This commit is contained in:
Sean Whalen
2018-03-31 23:02:10 -04:00
parent 085c90a028
commit da57ccdf18
7 changed files with 71 additions and 69 deletions
+1
View File
@@ -15,6 +15,7 @@ install:
# commands to run samples
script:
- "flake8 *.py parsedmarc/*.py"
- "rstcheck README.rst docs/index.rst"
- "cd docs"
- "make html"
- "cd .."
+5
View File
@@ -1,3 +1,8 @@
3.4.1
-----
- Documentation fixes
- Fix console output
3.4.0
-----
- Maintain IMAP IDLE state when watching the inbox
+50 -57
View File
@@ -40,58 +40,58 @@ CLI help
[-s] [--debug] [-v]
[file_path [file_path ...]]
Parses DMARC reports
Parses DMARC reports
positional arguments:
file_path one or more paths to aggregate or forensic report
files or emails
positional arguments:
file_path one or more paths to aggregate or forensic report
files or emails
optional arguments:
-h, --help show this help message and exit
-o OUTPUT, --output OUTPUT
Write output files to the given directory
-n NAMESERVERS [NAMESERVERS ...], --nameservers NAMESERVERS [NAMESERVERS ...]
nameservers to query (Default 8.8.8.8 4.4.4.4)
-t TIMEOUT, --timeout TIMEOUT
number of seconds to wait for an answer from DNS
(default 6.0)
-H HOST, --host HOST IMAP hostname or IP address
-u USER, --user USER IMAP user
-p PASSWORD, --password PASSWORD
IMAP password
-r REPORTS_FOLDER, --reports-folder REPORTS_FOLDER
The IMAP folder containing the reports Default: INBOX
-a ARCHIVE_FOLDER, --archive-folder ARCHIVE_FOLDER
Specifies the IMAP folder to move messages to after
processing them Default: Archive
-d, --delete Delete the reports after processing them
-E [ELASTICSEARCH_HOST [ELASTICSEARCH_HOST ...]], --elasticsearch-host [ELASTICSEARCH_HOST [ELASTICSEARCH_HOST ...]]
A list of one or more Elasticsearch hostnames or URLs
to use (Default localhost:9200)
--save-aggregate Save aggregate reports to Elasticsearch
--save-forensic Save forensic reports to Elasticsearch
-O OUTGOING_HOST, --outgoing-host OUTGOING_HOST
Email the results using this host
-U OUTGOING_USER, --outgoing-user OUTGOING_USER
Email the results using this user
-P OUTGOING_PASSWORD, --outgoing-password OUTGOING_PASSWORD
Email the results using this password
-F OUTGOING_FROM, --outgoing-from OUTGOING_FROM
Email the results using this from address
-T OUTGOING_TO [OUTGOING_TO ...], --outgoing-to OUTGOING_TO [OUTGOING_TO ...]
Email the results to these addresses
-S OUTGOING_SUBJECT, --outgoing-subject OUTGOING_SUBJECT
Email the results using this subject
-A OUTGOING_ATTACHMENT, --outgoing-attachment OUTGOING_ATTACHMENT
Email the results using this filename
-M OUTGOING_MESSAGE, --outgoing-message OUTGOING_MESSAGE
Email the results using this message
-w, --watch Use an IMAP IDLE connection to process reports as they
arrive in the inbox
--test Do not move or delete IMAP messages
-s, --silent Only print errors
--debug Print debugging information
-v, --version show program's version number and exit
optional arguments:
-h, --help show this help message and exit
-o OUTPUT, --output OUTPUT
Write output files to the given directory
-n NAMESERVERS [NAMESERVERS ...], --nameservers NAMESERVERS [NAMESERVERS ...]
nameservers to query (Default 8.8.8.8 4.4.4.4)
-t TIMEOUT, --timeout TIMEOUT
number of seconds to wait for an answer from DNS
(default 6.0)
-H HOST, --host HOST IMAP hostname or IP address
-u USER, --user USER IMAP user
-p PASSWORD, --password PASSWORD
IMAP password
-r REPORTS_FOLDER, --reports-folder REPORTS_FOLDER
The IMAP folder containing the reports Default: INBOX
-a ARCHIVE_FOLDER, --archive-folder ARCHIVE_FOLDER
Specifies the IMAP folder to move messages to after
processing them Default: Archive
-d, --delete Delete the reports after processing them
-E [ELASTICSEARCH_HOST [ELASTICSEARCH_HOST ...]], --elasticsearch-host [ELASTICSEARCH_HOST [ELASTICSEARCH_HOST ...]]
