Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/policy/frameworks/intel/smtp-url-extraction.bro
Seth Hall 172a6345b8 Extracting URLs from message bodies over SMTP and sending them to Intel framework. 
- New utils package for URLs.

- Two functions in the URLs utils.  find_all_urls and
  find_all_urls_without_scheme.
2012-10-31 08:46:40 -04:00

15 lines
No EOL
367 B
Text
Raw Blame History

@load base/frameworks/intel
@load base/utils/urls
@load ./where-locations
event mime_segment_data(c: connection, length: count, data: string) &priority=3
{
local urls = find_all_urls_without_scheme(data);
for ( url in urls )
{
Intel::seen([$str=url,
$str_type=Intel::URL,
$conn=c,
$where=SMTP::IN_MESSAGE]);
}
}
Reference in a new issue View git blame Copy permalink