analyze_email_main.py

from parse_email import parse_email
from header_analyzer import analyze_headers
from body_analyzer import analyze_body
from url_analyzer import analyze_urls

def analyze(file_path):
    headers, body, urls = parse_email(file_path)

    # Run individual analyzers (each returns findings + score)
    header_findings, header_score = analyze_headers(headers)
    body_findings, body_score = analyze_body(body)
    url_findings, url_score = analyze_urls(urls)

    total_score = header_score + body_score + url_score

    # --- Determine verdict ---
    if total_score >= 70:
        verdict = "🚨 Malicious"
    elif 50 <= total_score < 70:
        verdict = "⚠️ Suspicious"
    elif 30 <= total_score < 50:
        verdict = "📩 Spam"
    else:
        verdict = "✅ Safe"

    # --- Attack Type (basic heuristic) ---
    if "invoice" in body.lower() or "payment" in body.lower():
        attack_type = "Invoice/Payment Fraud"
    elif "verify" in body.lower() or "password" in body.lower():
        attack_type = "Credential Harvesting"
    elif verdict == "📩 Spam":
        attack_type = "Spam / Marketing"
    else:
        attack_type = "General Phishing"

    # --- Collect tags ---
    tags = []
    for finding in header_findings + body_findings + url_findings:
        if "domain" in finding.lower():
            tags.append("Suspicious Sender Domain")
        if "phishing" in finding.lower():
            tags.append("Phishing URL")
        if "urgent" in finding.lower() or "suspicious phrase" in finding.lower():
            tags.append("Urgent Language")
        if "spam" in finding.lower():
            tags.append("Spam Tone")

    # --- Build report ---
    report = [
        f"Attack Score: {total_score}",
        f"Attack Type: {attack_type}",
        f"Final Verdict: {verdict}",
        "---- Attack Analysis Tags ----",
        ", ".join(set(tags)) if tags else "No special tags",
        "---- Detailed Findings ----",
    ]

    report.extend(header_findings + body_findings + url_findings)

    return report

if __name__ == "__main__":
    file_path = "sample.eml"
    findings = analyze(file_path)
    for f in findings:
        print(f)