Git
/
mgeeky-Penetration-Testing-Tools
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update

This commit is contained in:
Mariusz B. / mgeeky 2021-10-17 18:48:28 +02:00
parent 5f80f17a94
commit f56db3480f
1 changed files with 56 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
phishing/decode-spam-headers.py
View File

@ -268,6 +268,8 @@ class SMTPHeadersAnalysis:
'X-Spam-Report', 'X-Spam-Report',
'ARC-Authentication-Results', 'ARC-Authentication-Results',
'X-MSFBL', 'X-MSFBL',
'X-Ovh-Spam-Reason',
'X-VR-SPAMSCORE',
) )
auth_result = { auth_result = {
@ -869,6 +871,8 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
self.results['Message Feedback Loop'] = self.testMSFBL() self.results['Message Feedback Loop'] = self.testMSFBL()
self.results['Other interesting headers'] = self.testInterestingHeaders() self.results['Other interesting headers'] = self.testInterestingHeaders()
self.results['OVH\'s X-VR-SPAMCAUSE'] = self.testSpamCause() self.results['OVH\'s X-VR-SPAMCAUSE'] = self.testSpamCause()
self.results['OVH\'s X-Ovh-Spam-Reason'] = self.testOvhSpamReason()
self.results['OVH\'s X-Ovh-Spam-Score'] = self.testOvhSpamScore()
return {k: v for k, v in self.results.items() if v} return {k: v for k, v in self.results.items() if v}
@ -878,7 +882,8 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
@staticmethod @staticmethod
def printable(input_str): def printable(input_str):
return all(c < 127 and chr(c) in string.printable for c in input_str) istr = str(input_str)
return all(ord(c) < 127 and c in string.printable for c in istr)
@staticmethod @staticmethod
def extractDomain(fqdn): def extractDomain(fqdn):
@ -904,6 +909,46 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
break break
return chr(sum(ord(c) for c in pair) - key - offset) return chr(sum(ord(c) for c in pair) - key - offset)
def testOvhSpamScore(self):
(num, header, value) = self.getHeader('X-VR-SPAMSCORE')
if num == -1: return []
result = f'- OVH considered this message as SPAM and attached following Spam '
value = SMTPHeadersAnalysis.flattenLine(value).replace(' ', '').replace('\t', '')
result += f'Score: {self.logger.colored(value.strip(), "red")}\n'
if len(result) == 0:
return []
return {
'header' : header,
'value': value,
'analysis' : result
}
def testOvhSpamReason(self):
(num, header, value) = self.getHeader('X-Ovh-Spam-Reason')
if num == -1: return []
result = self.logger.colored(f'- OVH considered this message as SPAM', 'red') + ' and attached following information:\n'
value = SMTPHeadersAnalysis.flattenLine(value).replace(' ', '').replace('\t', '')
tmp = ''
for part in value.split(';'):
part = part.strip()
tmp += f'\t- {part}\n'
result += tmp + '\n'
if len(result) == 0:
return []
return {
'header' : header,
'value': value,
'analysis' : result
}
def testSpamCause(self): def testSpamCause(self):
(num, header, value) = self.getHeader('X-VR-SPAMCAUSE') (num, header, value) = self.getHeader('X-VR-SPAMCAUSE')
if num == -1: return [] if num == -1: return []
@ -912,7 +957,16 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
value = SMTPHeadersAnalysis.flattenLine(value).replace(' ', '').replace('\t', '') value = SMTPHeadersAnalysis.flattenLine(value).replace(' ', '').replace('\t', '')
decoded = SMTPHeadersAnalysis.decodeSpamcause(value) decoded = SMTPHeadersAnalysis.decodeSpamcause(value)
result = decoded
if SMTPHeadersAnalysis.printable(decoded):
result += f'- SPAMCAUSE contains encoded information about spam reasons:\n'
tmp = ''
for part in decoded.split(';'):
part = part.strip()
tmp += f'\t- {part}\n'
result += tmp + '\n'
if len(result) == 0: if len(result) == 0:
return [] return []