Spaces:
Sleeping
Sleeping
Create header_analyzer.py
Browse files- header_analyzer.py +19 -0
header_analyzer.py
ADDED
|
@@ -0,0 +1,19 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
def analyze_headers(headers):
|
| 2 |
+
findings = []
|
| 3 |
+
|
| 4 |
+
# Check if SPF/DKIM/DMARC are missing
|
| 5 |
+
auth_results = headers.get("Authentication-Results", "").lower()
|
| 6 |
+
if "spf=fail" in auth_results:
|
| 7 |
+
findings.append("Header: SPF check failed")
|
| 8 |
+
if "dkim=fail" in auth_results:
|
| 9 |
+
findings.append("Header: DKIM check failed")
|
| 10 |
+
if "dmarc=fail" in auth_results:
|
| 11 |
+
findings.append("Header: DMARC check failed")
|
| 12 |
+
|
| 13 |
+
# Check suspicious "From" vs "Reply-To"
|
| 14 |
+
from_addr = headers.get("From", "")
|
| 15 |
+
reply_to = headers.get("Reply-To", "")
|
| 16 |
+
if reply_to and reply_to not in from_addr:
|
| 17 |
+
findings.append(f"Header: Mismatch between From and Reply-To ({reply_to})")
|
| 18 |
+
|
| 19 |
+
return findings
|