Added 'Unusual SMTP Headers' test
This commit is contained in:
parent
c244ceb3dd
commit
2eec0b5f47
|
@ -9,7 +9,7 @@ Time went by, I was adding support for more and more SMTP headers - and here we
|
||||||
|
|
||||||
## Info
|
## Info
|
||||||
|
|
||||||
This tool accepts on input an `*.EML` or `*.txt` file with all the SMTP headers. It will then extract a subset of interesting headers and using **95+** tests will attempt to decode them as much as possible.
|
This tool accepts on input an `*.EML` or `*.txt` file with all the SMTP headers. It will then extract a subset of interesting headers and using **105+** tests will attempt to decode them as much as possible.
|
||||||
|
|
||||||
This script also extracts all IPv4 addresses and domain names and performs full DNS resolution of them.
|
This script also extracts all IPv4 addresses and domain names and performs full DNS resolution of them.
|
||||||
|
|
||||||
|
@ -130,6 +130,9 @@ Processed headers (more than **85+** headers are parsed):
|
||||||
- `X-MS-Exchange-ExternalOriginalInternetSender`
|
- `X-MS-Exchange-ExternalOriginalInternetSender`
|
||||||
- `X-CNFS-Analysis`
|
- `X-CNFS-Analysis`
|
||||||
- `X-Authenticated-Sender`
|
- `X-Authenticated-Sender`
|
||||||
|
- `X-Apparently-From`
|
||||||
|
- `X-Env-Sender`
|
||||||
|
- `Sender`
|
||||||
|
|
||||||
|
|
||||||
Most of these headers are not fully documented, therefore the script is unable to pinpoint all the details, but at least it collects all I could find on them.
|
Most of these headers are not fully documented, therefore the script is unable to pinpoint all the details, but at least it collects all I could find on them.
|
||||||
|
@ -323,7 +326,7 @@ C:\> py decode-spam-headers.py -l tests
|
||||||
2 - Extracted IP addresses
|
2 - Extracted IP addresses
|
||||||
3 - Extracted Domains
|
3 - Extracted Domains
|
||||||
4 - Bad Keywords In Headers
|
4 - Bad Keywords In Headers
|
||||||
5 - From Address Analysis
|
5 - Sender Address Analysis
|
||||||
6 - Subject and Thread Topic Difference
|
6 - Subject and Thread Topic Difference
|
||||||
7 - Authentication-Results
|
7 - Authentication-Results
|
||||||
8 - ARC-Authentication-Results
|
8 - ARC-Authentication-Results
|
||||||
|
@ -422,6 +425,8 @@ C:\> py decode-spam-headers.py -l tests
|
||||||
102 - EOP - Enhanced Filtering - ExternalOriginalInternetSender
|
102 - EOP - Enhanced Filtering - ExternalOriginalInternetSender
|
||||||
103 - Cloudmark Analysis
|
103 - Cloudmark Analysis
|
||||||
104 - The Real Sender - via Authenticated-Sender
|
104 - The Real Sender - via Authenticated-Sender
|
||||||
|
105 - Identified Sender Addresses
|
||||||
|
106 - Unsual SMTP headers
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -94,6 +94,9 @@
|
||||||
# - X-MS-Exchange-ExternalOriginalInternetSender
|
# - X-MS-Exchange-ExternalOriginalInternetSender
|
||||||
# - X-CNFS-Analysis
|
# - X-CNFS-Analysis
|
||||||
# - X-Authenticated-Sender
|
# - X-Authenticated-Sender
|
||||||
|
# - X-Apparently-From
|
||||||
|
# - X-Env-Sender
|
||||||
|
# - Sender
|
||||||
#
|
#
|
||||||
# Usage:
|
# Usage:
|
||||||
# ./decode-spam-headers [options] <smtp-headers.txt>
|
# ./decode-spam-headers [options] <smtp-headers.txt>
|
||||||
|
|
Loading…
Reference in New Issue