Git/mgeeky-decode-spam-headers
1
0
Fork 0
mirror of https://github.com/mgeeky/decode-spam-headers.git synced 2024-11-22 10:31:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

added hexdump package dependency instead of method that didn't work for me

Browse Source
This commit is contained in:
Oliver Creighton 2023-02-06 15:28:56 -05:00
parent 492b6e7444
commit bba1dbb62b
2 changed files with 37 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
decode-spam-headers.py
View File

@ -134,6 +134,7 @@ from html import escape
from email import header as emailheader from email import header as emailheader
from datetime import * from datetime import *
from dateutil.tz import * from dateutil.tz import *
from hexdump import hexdump
try: try:
from dateutil import parser from dateutil import parser
@ -2399,34 +2400,34 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
break break
return chr(sum(ord(c) for c in pair) - key - offset) return chr(sum(ord(c) for c in pair) - key - offset)
@staticmethod # @staticmethod
def hexdump(data, addr = 0, num = 0): # def hexdump(data, addr = 0, num = 0):
s = '' # s = ''
n = 0 # n = 0
lines = [] # lines = []
if num == 0: num = len(data) # if num == 0: num = len(data)
#
if len(data) == 0: # if len(data) == 0:
return '<empty>' # return '<empty>'
#
for i in range(0, num, 16): # for i in range(0, num, 16):
line = '' # line = ''
line += '%04x | ' % (addr + i) # line += '%04x | ' % (addr + i)
n += 16 # n += 16
#
for j in range(n-16, n): # for j in range(n-16, n):
if j >= len(data): break # if j >= len(data): break
line += '%02x ' % (data[j] & 0xff) # line += '%02x ' % (data[j] & 0xff)
#
line += ' ' * (3 * 16 + 7 - len(line)) + ' | ' # line += ' ' * (3 * 16 + 7 - len(line)) + ' | '
#
for j in range(n-16, n): # for j in range(n-16, n):
if j >= len(data): break # if j >= len(data): break
c = data[j] if not (data[j] < 0x20 or data[j] > 0x7e) else '.' # c = data[j] if not (data[j] < 0x20 or data[j] > 0x7e) else '.'
line += '%c' % c # line += '%c' % c
#
lines.append(line) # lines.append(line)
return '\n'.join(lines) # return '\n'.join(lines)
def testEmailIntelligence(self): def testEmailIntelligence(self):
service = [] service = []
@ -3629,7 +3630,7 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
if self.decode_all: if self.decode_all:
try: try:
dec = SMTPHeadersAnalysis.safeBase64Decode(b[:30]) dec = SMTPHeadersAnalysis.safeBase64Decode(b[:30])
hd = SMTPHeadersAnalysis.hexdump(dec.encode()) hd = hexdump(dec.encode(), result='return')
a1 += f'\n\t\t\t{hd} ...\n' a1 += f'\n\t\t\t{hd} ...\n'
except: except:
@ -4001,7 +4002,7 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)') self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)')
if self.decode_all: if self.decode_all:
dumped = SMTPHeadersAnalysis.hexdump(SMTPHeadersAnalysis.safeBase64Decode(value)) dumped = hexdump(SMTPHeadersAnalysis.safeBase64Decode(value).encode('utf-8'), result='return')
result = f'- Cisco IronPort Data encrypted blob:\n\n' result = f'- Cisco IronPort Data encrypted blob:\n\n'
result += dumped + '\n' result += dumped + '\n'
@ -4023,7 +4024,7 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)') self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)')
if self.decode_all: if self.decode_all:
dumped = SMTPHeadersAnalysis.hexdump(SMTPHeadersAnalysis.safeBase64Decode(value)) dumped = hexdump(SMTPHeadersAnalysis.safeBase64Decode(value).encode('utf-8'), result='return')
result = f'- Cisco IronPort Data encrypted blob:\n\n' result = f'- Cisco IronPort Data encrypted blob:\n\n'
result += dumped + '\n' result += dumped + '\n'
@ -4278,7 +4279,7 @@ Src: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA
self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)') self.addSecurityAppliance('Cisco IronPort / Email Security Appliance (ESA)')
if self.decode_all: if self.decode_all:
dumped = SMTPHeadersAnalysis.hexdump(SMTPHeadersAnalysis.safeBase64Decode(value)) dumped = hexdump(SMTPHeadersAnalysis.safeBase64Decode(value).encode('utf-8'), result='return')
result = f'- Cisco IronPort Anti-Spam result encrypted blob:\n\n' result = f'- Cisco IronPort Anti-Spam result encrypted blob:\n\n'
result += dumped + '\n' result += dumped + '\n'
@ -5728,7 +5729,7 @@ Src: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA
tmp += value_decoded + '\n\n' tmp += value_decoded + '\n\n'
try: try:
x = SMTPHeadersAnalysis.hexdump(base64.b64decode(value_decoded.encode())) x = hexdump(base64.b64decode(value_decoded.encode()), result='return')
tmp += f'\t Base64 decoded Hexdump:\n\n' tmp += f'\t Base64 decoded Hexdump:\n\n'
tmp += x tmp += x
tmp += '\n\n\n' tmp += '\n\n\n'
@ -5767,7 +5768,7 @@ Src: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA
if self.decode_all: if self.decode_all:
tmp += f'\n\n\t- Base64 decoded Hexdump:\n\n' tmp += f'\n\n\t- Base64 decoded Hexdump:\n\n'
tmp += SMTPHeadersAnalysis.hexdump(base64.b64decode(value)) tmp += hexdump(base64.b64decode(value), result='return')
tmp += '\n\n\n' tmp += '\n\n\n'
else: else:
tmp += '\n\n\t- Use --decode-all to print its hexdump.' tmp += '\n\n\t- Use --decode-all to print its hexdump.'

1
requirements.txt
View File

@ -4,3 +4,4 @@ packaging
dnspython dnspython
requests requests
colorama colorama
hexdump