This script parses DMARC XML files, extracts relevant information, and performs reverse DNS lookups on source IP addresses. The parsed data is then saved to a CSV file.
- Python 3.x
- The following Python packages:
os
xml.etree.ElementTree
pandas
socket
tqdm
dmarc
-
Clone this repository or download the script.
-
Install the required Python packages using pip:
pip install pandas tqdm dmarc
-
Modify the script to specify the correct paths for the source and destination directories:
source_directory = r'C:\Users\test\path\source' destination_directory = r'C:\Users\test\path\dest'
-
Run the script:
python script.py
-
The parsed data will be saved to
path.csv
in the specified destination directory.
-
Reverse DNS Lookup:
- The
reverse_dns_lookup
function takes an IP address and checks if it has already been resolved. If not, it performs a reverse DNS lookup to find the associated host name.
- The
-
DMARC XML Parsing:
- The
parse_dmarc_xml
function parses DMARC XML files, extracts information about emails that did not pass DMARC checks, and appends this data to a list.
- The
-
Main Execution Flow:
- The
main
function handles the overall flow:- Checks if the source and destination directories exist.
- Iterates through each XML file in the destination directory, parsing them and collecting records.
- Performs reverse DNS lookups on the collected records.
- Converts the records to a pandas DataFrame and saves it to a CSV file.
- The
- Ensure that the source and destination directories contain the appropriate XML files for parsing.
- The script includes a progress bar for both XML parsing and reverse DNS lookups for better user experience.
- Duplicate records are handled by summing the email counts of the duplicates.
Here is an example of the output after running the script:
source_ip_address policy_disposition dkim_alignment spf_alignment from_domain dkim_domain dkim_result spf_domain spf_result source_domain_name mail_count
0 192.0.2.1 reject fail pass example.com example.org fail example.net pass mail.example.com 10
1 198.51.100.2 quarantine pass fail another.com another.org pass another.net fail mail.another.com 5
This output will be saved to a CSV file specified in the script.