Domanda Estrare dati dal sorgente Email

mrcamarium

Utente Bronze
7 Gennaio 2022
86
22
2
45
Ho realizzato questo script per estrarre dei dati dal corpo di una email, l'ho testato con una email di un truffatore e funzionava, adesso per cuoriosità l'ho provato con una email normale ma non estare l'ip.
Python:
def ipinfo(): #Verifico IP
    import webbrowser
    new = 2
    url = ("https://ipinfo.io/")
    term = input("Inserisci Indirizzo IP: ")
    webbrowser.open(url+term,new=new)
def IDFalso(): #Genera una falsa identità
    print("\n","-----x-----x-----x-----x-----")
    print(verde + "Email: ",fake.email())
    print("Nome E Cognome: ",fake.name())
    print("Indirizzo: ",fake.address())
    print("Stato: Italia" + reset)
    print("-----x-----x-----x-----x-----")
def mailinfo():
    eml = input("Inserisci il percorso del file: ")
    f = open(eml, "r")
    msg = email.message_from_file(f)
    f.close()
    headers = email.message_from_string(msg.as_string())
    infomail={
        "message-id":"",
        "spf-record":False,
        "dkim-record":False,
        "dmarc-record":False,
        "spoofed":False,
        "ip-address":"",
        "sender-client":"",
        "spoofed-mail":"",
        "dt":"",
        "content-type":"",
        "subject":""
    }
    for h in headers.items():
        #ID Messaggio
        if h[0].lower()=="message-id":
            infomail["message-id"]=h[1]
        #Server da dove è stata inviata l'email
        if h[0].lower()=="received":
            infomail["sender-client"]=h[1]
        #Autenticazione rilevata dal server di posta
        if h[0].lower()=="authentication-results":
            if(re.search("spf=pass",h[1])):
                infomail["spf-record"]=True;
            if(re.search("dkim=pass",h[1])):
                infomail["dkim-record"]=True
            if(re.search("dmarc=pass",h[1])):
                infomail["dmarc-record"]=True
            if(re.search("does not designate",h[1])):
                infomail["spoofed"]=True
            if(re.search(r"\[(\d{1,3}\.){3}\d{1,3}\]", h[1])):
                ip=re.search(r"\[(\d{1,3}\.){3}\d{1,3}\]", h[1])
                infomail["ip-address"]=str(ip.group())
        if h[0].lower()=="reply-to":
            infomail["spoofed-mail"]=h[1]
        if h[0].lower()=="date":
            infomail["dt"]=h[1]
        if h[0].lower()=="content-type":
            infomail["content-type"]=h[1]
        if h[0].lower()=="subject":
            infomail["subject"]=h[1]
    print("\n=========================Risultato=========================\n")
    print("[+] ID Messaggio: "+infomail["message-id"])
    if(infomail["spf-record"]):
        print("[+] " + verde + "SPF Records: PASS"+ reset)
    else:
        print("[+] " + rosso + "SPF Records: FAIL" + reset)
    if(infomail["dkim-record"]):
        print("[+] " + verde + "DKIM: PASS" + reset)
    else:
        print("[+] " + rosso + "DKIM: FAIL" + reset)
    if(infomail["dmarc-record"]):
        print("[+] " + verde + "DMARC: PASS" + reset)
    else:
        print("[+] " + rosso + "DMARC: FAIL" + reset)
