mail

package

v0.9.0 Latest Latest Go to latest Published: Apr 9, 2026 License: BSD-3-Clause, GPL-3.0 Imports: 23 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dreadl0ck/netcap

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func Parse(conv *core.ConversationInfo, buf []byte, from, to string, logger *zap.Logger, ...) *types.Mail
func WriteMail(d *types.Mail)
type MailFileExtractor
type MailSecurityAnalysis
- func AnalyzeMail(mail *types.Mail, headers map[string]string, body string) *MailSecurityAnalysis

Constants ¶

This section is empty.

Variables ¶

View Source

var Decoder = &decoder.AbstractDecoder{
	Type:        types.Type_NC_Mail,
	Name:        "Mail",
	Description: "Email messages collected from the network traffic",
	PostInit: func(d *decoder.AbstractDecoder) error {
		var err error
		mailLog, _, err = logging.InitZapLogger(
			decoderconfig.Instance.Out,
			"mail",
			decoderconfig.Instance.Debug,
		)
		return err
	},
	DeInit: func(sd *decoder.AbstractDecoder) error {
		return mailLog.Sync()
	},
}

Decoder for protocol analysis and writing audit records to disk.

Functions ¶

func Parse ¶

func Parse(conv *core.ConversationInfo, buf []byte, from, to string, logger *zap.Logger, origin string) *types.Mail

Parse attempts to read a mail from the conversation.

func WriteMail ¶

func WriteMail(d *types.Mail)

WriteMail writes an email audit record to disk.

Types ¶

type MailFileExtractor ¶ added in v0.9.0

type MailFileExtractor struct{}

MailFileExtractor implements file extraction for email attachments

func (*MailFileExtractor) DescribeFile ¶ added in v0.9.0

func (m *MailFileExtractor) DescribeFile(handle *file.FileHandle) string

DescribeFile returns a human-readable description of the email attachment

func (*MailFileExtractor) ExtractFile ¶ added in v0.9.0

func (m *MailFileExtractor) ExtractFile(conv *core.ConversationInfo, data []byte, metadata file.FileMetadata) error

ExtractFile performs email attachment extraction

func (*MailFileExtractor) GetFileHandle ¶ added in v0.9.0

func (m *MailFileExtractor) GetFileHandle(conv *core.ConversationInfo, isOrigin bool, depth int) string

GetFileHandle generates a unique identifier for an email attachment

func (*MailFileExtractor) ProtocolName ¶ added in v0.9.0

func (m *MailFileExtractor) ProtocolName() string

ProtocolName returns the protocol name

type MailSecurityAnalysis ¶ added in v0.9.0

type MailSecurityAnalysis struct {
	// SPF/DKIM/DMARC results
	SPFResult   string
	SPFDomain   string
	DKIMResult  string
	DKIMDomain  string
	DMARCResult string
	DMARCPolicy string

	// Phishing indicators
	SenderDisplayNameMismatch bool
	HasSuspiciousReplyTo      bool
	URLCount                  int32
	AttachmentCount           int32
	AttachmentTypes           []string
	HasExecutableAttachment   bool
	HasMacroEnabledAttachment bool
	SubjectEntropy            float64
	HasUrgencyKeywords        bool
	ReceivedHopCount          int32
	IsForwarded               bool
	ReplyTo                   string
	FromDomain                string
}

MailSecurityAnalysis contains security analysis results for an email

func AnalyzeMail ¶ added in v0.9.0

func AnalyzeMail(mail *types.Mail, headers map[string]string, body string) *MailSecurityAnalysis

AnalyzeMail performs security analysis on an email

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL