mirror of
https://github.com/mgeeky/decode-spam-headers.git
synced 2024-11-25 20:11:37 +01:00
added hexdump package dependency instead of method that didn't work for me
This commit is contained in:
parent
a266b79ea1
commit
2cf9986276
@ -134,6 +134,7 @@ from html import escape
|
|||||||
from email import header as emailheader
|
from email import header as emailheader
|
||||||
from datetime import *
|
from datetime import *
|
||||||
from dateutil.tz import *
|
from dateutil.tz import *
|
||||||
|
from hexdump import hexdump
|
||||||
|
|
||||||
try:
|
try:
|
||||||
from dateutil import parser
|
from dateutil import parser
|
||||||
@ -2401,34 +2402,34 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
|
|||||||
break
|
break
|
||||||
return chr(sum(ord(c) for c in pair) - key - offset)
|
return chr(sum(ord(c) for c in pair) - key - offset)
|
||||||
|
|
||||||
@staticmethod
|
# @staticmethod
|
||||||
def hexdump(data, addr = 0, num = 0):
|
# def hexdump(data, addr = 0, num = 0):
|
||||||
s = ''
|
# s = ''
|
||||||
n = 0
|
# n = 0
|
||||||
lines = []
|
# lines = []
|
||||||
if num == 0: num = len(data)
|
# if num == 0: num = len(data)
|
||||||
|
#
|
||||||
if len(data) == 0:
|
# if len(data) == 0:
|
||||||
return '<empty>'
|
# return '<empty>'
|
||||||
|
#
|
||||||
for i in range(0, num, 16):
|
# for i in range(0, num, 16):
|
||||||
line = ''
|
# line = ''
|
||||||
line += '%04x | ' % (addr + i)
|
# line += '%04x | ' % (addr + i)
|
||||||
n += 16
|
# n += 16
|
||||||
|
#
|
||||||
for j in range(n-16, n):
|
# for j in range(n-16, n):
|
||||||
if j >= len(data): break
|
# if j >= len(data): break
|
||||||
line += '%02x ' % (data[j] & 0xff)
|
# line += '%02x ' % (data[j] & 0xff)
|
||||||
|
#
|
||||||
line += ' ' * (3 * 16 + 7 - len(line)) + ' | '
|
# line += ' ' * (3 * 16 + 7 - len(line)) + ' | '
|
||||||
|
#
|
||||||
for j in range(n-16, n):
|
# for j in range(n-16, n):
|
||||||
if j >= len(data): break
|
# if j >= len(data): break
|
||||||
c = data[j] if not (data[j] < 0x20 or data[j] > 0x7e) else '.'
|
# c = data[j] if not (data[j] < 0x20 or data[j] > 0x7e) else '.'
|
||||||
line += '%c' % c
|
# line += '%c' % c
|
||||||
|
#
|
||||||
lines.append(line)
|
# lines.append(line)
|
||||||
return '\n'.join(lines)
|
# return '\n'.join(lines)
|
||||||
|
|
||||||
def testEmailIntelligence(self):
|
def testEmailIntelligence(self):
|
||||||
service = []
|
service = []
|
||||||
@ -3631,7 +3632,7 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
|
|||||||
if self.decode_all:
|
if self.decode_all:
|
||||||
try:
|
try:
|
||||||
dec = SMTPHeadersAnalysis.safeBase64Decode(b[:30])
|
dec = SMTPHeadersAnalysis.safeBase64Decode(b[:30])
|
||||||
hd = SMTPHeadersAnalysis.hexdump(dec.encode())
|
hd = hexdump(dec.encode(), result='return')
|
||||||
a1 += f'\n\t\t\t{hd} ...\n'
|
a1 += f'\n\t\t\t{hd} ...\n'
|
||||||
|
|
||||||
except:
|
except:
|
||||||
@ -4003,7 +4004,7 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
|
|||||||
self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)')
|
self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)')
|
||||||
|
|
||||||
if self.decode_all:
|
if self.decode_all:
|
||||||
dumped = SMTPHeadersAnalysis.hexdump(SMTPHeadersAnalysis.safeBase64Decode(value))
|
dumped = hexdump(SMTPHeadersAnalysis.safeBase64Decode(value).encode('utf-8'), result='return')
|
||||||
|
|
||||||
result = f'- Cisco IronPort Data encrypted blob:\n\n'
|
result = f'- Cisco IronPort Data encrypted blob:\n\n'
|
||||||
result += dumped + '\n'
|
result += dumped + '\n'
|
||||||
@ -4025,7 +4026,7 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
|
|||||||
self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)')
|
self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)')
|
||||||
|
|
||||||
if self.decode_all:
|
if self.decode_all:
|
||||||
dumped = SMTPHeadersAnalysis.hexdump(SMTPHeadersAnalysis.safeBase64Decode(value))
|
dumped = hexdump(SMTPHeadersAnalysis.safeBase64Decode(value).encode('utf-8'), result='return')
|
||||||
|
|
||||||
result = f'- Cisco IronPort Data encrypted blob:\n\n'
|
result = f'- Cisco IronPort Data encrypted blob:\n\n'
|
||||||
result += dumped + '\n'
|
result += dumped + '\n'
|
||||||
@ -4280,7 +4281,7 @@ Src: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA
|
|||||||
|
|
||||||
self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)')
|
self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)')
|
||||||
if self.decode_all:
|
if self.decode_all:
|
||||||
dumped = SMTPHeadersAnalysis.hexdump(SMTPHeadersAnalysis.safeBase64Decode(value))
|
dumped = hexdump(SMTPHeadersAnalysis.safeBase64Decode(value).encode('utf-8'), result='return')
|
||||||
|
|
||||||
result = f'- Cisco IronPort Anti-Spam result encrypted blob:\n\n'
|
result = f'- Cisco IronPort Anti-Spam result encrypted blob:\n\n'
|
||||||
result += dumped + '\n'
|
result += dumped + '\n'
|
||||||
@ -5730,7 +5731,7 @@ Src: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA
|
|||||||
tmp += value_decoded + '\n\n'
|
tmp += value_decoded + '\n\n'
|
||||||
|
|
||||||
try:
|
try:
|
||||||
x = SMTPHeadersAnalysis.hexdump(base64.b64decode(value_decoded.encode()))
|
x = hexdump(base64.b64decode(value_decoded.encode()), result='return')
|
||||||
tmp += f'\t Base64 decoded Hexdump:\n\n'
|
tmp += f'\t Base64 decoded Hexdump:\n\n'
|
||||||
tmp += x
|
tmp += x
|
||||||
tmp += '\n\n\n'
|
tmp += '\n\n\n'
|
||||||
@ -5769,7 +5770,7 @@ Src: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA
|
|||||||
|
|
||||||
if self.decode_all:
|
if self.decode_all:
|
||||||
tmp += f'\n\n\t- Base64 decoded Hexdump:\n\n'
|
tmp += f'\n\n\t- Base64 decoded Hexdump:\n\n'
|
||||||
tmp += SMTPHeadersAnalysis.hexdump(base64.b64decode(value))
|
tmp += hexdump(base64.b64decode(value), result='return')
|
||||||
tmp += '\n\n\n'
|
tmp += '\n\n\n'
|
||||||
else:
|
else:
|
||||||
tmp += '\n\n\t- Use --decode-all to print its hexdump.'
|
tmp += '\n\n\t- Use --decode-all to print its hexdump.'
|
||||||
|
@ -4,3 +4,4 @@ packaging
|
|||||||
dnspython
|
dnspython
|
||||||
requests
|
requests
|
||||||
colorama
|
colorama
|
||||||
|
hexdump
|
||||||
|
Loading…
Reference in New Issue
Block a user