From 203a45887863aaf34d8a9dca26207b9b1f381280 Mon Sep 17 00:00:00 2001
From: Aeris <a3x@eris.cc>
Date: Tue, 7 Apr 2020 02:46:43 +0200
Subject: [PATCH] ...and source

---
 pass.py | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 pass.py

diff --git a/pass.py b/pass.py
new file mode 100644
index 0000000..43aa455
--- /dev/null
+++ b/pass.py
@@ -0,0 +1,61 @@
+# -*- coding: utf-8 -*-
+import select
+import sqlite3
+import re
+import signal
+import sys
+from systemd import journal
+
+#regex
+test = re.compile('Honey: Username.*Password')
+
+#sqlite
+conn = sqlite3.connect('local.db')
+conn.execute("CREATE TABLE IF NOT EXISTS dbas2 (id INTEGER PRIMARY KEY, username VARCHAR(50) NOT NULL, password VARCHAR(50) NOT NULL, count INT NOT NULL);")
+
+print ("Table created successfully")
+#traps
+def close(sig,frame):
+    conn.close()
+    sys.exit()
+
+signal.signal(signal.SIGINT, close)
+signal.signal(signal.SIGTERM, close)
+
+def lookup(conn,user,passw):
+        c = conn.cursor()
+	result = c.execute('SELECT count FROM dbas2 WHERE username=? AND password=?', (user, passw))
+        if result.fetchone() is None:
+            c.execute('INSERT INTO dbas2 (username, password, count ) VALUES (?,?,?)',(user,passw, 1))
+            conn.commit()
+        else:   
+	    c.execute('UPDATE dbas2 SET count = count + 1 WHERE username=? AND password=?', (user, passw))
+            conn.commit()
+j = journal.Reader()
+j.log_level(journal.LOG_INFO)
+
+# j.add_match(_SYSTEMD_UNIT="systemd-udevd.service")
+j.seek_tail()
+j.get_previous()
+# j.get_next() # it seems this is not necessary.
+
+p = select.poll()
+p.register(j, j.get_events())
+
+while p.poll():
+    if j.process() != journal.APPEND:
+        continue
+
+    for entry in j:
+        if entry['MESSAGE'] != "" and test.match(entry['MESSAGE']):
+            code = entry['MESSAGE'].split(" ")
+            username = code[2]
+            if len(code) > 4:
+                password = code[4]
+            else:
+                password = "##EMPTY_STRING##"
+            print("Username: " + username + "\t\t\tPassword: " + password ) 
+	    lookup(conn,username.encode('utf-8'),password.encode('utf-8'))
+            #print(str(entry['__REALTIME_TIMESTAMP'] )+ ' ' + entry['MESSAGE'])
+
+print("killing me softly")