def main():
p = ArgumentParser(description=textwrap.dedent('''\
csirtg-mail is a CLI tool for debugging, it allows you to easily input a email message and print out the
py-cgmail data structure.
example usage:
$ cat test.eml | csirtg-mail
$ csirtg-mail --file test.eml
'''),
formatter_class=RawDescriptionHelpFormatter,
prog='csirtg-mail')
p.add_argument("-f", "--file", dest="file", help="specify email file")
p.add_argument("-d",
"--debug",
help="enable debugging",
action="store_true")
p.add_argument("--urls", help="print URLS to stdout", action="store_true")
args = p.parse_args()
loglevel = logging.INFO
if args.debug:
loglevel = logging.DEBUG
console = logging.StreamHandler()
logging.getLogger('').setLevel(loglevel)
console.setFormatter(logging.Formatter(LOG_FORMAT))
logging.getLogger('').addHandler(console)
options = vars(args)
# get email from file or stdin
if options.get("file"):
with open(options["file"]) as f:
email = f.read()
else:
email = sys.stdin.read()
# parse email message
results = parse_email_from_string(email)
if args.urls:
for e in results:
for u in e['urls']:
print(u)
raise SystemExit
if args.debug:
results = json.dumps(results, indent=4)
else:
results = json.dumps(results)
print(results)
def process(self, data=None):
defaults = self._defaults()
for d in self.fetcher.process(split=False):
body = parse_email_from_string(d)
i = {}
for k, v in defaults.items():
i[k] = v
if self.headers:
for h in self.headers:
if body[0]['headers'].get(h):
i[self.headers[h]] = body[0]['headers'][h][0]
i['message'] = d
yield i
import csirtg_mail
TEST_FILE = 'samples/email/single_html_03.eml'
with open(TEST_FILE) as f:
email = f.read()
results = csirtg_mail.parse_email_from_string(email)
def test_message_headers():
assert results[0]['headers']['return-path'][
0] == '<*****@*****.**>'
def test_body_email_addresses():
assert "*****@*****.**" in results[0]['body_email_addresses']
import csirtg_mail
TEST_FILE = 'samples/email/single_html_02.eml'
with open(TEST_FILE, encoding='utf8') as f:
email = f.read()
results = csirtg_mail.parse_email_from_string(email, sanitize_urls=True)
def test_message_headers():
assert results[0]['headers']['return-path'][0] == '*****@*****.**'
def test_message_parts():
assert results[0]['mail_parts'][0]['decoded_body'].startswith(
'<HTML>\n<div id=":219" class="zz J-J5-Ji">')
def test_extract_urls():
assert "http://www.homerunsports.com/sites/all/themes/zen/zen-internals/css/direct/index.php" in results[0]['urls']
import csirtg_mail
TEST_FILE = 'samples/email/single_plain_05.eml'
with open(TEST_FILE, encoding='utf8') as f:
email = f.read()
results = csirtg_mail.parse_email_from_string(email, defanged_urls=True)
def test_message_headers():
assert results[0]['headers']['return-path'][
0] == '<*****@*****.**>'
def test_extract_urls():
print(results[0]['urls'])
assert "hxxp://www.blah.blah.com.badness.com/wp=stuff/uno/dos/tres/" in results[
0]['urls']
assert "hxxp[:]//blah[.]com/Login.php" in results[0]['urls']
assert "hxxps://www.blah.blah.com.badness.com/badness.php" in results[0][
'urls']
