Skip to content
/ spamintel Public

DIy Threat Intel: Mining your spam folder for threat intelligence gold

4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

treebuilder/spamintel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
process-spam.py
process-spam.py
 
 
runvt.py
runvt.py
 
 

Repository files navigation

spamintel

DIY Threat Intel: Mining your spam folder for threat intelligence gold

This repository contains two scripts:

  • process-spam.py
  • runvt.py

I call them from cron:

0 *     * * *   /home/foo/bin/process-spam.py 2>&1 >>/var/log/cronlogs
10 */4  * * *   /home/foo/bin/runvt.py 2>&1 >>/var/log/cronlogs

This ensures my spam folder is processed every hour, and any attachments are submitted to VirusTotal.

If it's something VT hasn't seen before, runvt.py will follow up and get the results after a few hours.

#####To do

One thing I haven't yet coded is the ability to have the extracted URLs analyzed by VT.

I also need to parse the JSON returned to make the results files more easily human-readable.

About

DIy Threat Intel: Mining your spam folder for threat intelligence gold

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages