GithubHelp home page GithubHelp logo

meioc's Introduction

Meioc

Meioc (Mail Extractor IoC) is a python3 script to extract indicators of compromised from eMail.

Meioc allows you to extract the following information from an e-mail, in JSON format:

  • From
  • Sender
  • X-Sender
  • To
  • Cc
  • Bcc
  • Envelope-to
  • Delivered-to
  • Return-Path
  • Subject
  • Date
  • User-Agent
  • X-Originating-IP
  • Relay Full
  • Relay IP (Only the IPs involved with the possibility of excluding private IPs)
  • Urls
  • Domains
  • Attachments with hash
  • Check SPF record

Default keys

These are the default keys generated by Meioc, if the value does not exist a null is returned.

{
    "filename": "filename.eml",
    "from": null,
    "sender": null,
    "x-sender": null,
    "to": null,
    "cc": null,
    "bcc": null,
    "envelope-to": null,
    "delivered-to": null,
    "return-path": null,
    "subject": null,
    "date": null,
    "user-agent": null,
    "x-originating-ip": null,
    "relay_full": null,
    "relay_ip": null,
    "spf": null,
    "urls": null,
    "domains": null,
    "attachments": null
}

To Do List

  • Support .msg files

Requirements

pip3 install -r requirements.txt

Example

python3 meioc.py --exclude-private-ip --spf malspam.eml

output:

{
    "filename": "malspam.eml",
    "from": "[email protected]",
    "sender": null,
    "x-sender": null,
    "to": {
        "0": "[email protected]",
        "1": "[email protected]"
    },
    "cc": null,
    "bcc": null,
    "envelope-to": {
        "0": "[email protected]",
        "1": "[email protected]"
    },
    "delivered-to": null,
    "return-path": "[email protected]",
    "subject": "Conferma ordine",
    "date": "Sun, 17 Feb 2019 09:33:23 +0100",
    "user-agent": null,
    "x-originating-ip": null,
    "relay_full": {
        "0": "[127.0.0.1] (helo=localhost)",
        "1": "[123.123.111.111] (helo=dyl.example.kpk)",
        "2": "h138-ipv4-70-58-178.example.com ([123.58.178.138]:60889)",
        "3": "whm.example.com"
    },
    "relay_ip": {
        "0": "123.123.111.111",
        "1": "123.58.178.138",
    },
    "spf": false,
    "urls": {
        "0": "http://example.com/Clients_transactions/012019"
    },
    "domains": {
        "0": "example.com"
    },
    "attachments": [
        {
            "filename": "f52-RICHIESTA.AVVISO-Conferma-199913-0000.n.03.2019-All.n.1_File-excel-.xls",
            "MD5": "b011871621fb8e15edbc80eec2fb396e",
            "SHA1": "8a7d2839645842f862da8ff3cb8af7b1d783e728",
            "SHA256": "34669dde1e33ec96147540433f60e90056d38df1e3bb952fdc600e979d74f690"
        }
    ]
}

License

GNU General Public License v3.0

meioc's People

Contributors

drego85 avatar hackingbutlegal avatar marco-acorte avatar frapava98 avatar tytocapensis avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.