from parse_email import parse_email from header_analyzer import analyze_headers from body_analyzer import analyze_body from url_analyzer import analyze_urls def analyze(file_path): headers, body, urls = parse_email(file_path) # Run individual analyzers (each returns findings + score) header_findings, header_score = analyze_headers(headers) body_findings, body_score = analyze_body(body) url_findings, url_score = analyze_urls(urls) total_score = header_score + body_score + url_score # --- Determine verdict --- if total_score >= 70: verdict = "🚨 Malicious" elif 50 <= total_score < 70: verdict = "⚠️ Suspicious" elif 30 <= total_score < 50: verdict = "📩 Spam" else: verdict = "✅ Safe" # --- Attack Type (basic heuristic) --- if "invoice" in body.lower() or "payment" in body.lower(): attack_type = "Invoice/Payment Fraud" elif "verify" in body.lower() or "password" in body.lower(): attack_type = "Credential Harvesting" elif verdict == "📩 Spam": attack_type = "Spam / Marketing" else: attack_type = "General Phishing" # --- Collect tags --- tags = [] for finding in header_findings + body_findings + url_findings: if "domain" in finding.lower(): tags.append("Suspicious Sender Domain") if "phishing" in finding.lower(): tags.append("Phishing URL") if "urgent" in finding.lower() or "suspicious phrase" in finding.lower(): tags.append("Urgent Language") if "spam" in finding.lower(): tags.append("Spam Tone") # --- Build report --- report = [ f"Attack Score: {total_score}", f"Attack Type: {attack_type}", f"Final Verdict: {verdict}", "---- Attack Analysis Tags ----", ", ".join(set(tags)) if tags else "No special tags", "---- Detailed Findings ----", ] report.extend(header_findings + body_findings + url_findings) return report if __name__ == "__main__": file_path = "sample.eml" findings = analyze(file_path) for f in findings: print(f)