def __create_cybox_headers(self, msg): """ Returns a CybOX EmailHeaderType object """ if self.__verbose_output: sys.stderr.write("** parsing headers\n") headers = EmailHeader() if 'received' in self.headers: headers.received_lines = self._parse_received_headers(msg) if 'to' in self.headers: headers.to = _get_email_recipients(msg['to']) if msg['delivered-to'] and not headers.to: headers.to = _get_email_recipients(msg['delivered-to']) if 'cc' in self.headers: headers.cc = _get_email_recipients(msg['cc']) if 'bcc' in self.headers: headers.bcc = _get_email_recipients(msg['bcc']) if 'from' in self.headers: headers.from_ = _get_single_email_address(msg['from']) if 'sender' in self.headers: headers.sender = _get_single_email_address(msg['sender']) if 'reply-to' in self.headers: headers.reply_to = _get_single_email_address(msg['reply-to']) if 'subject' in self.headers: headers.subject = String(msg['subject']) if 'in-reply-to' in self.headers: headers.in_reply_to = String(msg['in-reply-to']) if 'errors-to' in self.headers: headers.errors_to = String(msg['errors-to']) if 'date' in self.headers: headers.date = DateTime(msg['date']) if 'message-id' in self.headers: headers.message_id = String(msg['message-id']) if 'boundary' in self.headers: headers.boundary = String(msg['boundary']) if 'content-type' in self.headers: headers.content_type = String(msg['content-type']) if 'mime-version' in self.headers: headers.mime_version = String(msg['mime-version']) if 'precedence' in self.headers: headers.precedence = String(msg['precedence']) if 'user-agent' in self.headers: headers.user_agent = String(msg['user-agent']) if 'x-mailer' in self.headers: headers.x_mailer = String(msg['x-mailer']) if 'x-originating-ip' in self.headers: headers.x_originating_ip = Address(msg['x-originating-ip'], Address.CAT_IPV4) if 'x-priority' in self.headers and 'x-priority' in msg: #Must be a digit - pull one out of anything that could be a string such as 3 (Normal) import re priority = '' for p in re.findall(r'\d+',msg['x-priority']): if p.isdigit(): priority = p if priority: headers.x_priority = String(priority) return headers
def __create_cybox_headers(self, msg): """ Returns a CybOX EmailHeaderType object """ if self.__verbose_output: sys.stderr.write("** parsing headers\n") headers = EmailHeader() if 'received' in self.headers: headers.received_lines = self._parse_received_headers(msg) if 'to' in self.headers: headers.to = _get_email_recipients(msg['to']) if 'cc' in self.headers: headers.cc = _get_email_recipients(msg['cc']) if 'bcc' in self.headers: headers.bcc = _get_email_recipients(msg['bcc']) if 'from' in self.headers: headers.from_ = _get_single_email_address(msg['from']) if 'sender' in self.headers: headers.sender = _get_single_email_address(msg['sender']) if 'reply-to' in self.headers: headers.reply_to = _get_single_email_address(msg['reply-to']) if 'subject' in self.headers: headers.subject = String(msg['subject']) if 'in-reply-to' in self.headers: headers.in_reply_to = String(msg['in-reply-to']) if 'errors-to' in self.headers: headers.errors_to = String(msg['errors-to']) if 'date' in self.headers: headers.date = DateTime(msg['date']) if 'message-id' in self.headers: headers.message_id = String(msg['message-id']) if 'boundary' in self.headers: headers.boundary = String(msg['boundary']) if 'content-type' in self.headers: headers.content_type = String(msg['content-type']) if 'mime-version' in self.headers: headers.mime_version = String(msg['mime-version']) if 'precedence' in self.headers: headers.precedence = String(msg['precedence']) if 'user-agent' in self.headers: headers.user_agent = String(msg['user-agent']) if 'x-mailer' in self.headers: headers.x_mailer = String(msg['x-mailer']) if 'x-originating-ip' in self.headers: headers.x_originating_ip = Address(msg['x-originating-ip'], Address.CAT_IPV4) if 'x-priority' in self.headers: headers.x_priority = String(msg['x-priority']) return headers
def __create_cybox_headers(self, msg): """ Returns a CybOX EmailHeaderType object """ if self.__verbose_output: sys.stderr.write("** parsing headers\n") headers = EmailHeader() if 'received' in self.headers: lines = self._parse_received_headers(msg) if lines: headers.received_lines = lines if 'to' in self.headers: headers.to = _get_email_recipients(msg['to']) if msg['delivered-to'] and not headers.to: headers.to = _get_email_recipients(msg['delivered-to']) if 'cc' in self.headers: headers.cc = _get_email_recipients(msg['cc']) if 'bcc' in self.headers: headers.bcc = _get_email_recipients(msg['bcc']) if 'from' in self.headers: headers.from_ = _get_single_email_address(msg['from']) if 'sender' in self.headers: headers.sender = _get_single_email_address(msg['sender']) if 'reply-to' in self.headers: headers.reply_to = _get_single_email_address(msg['reply-to']) if 'subject' in self.headers and 'subject' in msg: headers.subject = String(msg['subject']) if 'in-reply-to' in self.headers and 'in-reply-to' in msg: headers.in_reply_to = String(msg['in-reply-to']) if 'errors-to' in self.headers and 'errors-to' in msg: headers.errors_to = String(msg['errors-to']) if 'date' in self.headers