This commit is contained in:
Mariusz B. / mgeeky 2021-10-17 18:13:39 +02:00
parent dc8a2638f9
commit 4f90a4a16f
10 changed files with 42 additions and 17 deletions

@ -1 +1 @@
Subproject commit 32992adea5369e661eea6fabbbc95b8284cc2959 Subproject commit bb14d908d13f564a7c93a8e6a61977d07cf8fc0a

@ -1 +1 @@
Subproject commit 80e7515ed6aff631b3449e654b67988b1f01baa4 Subproject commit 3bfbe8ad1662f010e17aee85bc77af3dcc380d74

View File

@ -36,7 +36,15 @@ try:
import dns.resolver import dns.resolver
except ImportError: except ImportError:
print('[!] You need to install dnspython: $ pip3 install dnspython') print('''
[!] You need to install dnspython:
# pip3 install dnspython
If problem remains, re-install dnspython:
# pip3 uninstall dnspython
# pip3 install dnspython
''')
sys.exit(1) sys.exit(1)
options = { options = {
@ -217,7 +225,6 @@ class SMTPHeadersAnalysis:
'atp', 'atp',
'defend', 'defend',
'assassin', 'assassin',
'rbl'
) )
Headers_Known_For_Breaking_Line = ( Headers_Known_For_Breaking_Line = (
@ -251,6 +258,7 @@ class SMTPHeadersAnalysis:
'X-Spam-Level', 'X-Spam-Level',
'X-Spam-Flag', 'X-Spam-Flag',
'X-Spam-Report', 'X-Spam-Report',
'ARC-Authentication-Results',
) )
auth_result = { auth_result = {
@ -832,6 +840,7 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
self.results['Bad Keywords In Headers'] = self.testBadKeywords() self.results['Bad Keywords In Headers'] = self.testBadKeywords()
self.results['From Address Analysis'] = self.testFrom() self.results['From Address Analysis'] = self.testFrom()
self.results['Authentication-Results'] = self.testAuthenticationResults() self.results['Authentication-Results'] = self.testAuthenticationResults()
self.results['ARC-Authentication-Results'] = self.testARCAuthenticationResults()
self.results['Received-SPF'] = self.testReceivedSPF() self.results['Received-SPF'] = self.testReceivedSPF()
self.results['Mail Client Version'] = self.testXMailer() self.results['Mail Client Version'] = self.testXMailer()
self.results['X-Forefront-Antispam-Report'] = self.testForefrontAntiSpamReport() self.results['X-Forefront-Antispam-Report'] = self.testForefrontAntiSpamReport()
@ -884,28 +893,30 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
hhh = re.sub(r'(' + re.escape(dodgy) + r')', self.logger.colored(r'\1', 'red'), header, flags=re.I) hhh = re.sub(r'(' + re.escape(dodgy) + r')', self.logger.colored(r'\1', 'red'), header, flags=re.I)
tmp += f'\t({num0:02}) {self.logger.colored("Header", "magenta")}: {hhh}\n' tmp += f'\t({num0:02}) {self.logger.colored("Header", "magenta")}: {hhh}\n'
tmp += f'\t Value: {value[:80]}\n\n' tmp += f'\t Keyword: {dodgy}\n\n'
tmp += f'\t Value: {value[:80]}\n\n'
shown.add(header) shown.add(header)
break break
elif dodgy in value.lower() and header not in SMTPHeadersAnalysis.Handled_Spam_Headers: elif dodgy in value.lower() and header not in SMTPHeadersAnalysis.Handled_Spam_Headers:
num0 += 1 num0 += 1
hhh = header hhh = header
tmp += f'\t({num0:02}) Header: {hhh}\n' tmp += f'\t({num0:02}) Header: {hhh}\n'
pos = value.lower().find(dodgy) pos = value.lower().find(dodgy)
ctx = re.sub(r'(' + re.escape(dodgy) + r')', self.logger.colored(r'\1', 'red'), value, flags=re.I) ctx = re.sub(r'(' + re.escape(dodgy) + r')', self.logger.colored(r'\1', 'red'), value, flags=re.I)
if len(ctx) > 80: if len(ctx) > 80:
a = pos-40 a = pos-40
b = pos+len(dodgy)+40 b = -10 + pos + len(dodgy) + 30
if a < 0: a = 0 if a < 0: a = 0
if b > len(ctx): b = len(ctx) if b > len(ctx): b = len(ctx)
ctx = value[a:b] ctx = value[a:b]
tmp += f'\t {self.logger.colored("Value", "magenta")}: {ctx}\n\n' tmp += f'\t Keyword: {dodgy}\n\n'
tmp += f'\t {self.logger.colored("Value", "magenta")}: {ctx}\n\n'
shown.add(header) shown.add(header)
break break
@ -1046,7 +1057,12 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
result += f'\t (first hop\'s domain: {self.logger.colored(firstHopDomain1, "cyan")})\n\n' result += f'\t (first hop\'s domain: {self.logger.colored(firstHopDomain1, "cyan")})\n\n'
if firstHopDomain1.lower() != senderDomain.lower(): if firstHopDomain1.lower() != senderDomain.lower():
response = dns.resolver.resolve(domain, 'TXT') response = None
try:
response = dns.resolver.resolve(domain, 'TXT')
except dns.resolver.NoAnswer as e:
response = []
spf = False spf = False
for answer in response: for answer in response:
@ -1718,6 +1734,15 @@ More information:
(num, header, value) = self.getHeader('Authentication-Results') (num, header, value) = self.getHeader('Authentication-Results')
if num == -1: return [] if num == -1: return []
return self._testAuthenticationResults(num, header, value)
def testARCAuthenticationResults(self):
(num, header, value) = self.getHeader('ARC-Authentication-Results')
if num == -1: return []
return self._testAuthenticationResults(num, header, value)
def _testAuthenticationResults(self, num, header, value):
value = SMTPHeadersAnalysis.flattenLine(value) value = SMTPHeadersAnalysis.flattenLine(value)
tests = {} tests = {}
result = '' result = ''

@ -1 +1 @@
Subproject commit bfa8889dfb830a59dfa8d1852404f0697e403d29 Subproject commit 36bd44e3f6da236a404a44796cbbdb3de71b1e30

@ -1 +1 @@
Subproject commit 828037bdd4fb10c025e572ea3aafa3c061a43b6b Subproject commit 42e82dcd2f9e1d324075e451c9893376b5cedf62

@ -1 +1 @@
Subproject commit 1b55dcd600b620820b88f6f3308d3018a124a4af Subproject commit d80f2b1edbc6b0ec85994bf89c72241d559768e9

@ -1 +1 @@
Subproject commit ac7d0541073a9f31a78886f384411af3ed72a5c3 Subproject commit 11cc93fc5dd74c16319889b31f8080b87c56dda2

@ -1 +1 @@
Subproject commit a1a4453347bf15e77473ca3d0f66671dae38ca8d Subproject commit 451d45e70c5cb3e5e9e31e332a069500a69976df

@ -1 +1 @@
Subproject commit 386b1c911efba34670e30c1b0970112d6300b8e5 Subproject commit 093705972e61b52ee9230efd46b0300c0ba864b6

@ -1 +1 @@
Subproject commit 1b9a426096e4fef285c85dac00502fab87c1062d Subproject commit 25e43b1ea5705a7465fe0351d4253bc209654b50