diff --git a/.gitignore b/.gitignore index 86e22b9..f0f0cee 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .**.swp __pycache__/** +config diff --git a/config b/config deleted file mode 100644 index 848508c..0000000 --- a/config +++ /dev/null @@ -1,2 +0,0 @@ -api_key_vt: f4c451920a7e41ec344e16e6d36a1b7951bf23a8d224b796cb08301e65bf3114 -api_key_emailrep: foo diff --git a/emailchecker.py b/emailchecker.py index b420616..6d7a961 100644 --- a/emailchecker.py +++ b/emailchecker.py @@ -1,7 +1,36 @@ #!/usr/bin/env python3 +from requests import get + + class EmailChecker: - def __init__(self, key): - self.headers = { + def __init__(self, key, email): + self._url = "https://emailrep.io" + self._headers = { 'Key': key, + 'accept': 'application/json', } + self._email = email + + def reportEmailRep(self): + """ + This function get the report of the email + """ + report = dict() + + res = get( + f"{self._url}/{self._email}", + headers=self._headers + ) + js = res.json() + if res.status_code == 401: + report['error'] = js['reason'] + return report + if res.status_code != 200: + report['error'] = 'Failed to get the report of the email' + return report + + report['reputation'] = js['reputation'] + report['suspicious'] = js['suspicious'] + + return report diff --git a/main.py b/main.py index 7e9e699..842476d 100644 --- a/main.py +++ b/main.py @@ -5,10 +5,12 @@ from argparse import ArgumentParser from config import VT_ATTRIBUTES_MAPPING, PROJECT_NAME from vt import VT from dnschecker import DNSChecker as DNS +from emailchecker import EmailChecker import ipaddress from datetime import datetime from hashing import Hash from os.path import exists +from re import search def checkArguments(): @@ -28,6 +30,10 @@ def checkArguments(): parser.add_argument('--sha384', help='Hash file') parser.add_argument('--sha512', help='Hash file') parser.add_argument('--hash', help='Get information about the hash') + # For email command + parser.add_argument('--email', help='Get email reputation', action='store_true') + parser.add_argument('--emailrep', help='Get email reputation') + return parser.parse_args() @@ -39,7 +45,7 @@ def usage(): print("Usage: main.py [COMMAND]") print("-c PATH, --config PATH\t\tConfig file - mandatory") print("--hashfile\t\t\tHash the file and check in VirusTotal") - print("--hash HASH\t\tAnalyse the hash from VirusTotal") + print("--hash HASH\t\t\tAnalyse the hash from VirusTotal") print("--dns \t\t\t\tGet information regarding the domain with whois and VirusTotal") print("--email\t\t\t\tGet informations about an email and check if has been compromised") @@ -55,6 +61,9 @@ def usage(): print("\t --sha384 FILE\t\tGet the SHA384 of the file") print("\t --sha512 FILE\t\tGet the SHA512 of the file") + print("\n--email command") + print("\t --emailrep\t\tGet the email reputation report") + def mainMenu(): print(f"\n {PROJECT_NAME} ") print(" What would you like to do? ") @@ -150,6 +159,34 @@ def main(): if args.hash: _parsingHash(config, args.hash, report) + # Analyse the email + if args.email: + if args.emailrep: + _parsingEmail(config, args.emailrep) + +def _parsingEmail(config, email): + # Check if the email specified is correct + regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,7}\b' + if not search(regex, email): + print("Please, specify a valid email address") + return + + report = dict() + emailChecker = EmailChecker(config['api_key_emailrep'], email) + report['emailrep'] = emailChecker.reportEmailRep() + + print("----------------------------") + print("| Email reputation |") + print("----------------------------") + + if 'error' in report['emailrep']: + print(f"Error: {report['emailrep']['error']}") + return + + emailrep = report['emailrep'] + print(f"Reputation: {emailrep['reputation']}") + print(f"Suspicious: {emailrep['suspicious']}") + def _parsingHash(config, h, report): report = dict() vt = VT(config['api_key_vt'])