    if(infomail["spoofed"] and (not infomail["spf-record"]) and (not infomail["dkim-record"]) and (not infomail["dmarc-record"])):
        print("[+] " + rosso + "L'E-mail è contraffatta" + reset)
        print("[+] " + giallo + "E-mail: " + infomail["spoofed-mail"] + reset)
        print("[+] " + giallo + "Indirizzo IP: " + infomail["ip-address"] + reset)
    else:
        print("[+] " + verde + "L'E-mail è autentica" + reset)
        print("[+] " + giallo + "IP-Address: " + infomail["ip-address"] + reset)
    print("[+] Provider: " + infomail["sender-client"])
    print("[+] Tipo di contenuto: " + infomail["content-type"])
    print("[+] Data e Ora: " + infomail["dt"])
    print("[+] Oggetto: " + infomail["subject"]+"\n\n")
questo è il testo del sorgente di una email
Codice:
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                               
X-Account-Key: account1
X-UIDL: GmailId18b94c355a4f4b52
Delivered-To: [email protected]
Received: by 2002:a05:7010:aa7:b0:38d:aa86:9d82 with SMTP id fm39csp974549mdb;
        Fri, 3 Nov 2023 03:40:36 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IG22BKBRBzL9UpN6pGg4fHgd3gawnsRdItBLaCNHGTH321Rb7Ypr8PHKXqmlEyNC1V7tkeMfpzOGccYcQ/ojA==
X-Received: by 2002:a05:6830:11d5:b0:6c4:d19b:dabd with SMTP id v21-20020a05683011d500b006c4d19bdabdmr5627099otq.1.1699008036362;
        Fri, 03 Nov 2023 03:40:36 -0700 (PDT)
Received: from 127.0.0.1
 by atlas-production.v2-mail-prod1-ir2.omega.yahoo.com pod-id atlas--production-ir2-7595f94898-ff8cf.ir2.yahoo.com with HTTP; Fri, 3 Nov 2023 10:38:31 +0000
Return-Path: <[email protected]>
X-Originating-Ip: [40.107.220.89]
Received-SPF: pass (domain of o-i.com designates 40.107.220.89 as permitted sender)
Authentication-Results: atlas-production.v2-mail-prod1-ir2.omega.yahoo.com;
 dkim=pass [email protected] header.s=selector1;
 spf=pass smtp.mailfrom=o-i.com;
 dmarc=pass(p=NONE) header.from=o-i.com;
X-Apparently-To: [email protected]; Fri, 3 Nov 2023 10:38:31 +0000
X-YMailISG: uRdpb7YWLDtieeBSMISfsNjH.CfnO1SoJbCuxi.K2CMFWbfv
 M7QQSkgBRW
 xXBrXcjJZBbHM8w6tEo1.RAc_OfEUNUl7WyggcDByUZLcwnWsrMH_nYANwNb
 0vJSu0FcUcitwclV7ANRv7zwao3BaxgzAUeYi_bog12mMfBANobU_NVljJVk
 8urxyePr
Received: from 40.107.220.89 (EHLO NAM11-CO1-obe.outbound.protection.outlook.com)
 by 10.200.78.184 with SMTPs
 (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
 Fri, 03 Nov 2023 10:38:31 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=gtRbDFnUHMa6tky94qSQKtMlYsqkZ9a0s6sKT2BAUoa2jOOs+GnRvKyjUzOj+T+Gy20dQcxKrynzjX+t0Ubzd86/q2YJAG0MoHn56tCnIFQweT2wxm5Ivogm6SQqoWUg6socdvr4zoUkFdk3o+xpdTt0qkh/AifoxzfK/lEBXTtZbJEIAonzGH9c0YzNX7YzrsL+XvUR3NB1UVyAINfP7PlbLamaZVjcD0Z17UTWDJZ1g8Ppj5O8jW6yT4JcetCrbmB8cH8VGfIwvSlDLTk/yBe/S7h/x06Wxm9FE66Gfflfufsh+H0Asbohc7ofGIKTOaKA5ROtan99SFT2hO9X3w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=ImtBHVwguredDHGxFJh3Py79XX5Reo1MYdGBtQGmfrg=;
 b=cbAFNuUBsAzW76jRV5LFaFUNYuTbvFgEuFHCEFeoSjs2iBAxoCaSJrqcGll2MQIHjDKJXPW+JO072Ak5mIH0TN49FI+HgXUWXI7KMGZDs8zEMo/EZI3IikGojzzJNbYx5B1XVZLSwss8S2lT0kls619fMBRXu1HMn7NLWwcxzYmkFH6UZjXNL2dQKc0+23VHI7i4VZxWAIwq/iJRtXahxjX453dEpIENLM6mPDgF9iqByQ/lshoiGRE2P9w4JuI89eHj5F/mE1sihAxbWlrGUe7gGDzWh5qt2A0Esvhq3QZloW2ucGqHnl/4xCqsdmlrQtTAVHU+nwVk/cfgRc+yCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=o-i.com; dmarc=pass action=none header.from=o-i.com; dkim=pass
 header.d=o-i.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=o-i.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=ImtBHVwguredDHGxFJh3Py79XX5Reo1MYdGBtQGmfrg=;
 b=EKJYMPpnWpV9Lkt9H9Y36dnzvuZQm+reE/3XnCrnOdVG4LggBBU5X97yI6APR6QQZKACApIZnFfW0B35Sfqta0hPYFuR+GCgsiyKjSFrt1Pm5E75H4XWr6t04UWRWi0AFlyTmFrtNgJYtWzK1Gq9uPKDIFWjFRpJ+XxgAQZh+uqiOyj+DJ5lfvk2Yigdxt7u9PazlHJuYdPai+J9JoxZ5YJpXL91wfXJmasI3jQ1wQ7RhmIdCdCsrJ7t88xRtWmMPOM4Hmba4qS9BPgp+FQS5wS6HEFTC0q9hSMJrup6OAPAai9K4SVDzoJM8OuXgvVIqvlROWfBfkgnc4zyUCZRog==
Received: from CH0PR07MB9871.namprd07.prod.outlook.com (2603:10b6:610:193::8)
 by SJ0PR07MB7806.namprd07.prod.outlook.com (2603:10b6:a03:278::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.21; Fri, 3 Nov
 2023 10:38:25 +0000
Received: from CH0PR07MB9871.namprd07.prod.outlook.com
 ([fe80::7a52:37b4:526a:d0bb]) by CH0PR07MB9871.namprd07.prod.outlook.com
 ([fe80::7a52:37b4:526a:d0bb%4]) with mapi id 15.20.6954.021; Fri, 3 Nov 2023
 10:38:25 +0000
From: Cabina MSA.SD <[email protected]>
To: "Mr. Camarium" <[email protected]>
Subject: prova
Thread-Topic: prova
Thread-Index: AQHaDkHPsq+6RyxsVkeOSgPJyBsavg==
Date: Fri, 3 Nov 2023 10:38:24 +0000
Message-ID:
 <CH0PR07MB9871D124A45EB0906033971BDEA5A@CH0PR07MB9871.namprd07.prod.outlook.com>
Accept-Language: it-IT, en-US
Content-Language: it-IT
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR07MB9871:EE_|SJ0PR07MB7806:EE_
x-ms-office365-filtering-correlation-id: 094b2b6a-0eba-42e3-7091-08dbdc590203
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info:
 Y5v2e7y/w0nNOK2Y6R+ubCzftAkqiqlwFFzhyql2oDtD0UZm8KuHrrrIOOyFjiNAxSFZ99tcQscVlhJHx0VakwaMGNpd6j0dB5KjQaL89Te9DDOtlJ/IYwoRLpJEUGYHrP7cKyt/WKRBfttEEBjM45+MF+mxE3/J8H4UG+maRqMt+JLFvxM1zfLhTWLOM5KpRFX00VaTsKdARrThnjMAGsiFrxfJmeBnGAiSYTeIa+T3eFZwpxp8rKdVh9tBC6aPFHdNgUUd2TXCQF8AoNlJqeK08sItAI+iuucNAopu2/ENPFFbeG7UEOy4pVe/uFyOtV1xhyMjKAM/B8X1GrDBuJRE8rGzywdmoXoC7rcc4I1G+U1YnV+Swjt4rUztzoGniAVQB7+oSRl66r9sVfcxmykdUMk2l63g3M1c806+Zcg6NOR5+dZ0qKQHnPTWXGVxNy22SX7l9tMK7V0fqDEP2HFmbnvANfdMp3KzadwqsLrBMy6JwWMaMMZIrDCNoug0Oxk27tZj/cmwIAtNb8RRlcDyWDanpIILMsPoAitCi858HVrm3pKjM0kqZuTTcx/rfTqlSFRvwqNqNO2l8sv1iN6dyHL5Rdv5pmvoAArl96Hpb3ak4e2+vrV766gDSPU/z/dwO9rrThciNFEjy3paf8OBcuccuYweImNBcoOSDiI=
x-forefront-antispam-report:
 CIP:255.255.255.255;CTRY:;LANG:it;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH0PR07MB9871.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366004)(136003)(39860400002)(396003)(346002)(376002)(230922051799003)(451199024)(64100799003)(186009)(1800799009)(6506007)(478600001)(66556008)(66476007)(66446008)(64756008)(7696005)(71200400001)(3480700007)(66946007)(26005)(91956017)(6916009)(76116006)(316002)(9686003)(122000001)(38070700009)(41300700001)(86362001)(558084003)(5660300002)(52536014)(8936002)(8676002)(7116003)(2906002)(38100700002)(19627405001)(166002)(33656002)(55016003)(220243001)(204593002);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0:
