Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2024-11-22 02:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Mariusz B. / mgeeky 2021-10-17 18:24:05 +02:00
parent a80bb01cf7
commit d0b7dfd96a
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
phishing/decode-spam-headers.py
View File

@ -857,6 +857,7 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
self.results['SpamAssassin Spam Level'] = self.testSpamAssassinSpamLevel() self.results['SpamAssassin Spam Level'] = self.testSpamAssassinSpamLevel()
self.results['SpamAssassin Spam Flag'] = self.testSpamAssassinSpamFlag() self.results['SpamAssassin Spam Flag'] = self.testSpamAssassinSpamFlag()
self.results['SpamAssassin Spam Report'] = self.testSpamAssassinSpamReport() self.results['SpamAssassin Spam Report'] = self.testSpamAssassinSpamReport()
self.results['Message Feedback Loop'] = self.testMSFBL()
return {k: v for k, v in self.results.items() if v} return {k: v for k, v in self.results.items() if v}
@ -864,6 +865,10 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
def flattenLine(value): def flattenLine(value):
return ' '.join([x.strip() for x in value.split('\n')]) return ' '.join([x.strip() for x in value.split('\n')])
@staticmethod
def printable(input_str):
return all(ord(c) < 127 and c in string.printable for c in input_str)
@staticmethod @staticmethod
def extractDomain(fqdn): def extractDomain(fqdn):
if not fqdn: if not fqdn:
@ -872,6 +877,27 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
parts = fqdn.split('.') parts = fqdn.split('.')
return '.'.join(parts[-2:]) return '.'.join(parts[-2:])
def testMSFBL(self):
(num, header, value) = self.getHeader('X-MSFBL')
if num == -1: return []
parts = value.split('|')
for p in parts:
if p.startswith('eyJ'):
decoded = base64.b64decode(p)
if SMTPHeadersAnalysis.printable(decoded):
result += f'\t- Headers contained Feedback Loop object used by marketing systems to offer ISPs way to notify the sender that recipient marked that e-mail as Junk/Spam.\n'
result += json.dumps(json.loads(decoded), indent=4) + '\n'
if len(result) == 0:
return []
return {
'header' : header,
'value': value,
'analysis' : result
}
def testSpamRelatedHeaders(self): def testSpamRelatedHeaders(self):
result = '' result = ''
tmp = '' tmp = ''