A script to submit urls seen in the message body of UCE to whiteface
- To demonstrate how to interact with Whiteface using the Whiteface SDK
- A Whiteface account
- A Whiteface account token; within Whiteface:
- Select your username
- Select "tokens"
- Select "Generate Token
- A Whiteface feed; within Whiteface
- Select (the plus sign)
- Select Feed
- Choose a feed name (e.g. port scanners)
- Choose a feed description (hosts blocked in firewall logs)
- A Linux mail server with procmail installed
- procmail is only one way this script could be used
- Create a virtual environment for this project.
- Install py-cgmail and py-whitefacesdk within the virtual environment.
- Download the wf-email-urls.py script
$ wget https://raw.githubusercontent.com/giovino/wf-email-urls/master/wf-email-urls.py- Edit wf-email-urls.py to fill in (WHITEFACE_USER, WHITEFACE_FEED, WHITEFACE_TOKEN)
- Leverage procmail to feed spam email through standard in. This is just an example, you will want to customize it appropriately.
# Process spam emails to have the urls in the message body submitted
# to whiteface
:0 c
* ^X-Spam-Level: \*\*\*\*\*
| /path/to/venv/bin/python2.7 /path/to/whiteface-submit.py