def main(): p = ArgumentParser(description=textwrap.dedent('''\ csirtg-mail is a CLI tool for debugging, it allows you to easily input a email message and print out the py-cgmail data structure. example usage: $ cat test.eml | csirtg-mail $ csirtg-mail --file test.eml '''), formatter_class=RawDescriptionHelpFormatter, prog='csirtg-mail') p.add_argument("-f", "--file", dest="file", help="specify email file") p.add_argument("-d", "--debug", help="enable debugging", action="store_true") p.add_argument("--urls", help="print URLS to stdout", action="store_true") args = p.parse_args() loglevel = logging.INFO if args.debug: loglevel = logging.DEBUG console = logging.StreamHandler() logging.getLogger('').setLevel(loglevel) console.setFormatter(logging.Formatter(LOG_FORMAT)) logging.getLogger('').addHandler(console) options = vars(args) # get email from file or stdin if options.get("file"): with open(options["file"]) as f: email = f.read() else: email = sys.stdin.read() # parse email message results = parse_email_from_string(email) if args.urls: for e in results: for u in e['urls']: print(u) raise SystemExit if args.debug: results = json.dumps(results, indent=4) else: results = json.dumps(results) print(results)
def process(self, data=None): defaults = self._defaults() for d in self.fetcher.process(split=False): body = parse_email_from_string(d) i = {} for k, v in defaults.items(): i[k] = v if self.headers: for h in self.headers: if body[0]['headers'].get(h): i[self.headers[h]] = body[0]['headers'][h][0] i['message'] = d yield i
import csirtg_mail TEST_FILE = 'samples/email/single_html_03.eml' with open(TEST_FILE) as f: email = f.read() results = csirtg_mail.parse_email_from_string(email) def test_message_headers(): assert results[0]['headers']['return-path'][ 0] == '<*****@*****.**>' def test_body_email_addresses(): assert "*****@*****.**" in results[0]['body_email_addresses']
import csirtg_mail TEST_FILE = 'samples/email/single_html_02.eml' with open(TEST_FILE, encoding='utf8') as f: email = f.read() results = csirtg_mail.parse_email_from_string(email, sanitize_urls=True) def test_message_headers(): assert results[0]['headers']['return-path'][0] == '*****@*****.**' def test_message_parts(): assert results[0]['mail_parts'][0]['decoded_body'].startswith( '<HTML>\n<div id=":219" class="zz J-J5-Ji">') def test_extract_urls(): assert "http://www.homerunsports.com/sites/all/themes/zen/zen-internals/css/direct/index.php" in results[0]['urls']
import csirtg_mail TEST_FILE = 'samples/email/single_plain_05.eml' with open(TEST_FILE, encoding='utf8') as f: email = f.read() results = csirtg_mail.parse_email_from_string(email, defanged_urls=True) def test_message_headers(): assert results[0]['headers']['return-path'][ 0] == '<*****@*****.**>' def test_extract_urls(): print(results[0]['urls']) assert "hxxp://www.blah.blah.com.badness.com/wp=stuff/uno/dos/tres/" in results[ 0]['urls'] assert "hxxp[:]//blah[.]com/Login.php" in results[0]['urls'] assert "hxxps://www.blah.blah.com.badness.com/badness.php" in results[0][ 'urls']