Add emailchecker

.gitignore

@@ -1,2 +1,3 @@
 .**.swp
 __pycache__/**
+config

config

@@ -1,2 +0,0 @@
-api_key_vt: f4c451920a7e41ec344e16e6d36a1b7951bf23a8d224b796cb08301e65bf3114
-api_key_emailrep: foo

emailchecker.py

@@ -1,7 +1,36 @@
 #!/usr/bin/env python3
 
+from requests import get
+
+
 class EmailChecker:
-    def __init__(self, key):
+    def __init__(self, key, email):
-        self.headers = {
+        self._url = "https://emailrep.io"
+        self._headers = {
             'Key': key,
+            'accept': 'application/json',
         }
+        self._email = email
+
+    def reportEmailRep(self):
+        """
+        This function get the report of the email
+        """
+        report = dict()
+
+        res = get(
+            f"{self._url}/{self._email}",
+            headers=self._headers
+        )
+        js = res.json()
+        if res.status_code == 401:
+            report['error'] = js['reason']
+            return report
+        if res.status_code != 200:
+            report['error'] = 'Failed to get the report of the email'
+            return report
+        
+        report['reputation'] = js['reputation']
+        report['suspicious'] = js['suspicious']
+
+        return report

main.py

@@ -5,10 +5,12 @@ from argparse import ArgumentParser
 from config import VT_ATTRIBUTES_MAPPING, PROJECT_NAME
 from vt import VT
 from dnschecker import DNSChecker as DNS
+from emailchecker import EmailChecker
 import ipaddress
 from datetime import datetime
 from hashing import Hash
 from os.path import exists
+from re import search
 
 
 def checkArguments():
@@ -28,6 +30,10 @@ def checkArguments():
     parser.add_argument('--sha384', help='Hash file')
     parser.add_argument('--sha512', help='Hash file')
     parser.add_argument('--hash', help='Get information about the hash')
+    # For email command
+    parser.add_argument('--email', help='Get email reputation', action='store_true')
+    parser.add_argument('--emailrep', help='Get email reputation')
+
 
     return parser.parse_args()
 
@@ -39,7 +45,7 @@ def usage():
     print("Usage: main.py [COMMAND]")
     print("-c PATH, --config PATH\t\tConfig file - mandatory")
     print("--hashfile\t\t\tHash the file and check in VirusTotal")
-    print("--hash HASH\t\tAnalyse the hash from VirusTotal")
+    print("--hash HASH\t\t\tAnalyse the hash from VirusTotal")
     print("--dns \t\t\t\tGet information regarding the domain with whois and VirusTotal")
     print("--email\t\t\t\tGet informations about an email and check if has been compromised")
 
@@ -55,6 +61,9 @@ def usage():
     print("\t --sha384 FILE\t\tGet the SHA384 of the file")
     print("\t --sha512 FILE\t\tGet the SHA512 of the file")
 
+    print("\n--email command")
+    print("\t --emailrep\t\tGet the email reputation report")
+
 def mainMenu():
     print(f"\n           {PROJECT_NAME}           ")
     print(" What would you like to do? ")
@@ -150,6 +159,34 @@ def main():
     if args.hash:
         _parsingHash(config, args.hash, report)
 
+    # Analyse the email
+    if args.email:
+        if args.emailrep:
+            _parsingEmail(config, args.emailrep)
+
+def _parsingEmail(config, email):
+    # Check if the email specified is correct
+    regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,7}\b'
+    if not search(regex, email):
+        print("Please, specify a valid email address")
+        return
+
+    report = dict()
+    emailChecker = EmailChecker(config['api_key_emailrep'], email)
+    report['emailrep'] = emailChecker.reportEmailRep()
+
+    print("----------------------------")
+    print("|     Email reputation     |")
+    print("----------------------------")
+
+    if 'error' in report['emailrep']:
+        print(f"Error: {report['emailrep']['error']}")
+        return
+
+    emailrep = report['emailrep']
+    print(f"Reputation: {emailrep['reputation']}")
+    print(f"Suspicious: {emailrep['suspicious']}")
+
 def _parsingHash(config, h, report):
     report = dict() 
     vt = VT(config['api_key_vt'])