
    if(ptr==NULL) return;
    num=sscanf(url, "/archive/1/%d-%d-%d/%d-%d-%d/"
,&byear,&bmonth,&bday,&eyear,&emonth,&eday);
    printf("LAMER CHRONOLOGY: ");
    if(num!=6)
        printf("ERROR IN PARSING BUT WH0 KAREZ\n");
    else
        printf ("%d/%d/%d to %d/%d/%d\n",
bmonth,bday,byear,emonth,eday,eyear);
    fflush(stdout);
}

char *makeurl(char *end)
{
    char *r;
    int size=strlen(PREFIX)+strlen(end)+4;

    r=malloc(size);
    if(r==NULL){
        fprintf(stderr,"hmm out 0f memory... might be 4 f0rq b0mb!\n");
        system("ps -u cr");
        exit(-1);
    }

    memset(r,0,size);
    strcpy(r,PREFIX);

    if(*end!='/')
        strcat(r,"/");

    strcat(r,end);
    strcat(r,"\r\n");
    return r;
}

void sendcmd(int fd,char *cmd)
{
    write(fd,cmd,strlen(cmd));
    write(fd,"\r\n\r\n",2);
}

int connecthost(void)
{
    int fd;

    fd=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
    if(fd<0){
        fprintf(stderr,"out of socketz... weird\n");
        system("ps aux|egrep tron|mixter|felix");
        exit(-1);
    }

    if(connect(fd,(struct sockaddr*)&sinz,sizeof(sinz))<0){
        fprintf(stderr,
"cant connect to online.securityfocus.com...project mayhem successfully accomplished!\n");
        exit(-1);
    }

    return fd;
}

/*f-fgetz*/
char* readline(int fd)
{
    static char buf[8192];
    char yo;
    int i = 0;

    memset(buf,0,sizeof(buf));

    for(i=0;i<sizeof(buf)-1;i++){
        if(read(fd,&yo,1)!=1)
            return NULL;
        buf[i]=yo;
        if(buf[i]=='\r'||buf[i]=='\n')
        {
            while(1){
                yo=recv(fd,&yo,1,MSG_PEEK);
                if(yo!='\r'&&yo!='\n')
                    break;
            }

            return buf;
        }
    }

    return buf;
}

/*grab d0x from postz*/
void checkpost(char *name)
{
    int fd=connecthost();
    char *l,*req,*ptr,*startemail,*startname,*startbox;

/*YO*///printf("DEBUG: CHECKING POST\n");
    req=makeurl(name);
    sendcmd(fd,req);
    free(req);
    l=readline(fd);

    while(l!=NULL){
        ptr=strstr(l,">Message-ID:<");
        if(ptr==NULL) goto checkauthor;

        ptr+=13;
        ptr=strchr(ptr,'>');
        if(ptr==NULL) goto checkauthor;

        ptr++;
        ptr=strchr(ptr,'>');
        if(ptr==NULL) goto checkauthor;

        while(*ptr&&*ptr!='@')
            ptr++;

        if(!*ptr) goto checkauthor;
        ptr++;
        startbox=ptr;

        while(*ptr&&(isalnum(*ptr)||*ptr=='.'))
            ptr++;

        if(!*ptr) goto checkauthor;
        *ptr=0;

        /*s4n1tych3ck*/
        if(strchr(startbox,'.')==NULL) goto heh;

        printf("\t\tLAMER BOX:   %s\n",startbox);
        goto heh;

checkauthor:
        ptr=strstr(l,">Author:<");
        if(ptr==NULL) goto heh;

        ptr+=10;
        ptr=strstr(ptr,"mailto:");
        if(ptr==NULL) goto heh;

        ptr+=7;
        startemail=ptr;
        ptr=strchr(ptr,'"');
        if(ptr==NULL) goto heh;

        *ptr++=0;
        ptr=strchr(ptr,'>');
        if(ptr==NULL) goto heh;


        startname=++ptr;
        ptr=strchr(ptr,'<');
        if(ptr==NULL) goto heh;

        *ptr=0;
        printf("\tLAMER:   %s",startemail);

        if(strlen(startname))
            printf(" (%s)",startname);

        printf("\n");
        fflush(stdout);
heh:
        l=readline(fd);
    }
    close(fd);
}

/*cykle thru ind3z p4g3z*/
char *letitrip(int fd)
{
    char *l=readline(fd);
    char *ptr,*start=NULL,*nexturl=NULL,*lamerpost;

    while(l!=NULL){
/*YO*///printf("line = %s\n",l);

        /*try p0stz first*/
        #define SEKRETKEY "<td><div style="
        ptr=strstr(l,SEKRETKEY);
        if(ptr==NULL) goto nexttest;

        ptr+=strlen(SEKRETKEY);
        ptr=strchr(ptr,'>');
        if(ptr==NULL) goto nexttest;

        ptr=strstr(ptr,"href");
        if(ptr==NULL) goto nexttest;

        ptr+=4;
        while (isspace(*ptr))ptr++;
        if(*ptr!='=') goto nexttest;

        ptr=strchr(ptr,'"');
        if(ptr==NULL) goto nexttest;

        ptr++;
        lamerpost=ptr;

        while (*ptr&&*ptr!='"')ptr++;
        if(*ptr!='"') goto nexttest;

        *ptr=0;

        /*2 urlz 4 top1c, dont pick wrong 0ne*/
        if(strstr(lamerpost,"threads")) goto nexttest;

        checkpost(lamerpost);
        goto heh;

nexttest:
        /*or iz it the previ0us week*/
        ptr=strstr(l,"<a href=");
        if(ptr==NULL) goto heh;

        ptr=strchr(ptr,'"');
        if(ptr==NULL) goto heh;

        ptr++;
        start=ptr;
        ptr=strchr(ptr,'"');
        if(ptr==NULL) goto heh;

        *ptr++=0;
        ptr=strchr(ptr,'>');
        if(ptr==NULL) goto heh;

        ptr++;
        if(strstr(ptr,"prev Week")==NULL) goto heh;

        /*w0rd here iz the previ0uz week*/
        if(nexturl==NULL)
            nexturl=strdup(start);

heh:
        l=readline(fd);
    }

    return nexturl;
}


int main (int argc,char **argv)
{
    struct hostent *he;
    int fd;
    char *newurl,*startpoint;

    if((argc>2)||((argc==2)&&(!strcmp(argv[1],"-h")))){
        int i;

        fprintf(stderr,
"l4m3rl1zt3r usage: %s <#>\nwhere # is a l4m3r k4t3g0ry,
defaultz 2 bugtraq\n\n",argv[0]);
        fprintf(stderr,"l4m3r k4t3g0r1ez:\n");
        fprintf(stderr,"-----------------\n");

        for(i=0;i<sizeof(targets)/sizeof(struct target);i++)
            fprintf(stderr,"%d\t%s\n",i,targets[i].lamercode);
        exit(0);
    }

    if(argc==2){
        int choice=atoi(argv[1]);
        if(choice>=(sizeof(targets)/sizeof(struct target))){
            fprintf(stderr,"s0rry kouldnt find specif1ed l4m3r...\n");
            fprintf(stderr,
"there r many more lam3rz, ~el8 iz working ar0und"
" the cl0q 2 upd8 thiz program with the necessary 2385915 entriez.\n");
            fprintf(stderr,"try a valid # tho\n");
            exit(-1);
        }

        startpoint=targets[choice].url;
    }
    else
        startpoint=BASE_CMD;

    fprintf(stderr,"l4m3rl1zt3r v1.0\n");
    fprintf(stderr,"by uncle m4v1s\n");
    fprintf(stderr,"k0pyright (K) 2002 ~el8 research labz\n");
    fprintf(stderr,"for help, try -h\n\n");

    he = gethostbyname("online.securityfocus.com");
    if(he==NULL){
        fprintf(stderr,"cant resolve online."
"securityfocus.com...project mayhem successfully accomplished!\n");
        exit(-1);
    }

    memset(&sinz,0,sizeof(sinz));
    sinz.sin_family=AF_INET;
    sinz.sin_port = htons(80);
    memcpy(&sinz.sin_addr,he->h_addr,4);

    fprintf(stderr,"acquiring t4rget l1zt...!\n");
    fprintf(stderr,"begin l4m3r l1st tr4nsm1ss10n!\n");
    printf("------------------------------\n");

    fd=connecthost();
    sendcmd(fd,startpoint);
    printf("LAMER CHRONOLOGY: CURRENT\n");
    fflush(stdout);
    newurl=letitrip(fd);
    close(fd);

    if(newurl==NULL){
        fprintf(stderr,"weird..some un3xpekt3d sh1t happened!\n");
        exit(-1);
    }

    while(newurl!=NULL)
    {
        char*req;

        fd=connecthost();
        req=makeurl(newurl);
        sendcmd(fd,req);
        printdates(newurl);
        free(newurl);
        free(req);
        newurl=letitrip(fd);
        close(fd);
    }

    printf("-------------------------------------\n");
    fprintf(stderr,"we h4v3 d3t3kt3d 4ll p0ss1bl3 l4m3rz!\n");
    fprintf(stderr,"n0thing l3ft 2 d0..m4ybe ch3ck #!el8.\n");
    fprintf(stderr,"-------------------------------------\n");
    return 0;
}


syntax highlighted by Code2HTML, v. 0.9.1