Serdar HALILOGLU

Cyber Security Engineer

Security Enthusiast

Malware Analyst

Blogger

Serdar HALILOGLU

Cyber Security Engineer

Security Enthusiast

Malware Analyst

Blogger

Phishing Email Analyzer (PEA)

  • Author:: Serdar HALILOGLU
  • Team Member:: Miray Elibüyük and Seçil Toprakeşen
  • Parent Category:: Cyber Security
  • Child Category:: Phishing Analysis
See Demo
  • PEA is an open source project to analyze malware which spreads via e-mail. PEA has three different modules, namely parsing, VirusTotal, blacklist modules.

Parser Module

EMLParser Usage

  • python EMLParser.py FileName.eml
  • The aim of parsing module in our project PEA is to separate all information in the email contents.

IP-Link Parser

The script written by Johnny Wachter is used. We have changed the regex in IPAddresses.py which is in the class files. https://github.com/JohnnyWachter/intel (The Repo is no longer found on his repo. We will add same repo with our changes, soon.)

The codes are integrated into our project.

VirusTotal Module

  • Development of this module is over. It will be added soon.

Blacklist Module

  • It will check whether ip addresses or domain names in blacklist or not.
  • Blacklists we use are RBL, SBL and so on.

Usage

  • python blacklist.py
    • The system will ask you whether you want to scan an ip address or a domain name.
    • If you want to check an ip address, you have to write “i” for scanning.
      • Then, system will ask you to enter an ip address
    • If you want to check a domain name, you have to write “d” for scanning.
      • Then, system will ask you to enter a domain name.

Graphical User Interface (GUI)

  • The user interface is made using Qt4.
  • Soon, GUI codes and User Guide will be added.

 

Source code on Github