spamscope
by SpamScope
SpamScope is a fast, distributed spam analysis tool that processes emails in real-time to detect phishing, malware, and other threats using modular integrations.
Fast Advanced Spam Analysis Tool
Primary Use Case
SpamScope is designed for security analysts and threat hunters who need to analyze large volumes of emails quickly and efficiently to identify phishing attempts, malware, and spam characteristics. It is ideal for organizations looking to automate and scale their email security analysis using a distributed system.
- Distributed real-time email processing using Apache Storm
- Modular architecture with pluggable analysis modules for raw emails, attachments, and sender IPs
- Phishing scoring module for email threat assessment
- Integration with third-party tools like SpamAssassin, Apache Tika, VirusTotal, Thug, Zemana, and Shodan
- Supports multiple email formats including RFC822 and Outlook .msg
- Outputs detailed JSON reports for easy storage and further analysis
- Flexible input sources and customizable processing topologies
- Docker and docker-compose support for easy setup and deployment
Installation
- Install and run Apache Storm (refer to Apache Storm Concepts and Streamparse Quickstart)
- Clone the SpamScope repository from GitHub
- Install Python dependencies (implied by PyPI badge and usage)
- Run Apache Storm cluster or local instance
- Deploy SpamScope topologies to Apache Storm
- Optionally configure and enable desired analysis modules
- Use provided Docker images and docker-compose files for simplified setup
Usage
>_ Run Apache Storm clusterStart the Apache Storm environment to enable distributed processing
>_ Deploy topologies from ./topologies/ folderLaunch SpamScope processing workflows on Apache Storm
>_ Enable/disable post processing modulesCustomize SpamScope functionality by selecting which analysis modules to run
>_ Input raw emails (RFC822 or Outlook formats)Feed emails into SpamScope for analysis
>_ Receive JSON outputObtain structured analysis results including phishing scores and extracted data
- Integrate SpamScope with SIEM platforms to automate alerting and incident response workflows.
- Leverage the modular architecture to add custom detection modules tailored to emerging phishing and malware tactics.
- Use distributed real-time processing to scale email threat analysis in large enterprise environments.
- Combine SpamScope output with threat intelligence feeds to enrich context for threat hunting.
- Deploy SpamScope in purple team exercises to simulate and detect phishing and malware delivery techniques effectively.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about spamscope. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
mailcow-dockerized
mailcow/mailcow-dockerized
mailcow: dockerized - 🐮 + 🐋 = 💕
espoofer
chenjj/espoofer
An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
Spoofy
MattKeeley/Spoofy
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
docker-postfix
bokysan/docker-postfix
Multi architecture simple SMTP server (postfix null relay) host for your Docker and Kubernetes containers. Based on Debian/Ubuntu/Alpine.
sublime-rules
sublime-security/sublime-rules
Sublime rules for email attack detection, prevention, and threat hunting.
EmailAnalyzer
keraattin/EmailAnalyzer
With EmailAnalyzer you can analyze your suspicious emails. You can extract headers, links, and hashes from the .eml file and you can generate reports.