Spaces:
Sleeping
Sleeping
Update analyze_email_main.py
Browse files- analyze_email_main.py +17 -9
analyze_email_main.py
CHANGED
|
@@ -6,14 +6,15 @@ from url_analyzer import analyze_urls
|
|
| 6 |
def analyze(file_path):
|
| 7 |
headers, body, urls = parse_email(file_path)
|
| 8 |
|
| 9 |
-
# Run individual analyzers (each returns findings + score)
|
| 10 |
header_findings, header_score = analyze_headers(headers)
|
| 11 |
-
body_findings, body_score = analyze_body(body)
|
| 12 |
url_findings, url_score = analyze_urls(urls)
|
| 13 |
|
| 14 |
total_score = header_score + body_score + url_score
|
|
|
|
|
|
|
| 15 |
|
| 16 |
-
# ---
|
| 17 |
if total_score >= 70:
|
| 18 |
verdict = "π¨ Malicious"
|
| 19 |
elif 50 <= total_score < 70:
|
|
@@ -23,13 +24,18 @@ def analyze(file_path):
|
|
| 23 |
else:
|
| 24 |
verdict = "β
Safe"
|
| 25 |
|
| 26 |
-
# --- Attack Type
|
| 27 |
-
|
| 28 |
-
|
| 29 |
-
|
| 30 |
-
|
| 31 |
-
|
|
|
|
|
|
|
|
|
|
| 32 |
attack_type = "Spam / Marketing"
|
|
|
|
|
|
|
| 33 |
else:
|
| 34 |
attack_type = "General Phishing"
|
| 35 |
|
|
@@ -56,6 +62,8 @@ def analyze(file_path):
|
|
| 56 |
]
|
| 57 |
|
| 58 |
report.extend(header_findings + body_findings + url_findings)
|
|
|
|
|
|
|
| 59 |
|
| 60 |
return report
|
| 61 |
|
|
|
|
| 6 |
def analyze(file_path):
|
| 7 |
headers, body, urls = parse_email(file_path)
|
| 8 |
|
|
|
|
| 9 |
header_findings, header_score = analyze_headers(headers)
|
| 10 |
+
body_findings, body_score, highlighted_body = analyze_body(body)
|
| 11 |
url_findings, url_score = analyze_urls(urls)
|
| 12 |
|
| 13 |
total_score = header_score + body_score + url_score
|
| 14 |
+
if total_score > 100:
|
| 15 |
+
total_score = 100
|
| 16 |
|
| 17 |
+
# --- Final verdict ---
|
| 18 |
if total_score >= 70:
|
| 19 |
verdict = "π¨ Malicious"
|
| 20 |
elif 50 <= total_score < 70:
|
|
|
|
| 24 |
else:
|
| 25 |
verdict = "β
Safe"
|
| 26 |
|
| 27 |
+
# --- Attack Type ---
|
| 28 |
+
body_lower = body.lower()
|
| 29 |
+
if any(word in body_lower for word in ["invoice", "payment", "wire transfer", "bank details"]):
|
| 30 |
+
attack_type = "Invoice/Payment Fraud (BEC)"
|
| 31 |
+
elif any(word in body_lower for word in ["password", "verify", "account", "login", "credentials"]):
|
| 32 |
+
attack_type = "Credential Harvesting (Phishing)"
|
| 33 |
+
elif any("reply-to mismatch" in f.lower() for f in header_findings):
|
| 34 |
+
attack_type = "Business Email Compromise (BEC)"
|
| 35 |
+
elif any("spam" in f.lower() for f in body_findings):
|
| 36 |
attack_type = "Spam / Marketing"
|
| 37 |
+
elif verdict == "β
Safe":
|
| 38 |
+
attack_type = "Benign / Normal Email"
|
| 39 |
else:
|
| 40 |
attack_type = "General Phishing"
|
| 41 |
|
|
|
|
| 62 |
]
|
| 63 |
|
| 64 |
report.extend(header_findings + body_findings + url_findings)
|
| 65 |
+
report.append("---- Highlighted Body ----")
|
| 66 |
+
report.append(highlighted_body)
|
| 67 |
|
| 68 |
return report
|
| 69 |
|