An offline Phishing Email Analyzer.

Related tags

Email NightOwl
Overview
██████   █████  ███           █████       █████          ███████                    ████ 
░░██████ ░░███  ░░░           ░░███       ░░███         ███░░░░░███                 ░░███ 
 ░███░███ ░███  ████   ███████ ░███████   ███████      ███     ░░███ █████ ███ █████ ░███ 
 ░███░░███░███ ░░███  ███░░███ ░███░░███ ░░░███░      ░███      ░███░░███ ░███░░███  ░███ 
 ░███ ░░██████  ░███ ░███ ░███ ░███ ░███   ░███       ░███      ░███ ░███ ░███ ░███  ░███ 
 ░███  ░░█████  ░███ ░███ ░███ ░███ ░███   ░███ ███   ░░███     ███  ░░███████████   ░███ 
 █████  ░░█████ █████░░███████ ████ █████  ░░█████     ░░░███████░    ░░████░████    █████
░░░░░    ░░░░░ ░░░░░  ░░░░░███░░░░ ░░░░░    ░░░░░        ░░░░░░░       ░░░░ ░░░░    ░░░░░ 
                      ███ ░███                                                            
                     ░░██████                                                             
                      ░░░░░░

Python script to butcher Email Headers

Every organization receives SPAM, Phishing and Spear Phishing Emails. Whenever such emails are received the first and the foremost actions required is to get the Email Headers which are then shared either with the MSSP currently looking after your security or with the internal Security Analyst. The reason is to find all the required information i.e. to perform Email Forensics in order to find answers like.

  • Who sent the email?
  • From where it originated?
  • How many people have received the email?
  • Does the email contained a phishing link or it contained only plain text?
  • Does the email contains any attachments?

These are few of the questions which always come to our mind when any such email is received. Keeping these details in mind I have developed Night Owl to automate the manual procedure to find all possible answers to our questions.

Night Owl is a quick and dirty python script to perform analysis on Email Headers. The script renders all the required information for you to take quick actions rather than going through the headers line by line. The script does it for you automatically.

I have developed this script during my day job and I do plan to take it one step further with time. The requirements for the program are as below.

1. Python3
2. Colorama

Usage

   
██████   █████  ███           █████       █████          ███████                    ████ 
░░██████ ░░███  ░░░           ░░███       ░░███         ███░░░░░███                 ░░███ 
 ░███░███ ░███  ████   ███████ ░███████   ███████      ███     ░░███ █████ ███ █████ ░███ 
 ░███░░███░███ ░░███  ███░░███ ░███░░███ ░░░███░      ░███      ░███░░███ ░███░░███  ░███ 
 ░███ ░░██████  ░███ ░███ ░███ ░███ ░███   ░███       ░███      ░███ ░███ ░███ ░███  ░███ 
 ░███  ░░█████  ░███ ░███ ░███ ░███ ░███   ░███ ███   ░░███     ███  ░░███████████   ░███ 
 █████  ░░█████ █████░░███████ ████ █████  ░░█████     ░░░███████░    ░░████░████    █████
░░░░░    ░░░░░ ░░░░░  ░░░░░███░░░░ ░░░░░    ░░░░░        ░░░░░░░       ░░░░ ░░░░    ░░░░░ 
                      ███ ░███                                                            
                     ░░██████                                                             
                      ░░░░░░                                                              


    OFFLINE PHISHING EMAIL BUTCHER
    Coded by Kamran Saifullah - Frog Man
    -----------------------------------------
    Usage: ./NightOwl.py 
   
    
    -----------------------------------------
    LinkedIn: https://www.linkedin.com/in/kamransaifullah/
    GitHub: https://github.com/deFr0ggy
    Twitter: https://twitter.com/deFr0ggy

Installing Dependencies

  • pip install -r requirements.txt
  • python -m pip install -r requirements.txt

Butchering Basic Email Headers

These headers include the following.

  • TO
  • FROM
  • SUBJECT
  • DATE

Hops Count

The script counts for the total number of hops (MTAs/MDAs). Thusm we can calculate the total number of MTAs/MDAs involved since the email generation to its landing in our inbox.

Butchering IP Addresses

The script then looks for all the IP addresses from the Email Headers and lists them down for analysis. These are the IP addresses which are of MTAs/MDAs, Receivers and any other IP addresses embedded within the email or elsewhere. It hunts for all.

Butchering Email Addresses

The script looks for all the available email addresses from within the Email Headers and lists them down. This is to check which mail servers, senders, receivers are involved.

Butchering URLs

The script also looks for all the available URLs from the email headers and provides us with the information to take quick actions i.e. to get these URLs blocked on Email Gateways, Firewalls etc to prevent infections proactively.

Butchering HTML Embedded Contents

The script hunts down all the HTML contents if it is present in the Email Headers. It alerts that there is an HTML content present in the email and asks for the output file where it can write that data to for later analysis.

Listing Down All X-* Headers

These headers provide a wide range of information. Also, these headers gets added to the Email as soon as the email starts to propogate. These can provides us with the information whether the email is a SPAM, Malicious, routed through MS-Exchange etc. Close attention is required for these headers.

To Do

In Phase 2, I need to add the following functionalities along with revamping the overall code from Quick & Dirty to Quick & More Organized.