 =?iso-8859-1?Q?SZtepC7hrz/v12CDdxHJ0UJ+WWvn7YNY2p9VS5FT2C3bv3+kjFcsmdhJO6?=
 =?iso-8859-1?Q?5P7OE1vZ0sOXnLwKb6dwxTjiXPlFjQFpNbNbfk1wwrrpnJrpQ/KTVozhDR?=
 =?iso-8859-1?Q?WORcsP9IfCn7kphC37I4qO0TuKWKEtT+xTu5slKLMtMr6BJUJW6bEM7k0k?=
 =?iso-8859-1?Q?JVMbFgaOhux4whT2zTClfAhP3UQA166myTg+feqkXLZ7AAUsh5HsK5NCN+?=
 =?iso-8859-1?Q?1dwdVRdlNleFLTun/OjntPQv64hurkOgxnlKDglFEe2h/8nyjf2OBSByxY?=
 =?iso-8859-1?Q?POxN9rz3loP7fxem2NIxA/p8W4Udv7J6RwCculmRO/nu98Z6KvXzov4172?=
 =?iso-8859-1?Q?yPRRQXPaB2AnyfPZdZ0NL9Eb/gkSPwZc7a8+tjRhADv31yXLze/RCdCkm1?=
 =?iso-8859-1?Q?PiifeCmcQzReGQQAqn/e7NvBcxOao2E3kg0GKY9Y4qoWyaiw+wAMTV8QfK?=
 =?iso-8859-1?Q?t8BXALzwQNv5Z9lLb3JD1JKlSXyZd1+z6u9nuIxryXsKf9ZVQENRBvCoTc?=
 =?iso-8859-1?Q?bRz4WX0DZlorOTjKAJFg95l0/04+8+tm23M088Pq0wBAo+vBe2lu7fBBaI?=
 =?iso-8859-1?Q?neZ0QD6a/2aBmEe7KEm1cWDOl8QusQXUh7xq2KYfU8wjseEVrPvP0xFzaD?=
 =?iso-8859-1?Q?a6KLuDkjOeDWqtLfvHOgvEC5Saqe1Ij3iJ7yJlNnc2nw2FyHvacWmAvsjl?=
 =?iso-8859-1?Q?mcZGybPQCUhfIjbt2Y5ejHTIZZfTHvLaHrbMFei778tC4sB4hyO6qtl+OQ?=
 =?iso-8859-1?Q?XzT4z7uhTuhQh+9MdVCF4IxHIfsrP6sFra8mPc6lpqm2YB6VVRrMsx1AoG?=
 =?iso-8859-1?Q?q9WfeeaAYT20Jty9a+eUjeOhteIjVYUlumyYIuLJCLUOKPXVWhC4cu96RM?=
 =?iso-8859-1?Q?wRMKhw84FLAu/+HjBwCM+lJFgcZtoC2GEL+Jhb1JfZotkC4Syvg0Xfhh7D?=
 =?iso-8859-1?Q?BFDbQUGSvK6Xer/qgCvXyKTU1UV0A5U09ssQVLaBMeC5fOgvU/Q7MUR2tK?=
 =?iso-8859-1?Q?uOO+sQX/5B0XM28AVsfCyfCP6fPnoi+nfI57+FWRnGpGbzjmsopGDmRROB?=
 =?iso-8859-1?Q?xXdcegXNszx3SJMuXXh8oLK4l0KEbfDiH7AMCbbhtWL3Rfz5aZy0iZqU3g?=
 =?iso-8859-1?Q?I8hfjUW/kMPmJ3LYMpEkNEmYlIaz106NPjX5P/658PWCHEWk9S/Jzw88LS?=
 =?iso-8859-1?Q?0jEGZAtn8JtaLmlMyQF0QuzFx2nn4nKBKIHaut4Dgb8adIVgZc6xSRWPYs?=
 =?iso-8859-1?Q?TIXcktDRJNUkgg01qz5P4Qujb1g/AZu7H4vlHXwtIGxCiFijYcKYHwHJJ4?=
 =?iso-8859-1?Q?Dxuey49bmRHta+MvlJCyvHkzOOMlXsSAvjfa6Lru7LBai+q6/4SBKcfQbd?=
 =?iso-8859-1?Q?UE9XGZbGBvHu4SET0P/MQSWfAXtZSRl4pEm1JV1C1NCults+HTEAQEEQzt?=
 =?iso-8859-1?Q?zO26XDk4UAtYBouLaCIppk2ama1bGo4RP4wQ9WXJXSpD6iGKsXCqN/SOZX?=
 =?iso-8859-1?Q?dIXm5fZPA9FEavzXZj5w34VW3fh8fDiOAM3cQBITUZdrruZIXBryb1Qnxy?=
 =?iso-8859-1?Q?jqth4Q9J1Q5/5eKU//H8DgAycBLsdghxU690azcO/TZN14xuTcFo/xDJus?=
 =?iso-8859-1?Q?bFTtW+EcRSeaaCi7hIDSnayCYLSKW+kc31?=
Content-Type: multipart/alternative;
    boundary="_000_CH0PR07MB9871D124A45EB0906033971BDEA5ACH0PR07MB9871namp_"
MIME-Version: 1.0
X-OriginatorOrg: o-i.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR07MB9871.namprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 094b2b6a-0eba-42e3-7091-08dbdc590203
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Nov 2023 10:38:24.6471
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: af0ee343-0c80-42be-aeac-d688e63ecf48
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: nRGCK7Q3loLOVw8nco/wl851gj+7IiA/XEkB/v1cbYrvlLzxYgi6SkXDKDEeacZe7cm2gku30Jn5CfmXcFttIg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR07MB7806
Content-Length: 5031

--_000_CH0PR07MB9871D124A45EB0906033971BDEA5ACH0PR07MB9871namp_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

--_000_CH0PR07MB9871D124A45EB0906033971BDEA5ACH0PR07MB9871namp_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

--_000_CH0PR07MB9871D124A45EB0906033971BDEA5ACH0PR07MB9871namp_--