From 158f3b0410fff8a255febcf02c3e48250342c6c7 Mon Sep 17 00:00:00 2001 From: mgeeky Date: Fri, 29 Oct 2021 03:26:28 +0200 Subject: [PATCH] heavily updated decode-spam-headers.py and phishing-HTML-linter.py --- .../decode-spam-headers/correlate-rules.py | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 phishing/decode-spam-headers/correlate-rules.py diff --git a/phishing/decode-spam-headers/correlate-rules.py b/phishing/decode-spam-headers/correlate-rules.py new file mode 100644 index 0000000..ceb5b58 --- /dev/null +++ b/phishing/decode-spam-headers/correlate-rules.py @@ -0,0 +1,70 @@ +#!/usr/bin/python3 + +import os, sys, re +import string +import argparse +import json +import textwrap +import socket +import time +import glob +import base64 + +rules = {} +scanned = set() + +def walk(path): + global rules + global scanned + + print(f'Walking {path}...') + + for file in glob.glob(os.path.join(path, '**'), recursive=True): + if not file.lower().endswith('.txt'): + continue + + if file in scanned: continue + scanned.add(file) + + data = '' + with open(file) as f: + data = f.read() + + for m in re.finditer(r'(\(\d{4,}\))', data, re.I): + rule = m.group(1) + + if rule in rules.keys(): + if file not in rules[rule]['files']: + rules[rule]['count'] += 1 + rules[rule]['files'].add(file) + else: + rules[rule] = {} + rules[rule]['count'] = 1 + rules[rule]['files'] = set([file, ]) + +def main(argv): + + paths = [] + for i in range(len(argv)): + arg = argv[i] + if i == 0: continue + + if not os.path.isdir(arg): + print('[!] input path does not exist or is not a dir! ' + arg) + sys.exit(1) + + walk(os.path.abspath(arg)) + + print(f'[.] Found {len(rules)} unique rules.:') + + candidates = [] + for k, v in rules.items(): + if v['count'] > 1: + print(f'\n\t- {k: <15}: occurences: {v["count"]} - files: {len(v["files"])}') + + if len(v['files']) < 6: + for f in v['files']: + print('\t\t- ' + str(f)) + +if __name__ == '__main__': + main(sys.argv) \ No newline at end of file