From fc7316a5bb496015cb85ad398f11c42199dbfd9c Mon Sep 17 00:00:00 2001 From: "Mariusz B. / mgeeky" Date: Mon, 12 Dec 2022 23:20:41 +0100 Subject: [PATCH] Updated phishing-HTML-linter.py --- phishing/README.md | 2 ++ phishing/decode-spam-headers | 2 +- .../Self-Signed Threat/MSKernel32Cloned.pfx | Bin 0 -> 5814 bytes 3 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 red-teaming/Self-Signed Threat/MSKernel32Cloned.pfx diff --git a/phishing/README.md b/phishing/README.md index 20ff6cc..3cd82fe 100644 --- a/phishing/README.md +++ b/phishing/README.md @@ -132,6 +132,8 @@ OUTPUT: - ` URL contained GET parameter with URL` - ` URL pointed to an executable file` - `Mail message contained suspicious words` + - `Mail message contained unsupported HTML tags` + - `Mail message contained unsupported HTML attributes` Such characteristics are known bad smells that will let your e-mail blocked. diff --git a/phishing/decode-spam-headers b/phishing/decode-spam-headers index 2eec0b5..a266b79 160000 --- a/phishing/decode-spam-headers +++ b/phishing/decode-spam-headers @@ -1 +1 @@ -Subproject commit 2eec0b5f47a6d59dc8e2c367b079fae6c422c64c +Subproject commit a266b79ea1e9fac8455a60368357a9d67b5400bc diff --git a/red-teaming/Self-Signed Threat/MSKernel32Cloned.pfx b/red-teaming/Self-Signed Threat/MSKernel32Cloned.pfx new file mode 100644 index 0000000000000000000000000000000000000000..c87160bc7e659dca7d8a814995496a6b871b4e4d GIT binary patch literal 5814 zcmZWtWl&t*vYkPLySq#V_dp0vm;?xJ!JXjl4uiW6mf-Fd+zAqb`{1s@gG1o)-Ma7I zdi848+PizL?zPYP(^cniL5b@SfQVdBVmlNxmQd-?8!R9yFb7I(fCMGhd7(dZK~Vtz zM?yYFf+8PtL6Hw$u!Dl}?=DPqAVLll>4^)9bk9YJg8sksi#ayZtDaUa^i;+i8UzH? z2_z^I{N#XR=3z1N%|<(EKOCL}&gk;Tb`fmKAwNJ^MUg)L3PA8!4Q|zA~0A*8#&TP|B3Y@{pI2S()Rtlp;#;99dTc_STq3d<}V>0V)_aPvMUSKIE#7 zDfv|+sI{j${dLG|R%exu=9JJyR3o$az{V8WH5Ip+^B!0YI!&87tn)V1ykoXRmGl(E zu@@KQ6W|F4EL&L8+UB{B7cCheO>SbGXkjISkZ z`Rcn_f-)(&wf;s!WyvBUs}qKGBSlg0mg+>jYHd8N`_kp(;lavfCdnez(L9D~TrZ-D zzNY=V7+Rniuc|Dvg<{d;pOh5mN62gI>EE*L>wE~JAc|`xg(LUYjg?@Jd1AFGdUv_B zfyuy68eoO2$vcU>7+sI7oV4!09j2lTQ=p)EPp&s$+t{PfzAE3S|vr=8=WIi%zT>Lisgh!Q%_-g&RsY!rXb@KYhGT zKRtp0Xl3Y>0);-`t$yr12p|maA>dt>(+d)|FqIqb*T%02 z^Z*=gQ=Pr~Mi55JoU&SY6E)zj8Ifl0uewUOt{$u6TJoNmeJlbxj-ZEtFN8t3Qs0=p zGPGjW7xp@sCe_c*u6i$HVW_1O*nLBAi^pwY6q!-V2&{K8+CXE|~?t-k1+z8R}3L zmM&YWC_n#7&L}wr2x9ccUaq0wjF8qqPpi`A9QQ320uSn;=Sm#35?h-X*s-Hi=i|8n zcFRLFlNW>PLc=Es*Y3S0I>sZLRMMj@0u1#jnB5~Bx&@FsJx2`4Q>A1qeVyUxcClT3 z9^L+v!S702(kF;#D()d<8GhrmNov!m7-|gzI2BjY_Ma9>ap4d{kSB%xPkF-|?06u&M8; zOtFonPz0!Cjl-H>pQnrg%IxD10-8fLWtu+f7mFs)&G<$2`7GY8pBFs_nO&u7#$$SO zejSD$z*b@zOWns00@-|z`LbnU7mGX#xQ}m=H@s>oV?7axGC_ql#_ItZ#oL@hxdW%U z2>vrJ(TKQFkdS}?0Dw#Hza$~I614)r1z-kX2XFzt0Qg@bJ^;@P_+OYWFOlF2*k5v^ zm+YS^Bfwh#?@R4J9RJHQ0+_y3m;p=x+%GT#nEqqWiULFeLIv=E|FV|{SiVS30DFM* z3%cjW$J;Plc)3;6W1d;UvtdC{C+c=LbpO8@F~d+{)R$(^{MxQhRIepHkk zD6aSmC5!+Byc}=-s{sH1;I~Lr@SUSh<@{&x2S9OO1uPM{qwxoJWC z5JV>JBaM(@{fNe66@)NUnjCH25ncUL~0XlCM^#cyp&AL_OWT zpMG{8-bT+G8GAnSqvnABHG_c8C;x3Q@tH$mn6*^Nhfq)e$(P(KcTkZ@sR~raK%x=U z!bACB)k%PqQ0M9)e`s|sQzzznlYB69;YP}EI4En-qRP4P>caJqZz5)(SjP>o&?EcV z>aw)|XLaMH%WkMQ*^tl02^k$;TY_^q%YmGfp_=3he(@|*%P+&Tn;PS15)*@SX(Ms-IaadBIRZkDU}Xkwcc(eoF#q6PI$GXOgV@c@y=``j9Xy-?++ z;)Ho~z~9Iu<%B9RPehZaPpU!uvub%j?b}uR`fJl3PG!l*0HYb~9OZC1dzmxP1UvT;Za1^zjq`afx3M6b3+d1fMp>ebwZ^u z$Z@azvB*&HE{R6I;5~eVe>U1Sb&(Rlm<_4H=-BcE@4S0Qlqtf#fzFf;NKhclsw4AT zHnyfU8C`T?Y*EAI_z;3PXtG|{qM>~Ar_?vM#zCL&*XuhPeyKIxkA~{9{Bv87CC+(# zqFT>_+7Ukks{0)7UW_<@XZRlW*<`}Xp0z%An^NA!m-J#7YP}ljzV=Af}pz8)w6-=-9Z3$M}JTzx?w8VhIu&hebZR zapy5uq|_G+%W|R@Tm961)*fipx%X5JF0jU{Bi%1yztuOQ`*hd>BmL%&?CrgaW6}g; zDOamLf7<-A#I7T=p0lAJqIjvis_KMTVNJTqG@go`%8(L(L#!&+(w%mS$@049s*Mvc zH5~{aWaX7qaFlj93NJBTAtZ z8kd8^z|y8U1Y2!u|3UF6DaL!9sJG2Awx;ZEC@#}@#{|z-AJj;g2iz}^I~fcsk5r?-m}K!^?_U#oSE3x& z_kgmqv_%j0BzJyUtTr5N7Xf9IEEg)>WOqG^Y zQgVNs=Pqz)JvDT+8*9GL zJrl|wA>_rQL`7K{Z+e>Zt&W%c6T-=u4dzL*SbG$~mAnTINwqhaAlvsj#07IupVCTfQWIe%e`u zbzGfTN&@@jJBG~Mr{fJ$Z_6II%<}g1-EkY9AFl_&B4>At*dBJgJRjfIqx~;75%J?I zV1Kp@9xeG)*nAK?3z!n>189+m>wMBoZE!?fDwnD3KS~E(|5gx%O#rXCbahrF1&+S!Td+`PTCPkBr7P8MYTT3QBpDv71sYvoD zX<}rwjnbwv*#^BPII?