Spaces:
Sleeping
Sleeping
| # analyze_email_main.py | |
| import time | |
| from parse_email import parse_email | |
| from header_analyzer import analyze_headers | |
| from body_analyzer import analyze_body | |
| from url_analyzer import analyze_urls | |
| from attachment_analyzer import analyze_attachments | |
| from behavioral_analyzer import analyze_behavior, behavioral_summary | |
| from scoring_engine import compute_final_score | |
| def analyze(file_path): | |
| start = time.time() | |
| # ------------------------- | |
| # PARSE | |
| # ------------------------- | |
| headers, subject, body, urls, images, attachments = parse_email(file_path) | |
| # ------------------------- | |
| # ANALYZERS | |
| # ------------------------- | |
| header_findings, header_score, auth_results = analyze_headers(headers) | |
| body_findings, body_score, highlighted_body, _ = analyze_body( | |
| subject, body, urls, images | |
| ) | |
| url_findings, url_score = analyze_urls(urls) | |
| attachment_findings, attachment_score, attachment_hashes = analyze_attachments( | |
| attachments | |
| ) | |
| behavior = analyze_behavior(body) | |
| behavior_attack = behavior["dominant_attack"].strip().lower() | |
| behavior_score = behavior["confidence_score"] | |
| if behavior_attack == "sextortion": | |
| body_findings.append( | |
| "Behavioral analysis detected sextortion / psychological extortion pattern" | |
| ) | |
| # ------------------------- | |
| # FINAL SCORE | |
| # ------------------------- | |
| final_score, verdict, reasoning = compute_final_score( | |
| header_score=header_score, | |
| body_score=body_score, | |
| url_score=url_score, | |
| attachment_score=attachment_score, | |
| behavior_score=behavior_score, | |
| behavior_attack=behavior_attack, | |
| header_findings=header_findings, | |
| body_findings=body_findings, | |
| url_findings=url_findings, | |
| attachment_findings=attachment_findings, | |
| auth_results=auth_results, | |
| ) | |
| # ------------------------- | |
| # TAGGING | |
| # ------------------------- | |
| tags = set() | |
| if behavior_attack != "None": | |
| tags.add(behavior_attack.upper()) | |
| tags.add("Behavioral Threat") | |
| if auth_results.get("dmarc") == "fail": | |
| tags.add("Email Authentication Failure") | |
| # ------------------------- | |
| # OUTPUT | |
| # ------------------------- | |
| summary = { | |
| "Final Verdict": verdict, | |
| "Attack Type": behavior_attack if behavior_attack != "None" else "Undetermined", | |
| "Attack Score": f"{final_score}/100", | |
| "Processing Time": f"{round(time.time() - start, 2)} seconds", | |
| "Main Tags": ", ".join(sorted(tags)) if tags else "No special tags", | |
| } | |
| details = { | |
| "Header Findings": header_findings, | |
| "Body Findings": body_findings, | |
| "URL Findings": url_findings, | |
| "Attachment Findings": attachment_findings, | |
| "Attachment Hashes": attachment_hashes, | |
| "Highlighted Body": highlighted_body, | |
| "Auth Results": auth_results, | |
| "Behavioral Summary": behavioral_summary(behavior), | |
| "Scoring Reasoning": reasoning, | |
| } | |
| return summary, details | |