description = [[
http-google-email queries the Google web search engine and Google Groups for e-mails pertaining to a specific domain.
]]

---
-- @usage
-- nmap -p80 --script http-google-email <host>
--
-- @output
-- PORT   STATE SERVICE
-- 80/tcp open  http
-- | http-google-email: 
-- | nmap-dev@insecure.org
-- | nmap-svn@insecure.org
-- |_fyodor@insecure.org
--
-- @args http-google-email.domain Domain to search for. 
-- @args http-google-email.pages The number of results pages to be requested from Google Web search and Google Group search respectively. Default is 5.
---

author = "Shinnok"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery", "safe", "external"}

require "http"
require "shortport"

portrule = shortport.http

--Builds Google Web Search query
--@param domain 
--@param page
--@return Url 
local function google_search_query(domain, page)
  return string.format("http://www.google.com/search?q=%%40%s&hl=en&lr=&ie=UTF-8&start=%s&sa=N", domain, page)
end
--Builds Google Groups Search query
--@param domain 
--@param page
--@return Url 
local function google_groups_query(domain, page)
  return string.format("http://groups.google.com/groups?q=%s&hl=en&lr=&ie=UTF-8&start=%s&sa=N", domain, page)
end


---
--MAIN
---
action = function(host, port)
  local pages = 50
  local target
  local emails = {}

  if(stdnse.get_script_args("http-google-email.pages")) then
    pages = stdnse.get_script_args("http-google-email.pages")*10
  end

  -- Check if we have the domain argument passed
  if(stdnse.get_script_args("http-google-email.domain")) then
    target = stdnse.get_script_args("http-google-email.domain")
  else
    -- Verify that we have a hostname available
    if not(host.targetname) then
      return string.format("[ERROR] Host can not be resolved to a domain name.")
    else
      target = host.targetname
    end
  end

  stdnse.print_debug(1, "%s: Checking domain %s", SCRIPT_NAME, target) 

  -- Google Web search

  for page=0, pages, 10 do
    local qry = google_search_query(target, page)
    local req = http.get_url(qry)
    stdnse.print_debug(2, "%s", qry)
    stdnse.print_debug(2, "%s", req.body)

    body = req.body:gsub('<em>', '')
    body = body:gsub('</em>', '')
    if body then
      local found = false
      for email in body:gmatch('[A-Za-z0-9%.%%%+%-]+@' .. target) do
        for _, value in pairs(emails) do
          if value == email then
            found = true
          end
        end
        if not found then 
          emails[#emails+1] = email
        end
      end
    end
  end

  -- Google Groups search

  for page=0, pages, 10 do
    local qry = google_groups_query(target, page)
    local req = http.get_url(qry)
    stdnse.print_debug(2, "%s", qry)
    stdnse.print_debug(2, "%s", req.body)

    body = req.body:gsub('<b>', '')
    body = body:gsub('</b>', '')
    if body then
      local found = false
      for email in body:gmatch('[A-Za-z0-9%.%%%+%-]+@' .. target) do
        for _, value in pairs(emails) do
          if value == email then
            found = true
          end
        end
        if not found then 
          emails[#emails+1] = email
        end
      end
    end
  end


  if #emails > 0 then
    return "\n" .. stdnse.strjoin("\n", emails)
  end
end