phishing kit finding script

1. from urllib.request import urlopen
2.  
3. from urllib.request import urlretrieve
4.  
5. import re
6.  
7. import sys
8.  
9. import os
10.  
11. filepath = 'urls.txt'
12.  
13. with open(filepath) as fp:
14.  
15. theurl = fp.readline()
16.  
17. while theurl:
18.  
19. if(not theurl.startswith('http')):
20.  
21. if(":443" in theurl):
22.  
23. theurl = 'https://' + theurl.strip()
24.  
25. else:
26.  
27. theurl = 'http://' + theurl.strip()
28.  
29. theurl = theurl.strip()
30.  
31. if(theurl.endswith("/") or theurl.endswith("\\")):
32.  
33. theurl = theurl[:-1]
34.  
35. stopnow = 0
36.  
37. while stopnow == 0:
38.  
39. try:
40.  
41. domain = theurl.split("//")[-1].split("/")[0]
42.  
43. currentfolder = theurl.split("/")[-1]
44.  
45. try:
46.  
47. if not theurl.endswith(".zip") and (len(theurl.split("//")[-1].split("/")) > 1):
48.  
49. zipfile = domain + "___" + currentfolder + ".zip"
50.  
51. phishkit = theurl + ".zip"
52.  
53. urlretrieve(phishkit, zipfile)
54.  
55. print("phishkit," + phishkit)
56.  
57. except Exception as e:
58.  
59. print("failedphishkit," + phishkit + "(" + str(e) + ")")
60.  
61. html = urlopen(theurl, timeout=3)
62.  
63. val = html.read()
64.  
65. titles = re.findall(r'(?i)<title>(.*?)</title>',str(val))
66.  
67. if len(titles) > 0:
68.  
69. if titles[0].startswith('Index of'):
70.  
71. print("opendir," + theurl + "(" + titles[0] + ")")
72.  
73. zipfiles = re.findall(r'(?i)href\=\"[^\"]+\.zip\"\>',str(val))
74.  
75. if len(zipfiles) > 0:
76.  
77. for zipfile in zipfiles:
78.  
79. zipfile = zipfile.replace('\"', '').replace('href=', '').replace('>','').replace("&amp;", "&")
80.  
81. if theurl.endswith('/'):
82.  
83. phishkit = theurl + zipfile
84.  
85. else:
86.  
87. phishkit = theurl + "/" + zipfile
88.  
89. try:
90.  
91. zipfile = domain + "___" + zipfile
92.  
93. urlretrieve(phishkit, zipfile)
94.  
95. print("phishkit," + phishkit)
96.  
97. except Exception as e:
98.  
99. print("failedphishkit," + phishkit + "(" + str(e) + ")")
100.  
101. exefiles = re.findall(r'(?i)href\=\"[^\"]+\.exe\"\>',str(val))
102.  
103. if len(exefiles) > 0:
104.  
105. for exefile in exefiles:
106.  
107. exefile = exefile.replace('\"', '').replace('href=', '').replace('>','').replace("&amp;", "&")
108.  
109. if theurl.endswith('/'):
110.  
111. malware = theurl + exefile
112.  
113. else:
114.  
115. malware = theurl + "/" + exefile
116.  
117. try:
118.  
119. urlretrieve(malware, exefile)
120.  
121. print("malware," + malware)
122.  
123. except Exception as e:
124.  
125. print("failedmalware," + malware + "(" + str(e) + ")")
126.  
127. panels = re.findall(r'(?i)href\=\"(panel|webpanel|fre\.php)\"\>',str(val))
128.  
129. if len(panels) > 0:
130.  
131. for panel in panels:
132.  
133. panel = panel.replace('\"', '').replace('href=' ,'').replace('>', '').replace("&amp;", "&")
134.  
135. if theurl.endswith('/'):
136.  
137. panelurl = theurl + panel
138.  
139. else:
140.  
141. panelurl = theurl + "/" + panel
142.  
143. print("panel," + panelurl)
144.  
145. else:
146.  
147. print("webpage," + theurl + "(" + titles[0] + ")")
148.  
149. theurl = re.sub(r'\/[^\/]*$', '', theurl)
150.  
151. if theurl.endswith('http:/') or theurl.endswith('https:/'):
152.  
153. stopnow = 1
154.  
155. except Exception as e:
156.  
157. if "no host given" in str(e):
158.  
159. stopnow = 1
160.  
161. else:
162.  
163. print("failedurl," + theurl + "(" + str(e) + ")")
164.  
165. theurl = re.sub(r'\/[^\/]*$', '', theurl)
166.  
167. theurl = fp.readline()