A list of one or more Elasticsearch hostnames or URLs
to use (Default localhost:9200)
--save-aggregate Save aggregate reports to Elasticsearch
--save-forensic Save forensic reports to Elasticsearch
-O OUTGOING_HOST, --outgoing-host OUTGOING_HOST
Email the results using this host
-U OUTGOING_USER, --outgoing-user OUTGOING_USER
Email the results using this user
-P OUTGOING_PASSWORD, --outgoing-password OUTGOING_PASSWORD
Email the results using this password
-F OUTGOING_FROM, --outgoing-from OUTGOING_FROM
Email the results using this from address
-T OUTGOING_TO [OUTGOING_TO ...], --outgoing-to OUTGOING_TO [OUTGOING_TO ...]
Email the results to these addresses
-S OUTGOING_SUBJECT, --outgoing-subject OUTGOING_SUBJECT
Email the results using this subject
-A OUTGOING_ATTACHMENT, --outgoing-attachment OUTGOING_ATTACHMENT
Email the results using this filename
-M OUTGOING_MESSAGE, --outgoing-message OUTGOING_MESSAGE
Email the results using this message
-w, --watch Use an IMAP IDLE connection to process reports as they
arrive in the inbox
--test Do not move or delete IMAP messages
-s, --silent Only print errors
--debug Print debugging information
-v, --version show program's version number and exit
SPF and DMARC record validation
===============================
@@ -191,13 +191,6 @@ Sample forensic report output
I don't have a sample I can share for privacy reasons. If you have a sample
forensic report that you can share publicly, please contact me!
Bug reports
===========
Please report bugs on the GitHub issue tracker
https://github.com/domainaware/parsedmarc/issues
Installation
============
+1 -1
View File
@@ -320,7 +320,7 @@ Disable the default nginx configuration:
sudo rm /etc/nginx/sites-enabled/default
Create the Cuckoo web server configuration
Create the web server configuration
.. code-block:: bash
+3 -3
View File
@@ -42,7 +42,7 @@ import imapclient.exceptions
import dateparser
import mailparser
__version__ = "3.4.0"
__version__ = "3.4.1"
logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)
@@ -1370,7 +1370,7 @@ def watch_inbox(host, username, password, callback, reports_folder="INBOX",
try:
# Refresh the IDLE session every 10 minutes to stay connected
if time.monotonic() - idle_start_time > 10 * 60:
logger.debug("IMAP: Refreshing IDLE session")
logger.info("IMAP: Refreshing IDLE session")
server.idle_done()
server.idle()
idle_start_time = time.monotonic()
@@ -1412,7 +1412,7 @@ def watch_inbox(host, username, password, callback, reports_folder="INBOX",
try:
server.idle_done()
logger.debug("IMAP: Sending DONE")
logger.info("IMAP: Sending DONE")
server.logout()
except BrokenPipeError:
pass
+10 -8
View File
@@ -20,7 +20,11 @@ from parsedmarc import logger, IMAPError, get_dmarc_reports_from_inbox, \
def _main():
"""Called when the module is executed"""
def process_reports(reports_):
logger.info(json.dumps(reports_, ensure_ascii=False, indent=2), "\n")
output_str = "{0}\n".format(json.dumps(reports_,
ensure_ascii=False,
indent=2))
if not args.silent:
print(output_str)
if args.save_aggregate:
for report in reports_["aggregate_reports"]:
try:
@@ -115,12 +119,11 @@ def _main():
args = arg_parser.parse_args()
logger.setLevel(logging.INFO)
if args.silent:
logger.setLevel(logging.ERROR)
logging.basicConfig(level=logging.WARNING)
logger.setLevel(logging.WARNING)
if args.debug:
logger.setLevel(logging.DEBUG)
logging.basicConfig(level=logging.INFO)
logger.setLevel(logging.INFO)
if args.host is None and len(args.file_path) == 0:
arg_parser.print_help()
exit(1)
@@ -199,8 +202,7 @@ def _main():
exit(1)
if args.host and args.watch:
logger.info("Watching for email\n"
"Quit with ^c")
logger.info("Watching for email - Quit with ^c")
try:
watch_inbox(args.host, args.user, args.password, process_reports,
reports_folder=args.reports_folder,
+1
View File
@@ -14,3 +14,4 @@ sphinx
sphinx_rtd_theme
collective.checkdocs
wheel
rstcheck