Skip to content
/ phish-analysis Public

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

License

View license
9 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

initconf/phish-analysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
scripts
scripts
 
 
tests
tests
 
 
COPYING
COPYING
 
 
README.md
README.md
 
 
bro-pkg.meta
bro-pkg.meta
 
 

Repository files navigation

Phishing detection package for Bro: this package implements the technology defined in : https://people.eecs.berkeley.edu/~grantho/papers/usenix2017-spearphish.pdf

The bro package works primarily using postgres as backend where it creates and maintains reputation data. Postgres is helpful in preserving states across BRO restarts. For postgres backend support you'd need to install bro-postgresql package from: https://github.com/0xxon/bro-postgresql.git

However, you can run this without postgres support. In that case, there will be limitation on how many URLs you can store in memory and keep track of. Historically we can keep up to 300-500K URLs without much problems.

For customization specific to your site/need please see: scripts/configure-variables-in-this-file.bro

Contact : Aashish Sharma, [email protected] if you have further questions/interests

About

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

Resources

Readme

License

View license
Activity

Stars

9 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages