Spaces:
Sleeping
Sleeping
Update analyze_email_main.py
Browse files- analyze_email_main.py +54 -10
analyze_email_main.py
CHANGED
|
@@ -3,20 +3,64 @@ from header_analyzer import analyze_headers
|
|
| 3 |
from body_analyzer import analyze_body
|
| 4 |
from url_analyzer import analyze_urls
|
| 5 |
|
| 6 |
-
def
|
| 7 |
headers, body, urls = parse_email(file_path)
|
| 8 |
|
| 9 |
-
|
| 10 |
-
|
| 11 |
-
|
| 12 |
-
|
| 13 |
|
| 14 |
-
|
| 15 |
-
|
| 16 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 17 |
|
| 18 |
if __name__ == "__main__":
|
| 19 |
-
file_path = "sample.eml"
|
| 20 |
-
findings =
|
| 21 |
for f in findings:
|
| 22 |
print(f)
|
|
|
|
| 3 |
from body_analyzer import analyze_body
|
| 4 |
from url_analyzer import analyze_urls
|
| 5 |
|
| 6 |
+
def analyze(file_path):
|
| 7 |
headers, body, urls = parse_email(file_path)
|
| 8 |
|
| 9 |
+
# Run individual analyzers (each returns findings + score)
|
| 10 |
+
header_findings, header_score = analyze_headers(headers)
|
| 11 |
+
body_findings, body_score = analyze_body(body)
|
| 12 |
+
url_findings, url_score = analyze_urls(urls)
|
| 13 |
|
| 14 |
+
total_score = header_score + body_score + url_score
|
| 15 |
+
|
| 16 |
+
# --- Determine verdict ---
|
| 17 |
+
if total_score >= 70:
|
| 18 |
+
verdict = "🚨 Malicious"
|
| 19 |
+
elif 50 <= total_score < 70:
|
| 20 |
+
verdict = "⚠️ Suspicious"
|
| 21 |
+
elif 30 <= total_score < 50:
|
| 22 |
+
verdict = "📩 Spam"
|
| 23 |
+
else:
|
| 24 |
+
verdict = "✅ Safe"
|
| 25 |
+
|
| 26 |
+
# --- Attack Type (basic heuristic) ---
|
| 27 |
+
if "invoice" in body.lower() or "payment" in body.lower():
|
| 28 |
+
attack_type = "Invoice/Payment Fraud"
|
| 29 |
+
elif "verify" in body.lower() or "password" in body.lower():
|
| 30 |
+
attack_type = "Credential Harvesting"
|
| 31 |
+
elif verdict == "📩 Spam":
|
| 32 |
+
attack_type = "Spam / Marketing"
|
| 33 |
+
else:
|
| 34 |
+
attack_type = "General Phishing"
|
| 35 |
+
|
| 36 |
+
# --- Collect tags ---
|
| 37 |
+
tags = []
|
| 38 |
+
for finding in header_findings + body_findings + url_findings:
|
| 39 |
+
if "domain" in finding.lower():
|
| 40 |
+
tags.append("Suspicious Sender Domain")
|
| 41 |
+
if "phishing" in finding.lower():
|
| 42 |
+
tags.append("Phishing URL")
|
| 43 |
+
if "urgent" in finding.lower() or "suspicious phrase" in finding.lower():
|
| 44 |
+
tags.append("Urgent Language")
|
| 45 |
+
if "spam" in finding.lower():
|
| 46 |
+
tags.append("Spam Tone")
|
| 47 |
+
|
| 48 |
+
# --- Build report ---
|
| 49 |
+
report = [
|
| 50 |
+
f"Attack Score: {total_score}",
|
| 51 |
+
f"Attack Type: {attack_type}",
|
| 52 |
+
f"Final Verdict: {verdict}",
|
| 53 |
+
"---- Attack Analysis Tags ----",
|
| 54 |
+
", ".join(set(tags)) if tags else "No special tags",
|
| 55 |
+
"---- Detailed Findings ----",
|
| 56 |
+
]
|
| 57 |
+
|
| 58 |
+
report.extend(header_findings + body_findings + url_findings)
|
| 59 |
+
|
| 60 |
+
return report
|
| 61 |
|
| 62 |
if __name__ == "__main__":
|
| 63 |
+
file_path = "sample.eml"
|
| 64 |
+
findings = analyze(file_path)
|
| 65 |
for f in findings:
|
| 66 |
print(f)
|