and 'date' in msg: headers.date = DateTime(msg['date']) if 'message-id' in self.headers and 'message-id' in msg: headers.message_id = String(msg['message-id']) if 'boundary' in self.headers and 'boundary' in msg: headers.boundary = String(msg['boundary']) if 'content-type' in self.headers and 'content-type' in msg: headers.content_type = String(msg['content-type']) if 'mime-version' in self.headers and 'mime-version' in msg: headers.mime_version = String(msg['mime-version']) if 'precedence' in self.headers and 'precedence' in msg: headers.precedence = String(msg['precedence']) if 'user-agent' in self.headers and 'user-agent' in msg: headers.user_agent = String(msg['user-agent']) if 'x-mailer' in self.headers and 'x-mailer' in msg: headers.x_mailer = String(msg['x-mailer']) if 'x-originating-ip' in self.headers and msg['x-originating-ip']: headers.x_originating_ip = Address(msg['x-originating-ip'], Address.CAT_IPV4) if 'x-priority' in self.headers and 'x-priority' in msg: #Must be a digit - pull one out of anything that could be a string such as 3 (Normal) import re priority = '' for p in re.findall(r'\d+',msg['x-priority']): if p.isdigit(): priority = p if priority: headers.x_priority = String(priority) return headers
def cybox_object_email(obj): e = EmailMessage() e.raw_body = obj.raw_body e.raw_header = obj.raw_header # Links e.links = Links() for link in obj.links.all(): pass # Attachments e.attachments = Attachments() attachment_objects = [] for att in obj.attachments.all(): for meta in att.file_meta.all(): fobj = cybox_object_file(att, meta) e.attachments.append(fobj.parent.id_) fobj.add_related(e, "Contained_Within", inline=False) attachment_objects.append(fobj) # construct header information h = EmailHeader() h.subject = obj.subject h.date = obj.email_date h.message_id = obj.message_id h.content_type = obj.content_type h.mime_version = obj.mime_version h.user_agent = obj.user_agent h.x_mailer = obj.x_mailer # From for from_ in obj.from_string.all(): from_address = EmailAddress(from_.sender) from_address.is_spoofed = from_.is_spoofed from_address.condition = from_.condition h.from_ = from_address # Sender for sender in obj.sender.all(): sender_address = EmailAddress(sender.sender) sender_address.is_spoofed = sender.is_spoofed sender_address.condition = sender.condition h.sender.add(sender_address) # To recipients = EmailRecipients() for recipient in obj.recipients.all(): rec_address = EmailAddress(recipient.recipient) rec_address.is_spoofed = recipient.is_spoofed rec_address.condition = recipient.condition recipients.append(rec_address) h.to = recipients # CC recipients = EmailRecipients() for recipient in obj.recipients_cc.all(): rec_address = EmailAddress(recipient.recipient) rec_address.is_spoofed = recipient.is_spoofed rec_address.condition = recipient.condition recipients.append(rec_address) h.cc = recipients # BCC recipients = EmailRecipients() for recipient in obj.recipients_bcc.all(): rec_address = EmailAddress(recipient.recipient) rec_address.is_spoofed = recipient.is_spoofed rec_address.condition = recipient.condition recipients.append(rec_address) h.bcc = recipients e.header = h return e, attachment_objects
def cybox_object_email(obj): e = EmailMessage() e.raw_body = obj.raw_body e.raw_header = obj.raw_header # Links e.links = Links() for link in obj.links.all(): pass # Attachments e.attachments = Attachments() attachment_objects = [] for att in obj.attachments.all(): for meta in att.file_meta.all(): fobj = cybox_object_file(att, meta) e.attachments.append(fobj.parent.id_) fobj.add_related(e, "Contained_Within", inline=False) attachment_objects.append(fobj) # construct header information h = EmailHeader() h.subject = obj.subject h.date = obj.email_date h.message_id = obj.message_id h.content_type = obj.content_type h.mime_version = obj.mime_version h.user_agent = obj.user_agent h.x_mailer = obj.x_mailer # From for from_ in obj.from_string.all(): from_address = EmailAddress(from_.sender) from_address.is_spoofed = from_.is_spoofed from_address.condition = from_.condition h.from_ = from_address # Sender for sender in obj.sender.all(): sender_address = EmailAddress(sender.sender) sender_address.is_spoofed = sender.is_spoofed sender_address.condition = sender.condition h.sender.add(sender_address) # To recipients = EmailRecipients() for recipient in obj.recipients.all(): rec_address = EmailAddress(recipient.recipient) rec_address.is_spoofed = recipient.is_spoofed rec_address.condition = recipient.condition recipients.append(rec_address) h.to = recipients # CC recipients = EmailRecipients() for recipient in obj.recipients_cc.all(): rec_address = EmailAddress(recipient.recipient) rec_address.is_spoofed = recipient.is_spoofed rec_address.condition = recipient.condition recipients.append(rec_address) h.cc = recipients # BCC recipients = EmailRecipients() for recipient in obj.recipients_bcc.all(): rec_address = EmailAddress(recipient.recipient) rec_address.is_spoofed = recipient.is_spoofed rec_address.condition = recipient.condition recipients.append(rec_address) h.bcc = recipients e.header = h return e, attachment_objects