Spaces:
Running
Running
File size: 2,817 Bytes
75f5bd8 0e4c3b7 abe135d 75f5bd8 abe135d 882ef51 abe135d 882ef51 abe135d 0e4c3b7 abe135d e41451e 0e4c3b7 e41451e 0e4c3b7 abe135d 0e4c3b7 abe135d 0e4c3b7 abe135d 67a74ee abe135d 0e4c3b7 abe135d 0e4c3b7 abe135d 0e4c3b7 8a8ba08 abe135d 8a8ba08 0e4c3b7 8a8ba08 abe135d 8a8ba08 75f5bd8 8a8ba08 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
from parse_email import parse_email
from header_analyzer import analyze_headers
from body_analyzer import analyze_body
from url_analyzer import analyze_urls
def analyze(file_path):
# Parse
headers, body, urls = parse_email(file_path or "")
# Analyze
header_findings, header_score = analyze_headers(headers or {})
body_findings, body_score, highlighted_body, body_verdict = analyze_body(body or "")
url_findings, url_score = analyze_urls(urls or [])
# Score
total_score = (header_score or 0) + (body_score or 0) + (url_score or 0) * 1.5
try:
total_score = float(total_score)
except Exception:
total_score = 0.0
total_score = max(0.0, min(total_score, 100.0))
total_score_rounded = round(total_score)
# Verdict
if total_score >= 70:
verdict = "π¨ Malicious"
elif 50 <= total_score < 70:
verdict = "β οΈ Suspicious"
elif 30 <= total_score < 50:
verdict = "π© Spam"
else:
verdict = "β
Safe"
# Attack type
body_lower = (body or "").lower()
attack_type = "General Phishing"
if any(word in body_lower for word in ["invoice", "payment", "wire transfer", "bank details"]):
attack_type = "Invoice/Payment Fraud (BEC)"
elif any(word in body_lower for word in ["password", "verify", "account", "login", "credentials"]):
attack_type = "Credential Harvesting (Phishing)"
elif any("reply-to mismatch" in f.lower() for f in header_findings):
attack_type = "Business Email Compromise (BEC)"
elif any("spam" in f.lower() for f in body_findings):
attack_type = "Spam / Marketing"
elif verdict == "β
Safe":
attack_type = "Benign / Normal Email"
# Tags
tags = []
for finding in (header_findings + body_findings + url_findings):
fl = finding.lower()
if "domain" in fl:
tags.append("Suspicious Sender Domain")
if "phishing" in fl or "malicious url" in fl or "urlhaus" in fl:
tags.append("Phishing / Malicious URL")
if "urgent" in fl or "suspicious phrase" in fl:
tags.append("Urgent Language")
if "spam" in fl or "marketing" in fl:
tags.append("Spam Tone")
if "spf" in fl or "dkim" in fl or "dmarc" in fl:
tags.append("Auth Failures (SPF/DKIM/DMARC)")
summary = {
"Final Verdict": verdict,
"Attack Type": attack_type,
"Attack Score": total_score_rounded,
"Main Tags": ", ".join(sorted(set(tags))) if tags else "No special tags",
}
details = {
"Header Findings": header_findings or [],
"Body Findings": body_findings or [],
"URL Findings": url_findings or [],
"Highlighted Body": highlighted_body or "",
}
return summary, details
|