spamtrap_backend.core.processor package
Submodules
spamtrap_backend.core.processor.base_processor module
spamtrap_backend.core.processor.dionaea_processor module
- class spamtrap_backend.core.processor.dionaea_processor.DionaeaProcessor
Bases:
BaseProcessor- channels = ('mwbinary.dionaea.sensorunique', 'dionaea.shellcodeprofiles', 'dionaea.connections', 'dionaea.capture')
- normalize_ip(ip)
spamtrap_backend.core.processor.mail_processor module
- class spamtrap_backend.core.processor.mail_processor.MailProcessor
Bases:
BaseProcessor- MSG_THRESHOLD = 250
- RE_PASS_PATTERNS = ['Password:\\s?([a-zA-Z0-9]*)', 'Archive pass:\\s?([a-zA-Z0-9]*)', 'zip pass\\s?([-a-zA-Z0-9]*)', 'Password\\s-\\s([a-zA-Z0-9]*)']
- RE_URL = re.compile('((?:(?:ht|f)tp(?:s?)|smb|ssh\\:\\/\\/)(?:[!#$&-;=?-\\[\\]_a-z~]|%[0-9a-f]{2})+)', re.IGNORECASE)
- channels = ('spam.mails',)
- classmethod extract_attachments(eml_dict)
- static extract_domains(eml_dict)
- static extract_urls(o_data)
- classmethod extract_urls_dm(eml_dict)
- static find_extern(recv_srvs, recv_ips)
This double checking is necessary, because eml_parser greps IPs and stores them in m[‘header’][‘received_ip’], which are actually not a sending address!!!
- Parameters:
recv_srvs –
recv_ips –
- Returns:
- classmethod find_receiver(eml_dict)
- classmethod find_sender(eml_dict)
- static is_public_ip(ip)
- process(_in)
- static retrieve_datetime_in_utc(eml_dict)
- static retrieve_header_field(eml_dict, key)
- static retrieve_mtas(eml_dict)
- static sanitize_address(addr)
- classmethod search_pass(eml_dict)