adding BIMI parsing and reporting

MattKeeley · Sep 5, 2023 · fd74718 · fd74718
1 parent 362f6e4
commit fd74718
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 10 deletions.
diff --git a/libs/bimi.py b/libs/bimi.py
@@ -15,4 +15,32 @@ def get_bimi_record(domain, dns_server):
         return None
 
 
-
+def get_bimi_details(bimi_record):
+    """Returns a tuple containing policy, pct, aspf, subdomain policy,
+    forensic report uri, and aggregate report uri from a BIMI record"""
+    version = get_bimi_version(bimi_record)
+    location = get_bimi_location(bimi_record)
+    authority = get_bimi_authority(bimi_record)
+    return version, location, authority
+
+
+def get_bimi_version(bimi_record):
+    """Returns the version value from a BIMI record."""
+    if "v=" in str(bimi_record):
+        return str(bimi_record).split("v=")[1].split(";")[0]
+    else:
+        return None
+
+def get_bimi_location(bimi_record):
+    """Returns the location value from a BIMI record."""
+    if "l=" in str(bimi_record):
+        return str(bimi_record).split("l=")[1].split(";")[0]
+    else:
+        return None
+
+def get_bimi_authority(bimi_record):
+    """Returns the authority value from a BIMI record."""
+    if "a=" in str(bimi_record):
+        return str(bimi_record).split("a=")[1].split(";")[0]
+    else:
+        return None
diff --git a/libs/report.py b/libs/report.py
@@ -48,7 +48,7 @@ def write_to_excel(data):
         df.to_excel(file_name, index=False)
 
 
-def printer(domain, subdomain, dns_server, spf_record, spf_all, spf_includes, dmarc_record, p, pct, aspf, sp, fo, rua, bimi_record, spoofable):
+def printer(domain, subdomain, dns_server, spf_record, spf_all, spf_includes, dmarc_record, p, pct, aspf, sp, fo, rua, bimi_record, vbimi, location, authority, spoofable):
     """This function is a utility function that takes in various parameters related to the 
     results of DMARC and SPF checks and outputs the results to the console in a human-readable format.
 
@@ -99,7 +99,10 @@ def printer(domain, subdomain, dns_server, spf_record, spf_all, spf_includes, dm
 
     if(bimi_record):
         output_info(f"BIMI record : {bimi_record}")
-
+        output_info(f"BIMI version : {vbimi}")
+        output_info(f"BIMI location : {location}")
+        output_info(f"BIMI authority : {authority}")
+
     if spoofable in [0, 1, 2, 3, 4, 5, 6, 7, 8]:
         if spoofable == 8:
             output_bad("Spoofing not possible for " + domain)

diff --git a/spoofy.py b/spoofy.py
@@ -3,7 +3,7 @@
 import tldextract
 import threading
 import os
-from libs import dmarc, dns, logic, spf, report
+from libs import bimi, dmarc, dns, logic, spf, report
 
 print_lock = threading.Lock()
 
@@ -14,7 +14,7 @@ def process_domain(domain, output):
       and outputs the results to the console or an Excel file."""
     try:
         dns_server = spf_record = dmarc_record = None
-        spf_all = spf_includes = p = pct = aspf = sp = fo = rua = None
+        spf_all = spf_includes = p = pct = aspf = sp = fo = rua = vbimi = location = authority = None
         subdomain = bool(tldextract.extract(domain).subdomain)
         with print_lock:
             dns_server, spf_record, dmarc_record, bimi_record = dns.get_dns_server(domain)
@@ -23,19 +23,34 @@ def process_domain(domain, output):
             spf_includes = spf.get_spf_includes(domain)
         if dmarc_record:
             p, pct, aspf, sp, fo, rua = dmarc.get_dmarc_details(dmarc_record)
+        if bimi_record:
+            vbimi, location, authority = bimi.get_bimi_details(bimi_record)
         spoofable = logic.is_spoofable(
             domain, p, aspf, spf_record, spf_all, spf_includes, sp, pct)
         if output == "xls":
             with print_lock:
-                data = [{'DOMAIN': domain, 'SUBDOMAIN': subdomain, 'SPF': spf_record, 'SPF MULTIPLE ALLS': spf_all,
-                        'SPF TOO MANY INCLUDES': spf_includes, 'DMARC': dmarc_record, 'DMARC POLICY': p,
-                         'DMARC PCT': pct, 'DMARC ASPF': aspf, 'DMARC SP': sp, 'DMARC FORENSIC REPORT': fo,
-                         'DMARC AGGREGATE REPORT': rua, 'BIMI_RECORD': bimi_record, 'SPOOFING POSSIBLE': spoofable}]
+                data = [{'DOMAIN': domain, 
+                        'SUBDOMAIN': subdomain, 
+                        'SPF': spf_record, 
+                        'SPF MULTIPLE ALLS': spf_all,
+                        'SPF TOO MANY INCLUDES': spf_includes, 
+                        'DMARC': dmarc_record, 
+                        'DMARC POLICY': p,
+                        'DMARC PCT': pct, 
+                        'DMARC ASPF': aspf, 
+                        'DMARC SP': sp, 
+                        'DMARC FORENSIC REPORT': fo,
+                        'DMARC AGGREGATE REPORT': rua, 
+                        'BIMI_RECORD': bimi_record, 
+                        'BIMI_VERSION': vbimi,
+                        'BIMI_LOCATION': location,
+                        'BIMI_AUTHORITY': authority,
+                        'SPOOFING POSSIBLE': spoofable}]
                 report.write_to_excel(data)
         else:
             with print_lock:
                 report.printer(domain, subdomain, dns_server, spf_record, spf_all, spf_includes, dmarc_record, p, pct, aspf,
-                               sp, fo, rua, bimi_record, spoofable)
+                               sp, fo, rua, bimi_record, vbimi, location, authority, spoofable)
     except Exception as e:
         raise e
         with print_lock: