#!/usr/bin/env python# joescan.py -By Ryan Kulla# Scans for user accounts who

1. #!/usr/bin/env python
2. # joescan.py -By Ryan Kulla
3. # Scans for user accounts who use their username as their password.
4.  
5. from crypt import crypt
6. from pwd import getpwall, getpwnam
7. from getpass import getuser
8.  
9. PASSWD_FILE = getpwall()
10.  
11. def get_total_entries():
12. total_entries = 0
13. for total_entries in range(len(PASSWD_FILE)):
14. if PASSWD_FILE[total_entries] == "":
15. break
16. return total_entries
17.  
18. def display_start_message(total_entries):
19. print 'Scans for "joe" accounts',
20. print '(accounts with the same username and password.)'
21. raw_input('Hit Enter to scan the [%d] accounts found on this system' % total_entries)
22.  
23. def check_if_shadowed():
24. cryptedpasswd = getpwnam(getuser())[1]
25. if cryptedpasswd in ('x', '*'):
26. raise NotImplementedError("Currently no support for shadow passwords")
27.  
28. def scan(total_entries):
29. found_joe = False
30. i = 0
31. while True:
32. user = PASSWD_FILE[i][0]
33. password = PASSWD_FILE[i][1]
34. cryptedpasswd = crypt(user, password)
35. if cryptedpasswd == password:
36. found_joe = True
37. print '\n"%s" is a joe.' % user
38. i = i + 1
39. if i >= total_entries + 1:
40. break
41.  
42. if not found_joe:
43. print "\nNo Joe accounts were found.\n"
44.  
45. if __name__=='__main__':
46. total_entries = get_total_entries()
47. display_start_message(total_entries)
48. check_if_shadowed()
49. scan(total_entries);