  • Integrate Virustotal
  • Integrate Talos
  • Integrate AbuseIPDB
  • Integrate URLVoid
  • Integrate Phishtank
  • Perform IP lookups
  • Gather Domains/IPs country information.
  • Gather Domains Hosting Information
  • Add Support For UTF-8 Encoding Scheme
You might also like...
Python email address and Mime parsing library

Flanker - email address and MIME parsing for Python Flanker is an open source parsing library written in Python by the Mailgun Team. Flanker currently

Mailgun Team 1.6k Dec 29, 2022
Generate Email, Register for anything, Get the OTP/Link

OTE : One Time Email Introduction ote is a command line utility that generates temporary email address and automatically extracts OTPs or confirmation

Somdev Sangwan 457 Jan 3, 2023
A package for sending email from your Pyramid application

pyramid_mailer pyramid_mailer is a package for sending email from your Pyramid application. It is compatible with Python 2.7, 3.4, 3.5, 3.6, and 3.7 a

Pylons Project 50 Sep 17, 2022
Bulk Email and certificate sending application

demir.ai E-mail services This application allows you to send automatic mass mail and automatic mass certificates to the people in your mailing list, m

Ahmet Furkan DEMIR 16 Nov 1, 2022
Secret Service Email Encryption/Steganography

SecretService Decoy Encrypted Emailer

Unit 221B 6 Aug 5, 2022
A django package which act as a gateway to send and receive email with amazon SES.

django-email-gateway: Introduction: A Simple Django app to easily send emails, receive inbound emails from users with different email vendors like AWS

MicroPyramid 28 Nov 9, 2022
Simple, powerfull and nonobstructive django email middleware.

djmail djmail is a BSD Licensed, simple and nonobstructive django email middleware. Why use djmail? Because it: Sends emails asynchronously without ad

David Barragán Merino 77 Aug 30, 2021
Django email backends and webhooks for Amazon SES, Mailgun, Mailjet, Postmark, SendGrid, Sendinblue, SparkPost and more

Django email backends and webhooks for Amazon SES, Mailgun, Mailjet, Postmark, SendGrid, Sendinblue, SparkPost and more

null 1.4k Jan 1, 2023
You take an email and password from the combo list file and check it on mail.com

Brute-Force-mail tool information: Combo Type: email:pass Domains: All domains of the site Url: https://www.mail.com Api: ☑️ Proxy: No ☑️ The correct

null 6 Jun 5, 2022
Owner
Kamran Saifullah (Frog Man)
An abnormal frog who has been thrown out by the frog community!
Kamran Saifullah (Frog Man)
GitHub
A Django email backend that uses a celery task for sending the email.

django-celery-email - A Celery-backed Django Email Backend A Django email backend that uses a Celery queue for out-of-band sending of the messages. Wa

Paul McLanahan 430 Dec 16, 2022
A Django app that allows you to send email asynchronously in Django. Supports HTML email, database backed templates and logging.

Django Post Office Django Post Office is a simple app to send and manage your emails in Django. Some awesome features are: Allows you to send email as

User Inspired 856 Dec 25, 2022
A Django email backend for Amazon's Simple Email Service

Django-SES Info: A Django email backend for Amazon's Simple Email Service Author: Harry Marr (http://github.com/hmarr, http://twitter.com/harrymarr) C

null 882 Dec 29, 2022
Djrill is an email backend and new message class for Django users that want to take advantage of the Mandrill transactional email service from MailChimp.

Djrill: Mandrill Transactional Email for Django Djrill integrates the Mandrill transactional email service into Django. PROJECT STATUS: INACTIVE As of

Brack3t 327 Oct 1, 2022
ONYX SMTP Sender est un tool qui vous serviras à envoyer des email html à une liste d'email (en .txt) c'est la première version du tool et je le sors un peu à la rache donc si le logiciel est obsolète c'est normal j'y taff encore ;)

SMTP-Sender ONYX SMTP Sender est un tool qui vous serviras à envoyer des email html à une liste d'email (en .txt) c'est la première version du tool et

Esio_dev 3 Oct 15, 2021
GMailBomber is a form of Internet abuse which is perpetrated through the sending of massive volumes of email to a specific email address with the goal of overflowing the mailbox and overwhelming the mail server hosting the address, making it into some form of denial of service attack.

GMailBomber is a form of Internet abuse which is perpetrated through the sending of massive volumes of email to a specific email address with the goal of overflowing the mailbox and overwhelming the mail server hosting the address, making it into some form of denial of service attack.

Muneeb 5 Nov 13, 2022
faceFarm is an active yahoo email detection script that functions to take over the facebook account using email.

faceFarm – The simple Email Detector. Email Valid Detector for Facebook (Yahoo) faceFarm is an active yahoo email detection script that functions to t

Fadjrir Herlambang 2 Jan 18, 2022
This Python program generates a random email address and password from a 2 big lists and checks the generated email.

This Python program generates a random email address and password from a 2 big lists and checks the generated email.

Killin 13 Dec 4, 2022
Email-osint - Email OSINT tool written in python3

Email-osint - Email OSINT tool written in python3

Surtains 7 Nov 28, 2022
Send email in Python conveniently for gmail using yagmail

yagmail -- Yet Another GMAIL/SMTP client For the asynchronous asyncio version, look here: https://github.com/kootenpv/aioyagmail The goal here is to m

Pascal van Kooten 2.4k Dec 31, 2022