Spaces:
Sleeping
Sleeping
| from parse_email import parse_email | |
| from header_analyzer import analyze_headers | |
| from body_analyzer import analyze_body | |
| from url_analyzer import analyze_urls | |
| def analyze(file_path): | |
| headers, body, urls = parse_email(file_path) | |
| # Run individual analyzers (each returns findings + score) | |
| header_findings, header_score = analyze_headers(headers) | |
| body_findings, body_score = analyze_body(body) | |
| url_findings, url_score = analyze_urls(urls) | |
| total_score = header_score + body_score + url_score | |
| # --- Determine verdict --- | |
| if total_score >= 70: | |
| verdict = "π¨ Malicious" | |
| elif 50 <= total_score < 70: | |
| verdict = "β οΈ Suspicious" | |
| elif 30 <= total_score < 50: | |
| verdict = "π© Spam" | |
| else: | |
| verdict = "β Safe" | |
| # --- Attack Type (basic heuristic) --- | |
| if "invoice" in body.lower() or "payment" in body.lower(): | |
| attack_type = "Invoice/Payment Fraud" | |
| elif "verify" in body.lower() or "password" in body.lower(): | |
| attack_type = "Credential Harvesting" | |
| elif verdict == "π© Spam": | |
| attack_type = "Spam / Marketing" | |
| else: | |
| attack_type = "General Phishing" | |
| # --- Collect tags --- | |
| tags = [] | |
| for finding in header_findings + body_findings + url_findings: | |
| if "domain" in finding.lower(): | |
| tags.append("Suspicious Sender Domain") | |
| if "phishing" in finding.lower(): | |
| tags.append("Phishing URL") | |
| if "urgent" in finding.lower() or "suspicious phrase" in finding.lower(): | |
| tags.append("Urgent Language") | |
| if "spam" in finding.lower(): | |
| tags.append("Spam Tone") | |
| # --- Build report --- | |
| report = [ | |
| f"Attack Score: {total_score}", | |
| f"Attack Type: {attack_type}", | |
| f"Final Verdict: {verdict}", | |
| "---- Attack Analysis Tags ----", | |
| ", ".join(set(tags)) if tags else "No special tags", | |
| "---- Detailed Findings ----", | |
| ] | |
| report.extend(header_findings + body_findings + url_findings) | |
| return report | |
| if __name__ == "__main__": | |
| file_path = "sample.eml" | |
| findings = analyze(file_path) | |
| for f in findings: | |
| print(f) | |