%b@C3(a*EtK@J&fRO&6a5j!d|@&_YHGDU5G72A;sShaF&l zN5L^}&M%^J(K)9?OCK-7F59h*?UM1t4%tbw55Fv+GCy;8NyTtQ=`%2 zrN~eqYaO>o_&Kyj*`qPBK>1gXV$tNZzF$K8sq+?Elnw=ShiqEfZz?`xvu;!`6#q0! zPk$reDtDtt%I4xAF--@wL4Vxkh7Vjzwr!>{3ATQUvvDZ6S7LF;h1#3~q2wX!`qxAj zQ$m4vI$OQyuERDPuuJ{#6+|4OVmsGb#ONSLO@J09Pu+!ws!ghfhNeIi0V;CVB{IMf zvw4D(i1!bsQtBx>9goq(FLNhf=H6zBzBgTJoIgvoq9-`40Qxp@ooT5M z2}AGnU`OtIHp@D6DoeHF0KRqvUi7%0AUDG}D%Uak?V?5sOq29_LAB|lvzv3V<+aJV zkTDoGTCRB6@yu@II*!RhL;>xb;%vf^^BbDvJ>1H!uVI-fD8w4Y5r3B1&vB^3*co^F zTcjvbxWTj7=COEaJ1tb|Gz)ZVt@ocU- zqOdN_SpSd{9ZP8gcWH^+bTZ1PneQk~>-I5K+^~_Rwq{!U^@VO&LSz0~%SLUX}& zY}v}c4UOMvgisK5L5s?{+1-^h_?e|{42`4^tul`ai`-Yc@__1Bv{&Fkwbya#^UmZF zxXi!y(=4@)8Ne;`pOcqkyks&F7T7=K*K=NnO`6#;9&b1F*eA;q$8L|7z}R>@#G;y7 z9d2m%=%uFLO)7{JIDcrx{B5|oi=`JFfW7_Dx#iEABsqWtcO|`kriVrj()o>~n z&1mFmf(lcB#E)X$ND`5(p(|*mSwmdym4F6BbcUA{kV7*VtNb_kDwQZuv)YqJ6S{R!1F8Mqg;2RHyZDPHue< zMKF%MOg`f6MQR0g!Ma$Td#b`ND#ojzExGSgkQa3V`*rWE!z~?@j=culP#}MND3?hC z7+CI_gWIP2OK5utaPM%Oqc)iQx#SwK;PRIXb9`V&Hr{U*r>)Mx90b!$`b5*g$ph9> z#a*#TPW+6$VNDj%t=)xNKTClR^{|Rn#piEQ>>jXTTa^zcG9;X6dXq8+7Lo|5)aA;Q zIMp56Hb@LGcTDQFT;MhGM|>YN+7&YM{2#PoiSiIXInIhgn%T4V6C zHe$lgl+lsPY)ci1wlTd=Ikh8)&sl@_`_J!Ey(%`*90o|V^eM!<@!ncsVLRj|gC`yK zRxCmBa0)cc{)pP8tlj3p4!CGnuhnG1s(8WZPT0=qPhX#QI+-Vu9nym^SEzF^tnf(yNnUfsF2Q*QD%$KPah4+7vbMH^R3ne)^970!#;<8e(`iEJ zn$U6>S^&1WgcCvM%~*#h;FMT(gK;U{;|}swOkTVJSE`?hX9(nlOTf#&2a$ z&Rp!qZqw28A8vUu0r1jrWmb(2Pd0q*rC$r3M~j@C){dKIZ5_X>XEom}1!zFd@|{VW z@AP=(s8-c?(6%%EA7P1?oaT)6`SK4h-*GVtY5OPD7rX*vm`6Y ze9%(DWFg@9lt@6gIvX?IOb~_3skMn1=bqTa!?aDwfF)2gYnHI1_otLY_)r@|HD{xd zCa%vmT0?=Ci|-sR0ud%e?`#oduI`iOQOAW>y%Wf<4)mtG_5rt&5iT8w3clJR0}}@CCJ8?huZ3;Y&|zmj2}&=o-Y?zxjKC5 zkfxDr!r`B_NKiJR=Y`p{s^n_jjv&vuhurk7$I#;7@+)H9v82 zk1Cr^%2Y0dyN!BvLzHiLk(q(s_#4nE3r^9}bD8)#d_JFw_;ad+-<@C8s_VH3WK!`k z?x|U6Z|Y^ez}(o}HNk?hR>OUzZzWO~v4qHsmbrwuXt+>OkXf-25y+7UFXJ1ZC^1!u r);7PmJD_k{UJse)Ara0#Ppq=JPyHmu5Ibk;5>Npr;3@p`BjJAl9F@{W literal 0 HcmV?d00001