From 19952dffa8dac96b10dfbadfc3803ce0fd191dad Mon Sep 17 00:00:00 2001
From: "Mariusz B. / mgeeky" <mb@binary-offensive.com>
Date: Sun, 17 Oct 2021 19:37:40 +0200
Subject: [PATCH] update

---
 phishing/decode-spam-headers.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/phishing/decode-spam-headers.py b/phishing/decode-spam-headers.py
index 6952998..a3a56f7 100644
--- a/phishing/decode-spam-headers.py
+++ b/phishing/decode-spam-headers.py
@@ -1783,18 +1783,24 @@ More information:
 
         for (num, header, value) in self.headers:
             v = SMTPHeadersAnalysis.flattenLine(value)
-            if '=?us-ascii?Q?' in v:
+            m = re.search(r'\=\?[a-z0-9\-]+\?Q\?', v, re.I)
+            if m:
                 num0 += 1
 
                 value_decoded = emailheader.decode_header(value)[0][0].decode()
+
                 hhh = self.logger.colored(header, 'magenta')
                 tmp += f'\t({num0:02}) Header: {hhh}\n'
                 tmp += f'\t     Value:\n\n'
                 tmp += value_decoded + '\n\n'
 
-                tmp += f'\t     Base64 decoded Hexdump:\n\n'
-                tmp += SMTPHeadersAnalysis.hexdump(base64.b64decode(value_decoded))
-                tmp += '\n\n\n'
+                try:
+                    x = SMTPHeadersAnalysis.hexdump(base64.b64decode(value_decoded.encode()))
+                    tmp += f'\t     Base64 decoded Hexdump:\n\n'
+                    tmp += x
+                    tmp += '\n\n\n'
+                except:
+                    pass
 
                 shown.add(header)