Skip to content

Instantly share code, notes, and snippets.

@econchick

econchick/search_pgp_email.ipynb

Created November 21, 2013 20:30
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save econchick/7589056 to your computer and use it in GitHub Desktop.
Save econchick/7589056 to your computer and use it in GitHub Desktop.
Download ZIP
Display the source blob
Display the rendered blob
Raw
search_pgp_email.ipynb
{
"metadata": {
"name": ""
},
"nbformat": 3,
"nbformat_minor": 0,
"worksheets": [
{
"cells": [
{
"cell_type": "code",
"collapsed": false,
"input": [
"from scapy.all import *"
],
"language": "python",
"metadata": {},
"outputs": [],
"prompt_number": 2
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"pgp_email = open('pgpemail.txt', 'r')"
],
"language": "python",
"metadata": {},
"outputs": [],
"prompt_number": 3
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"pgp_email = pgp_email.read()"
],
"language": "python",
"metadata": {},
"outputs": [],
"prompt_number": 4
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"print pgp_email"
],
"language": "python",
"metadata": {},
"outputs": [
{
"output_type": "stream",
"stream": "stdout",
"text": [
"Return-Path: <erin.lynn.root+caf_=lynn=fastmail.es@gmail.com>\r\n",
"Received: from compute2.internal (compute2.nyi.mail.srv.osa [10.202.2.42])\r\n",
"\t by sloti14d3p1 (Cyrus git2.5+0-git-fastmail-9328) with LMTPA;\r\n",
"\t Thu, 08 Aug 2013 15:09:55 -0400\r\n",
"X-Sieve: CMU Sieve 2.4\r\n",
"X-Spam-known-sender: yes\r\n",
"X-Spam-score: 0.0\r\n",
"X-Spam-hits: BAYES_00 -1.9, RCVD_IN_DNSWL_LOW -0.7, LANGUAGES unknown,\r\n",
" BAYES_USED global, SA_VERSION 3.3.2\r\n",
"X-Spam-source: IP='74.125.82.177', Host='mail-we0-f177.google.com', Country='US',\r\n",
" FromHeader='cx', MailFrom='com'\r\n",
"X-Spam-charsets: \r\n",
"X-Resolved-to: lynn@fastmail.es\r\n",
"X-Delivered-to: lynn@fastmail.es\r\n",
"X-Mail-from: erin.lynn.root+caf_=lynn=fastmail.es@gmail.com\r\n",
"Received: from mx4 ([10.202.2.203])\r\n",
" by compute2.internal (LMTPProxy); Thu, 08 Aug 2013 15:09:55 -0400\r\n",
"Received: from mail-we0-f177.google.com (mail-we0-f177.google.com [74.125.82.177])\r\n",
"\t(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))\r\n",
"\t(No client certificate requested)\r\n",
"\tby mx4.messagingengine.com (Postfix) with ESMTPS id 2EB943C00BC\r\n",
"\tfor <lynn@fastmail.es>; Thu, 8 Aug 2013 15:09:54 -0400 (EDT)\r\n",
"Received: by mail-we0-f177.google.com with SMTP id m46so2845167wev.22\r\n",
" for <lynn@fastmail.es>; Thu, 08 Aug 2013 12:09:53 -0700 (PDT)\r\n",
"X-Received: by 10.194.170.227 with SMTP id ap3mr4308361wjc.40.1375988993124;\r\n",
" Thu, 08 Aug 2013 12:09:53 -0700 (PDT)\r\n",
"X-Forwarded-To: lynn@fastmail.es\r\n",
"X-Forwarded-For: erin.lynn.root@gmail.com lynn@fastmail.es\r\n",
"X-Remote-Delivered-To: erin.lynn.root@gmail.com\r\n",
"Received: by 10.194.82.198 with SMTP id k6csp34152wjy;\r\n",
" Thu, 8 Aug 2013 12:09:51 -0700 (PDT)\r\n",
"X-Received: by 10.52.30.129 with SMTP id s1mr2018358vdh.52.1375988990632;\r\n",
" Thu, 08 Aug 2013 12:09:50 -0700 (PDT)\r\n",
"Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com. [66.111.4.26])\r\n",
" by mx.google.com with ESMTPS id jf10si3517353vdb.50.2013.08.08.12.09.49\r\n",
" for <erin.lynn.root@gmail.com>\r\n",
" (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);\r\n",
" Thu, 08 Aug 2013 12:09:50 -0700 (PDT)\r\n",
"Received-SPF: pass (google.com: domain of hs@ox.cx designates 66.111.4.26 as permitted sender) client-ip=66.111.4.26;\r\n",
"Authentication-Results: mx.google.com;\r\n",
" spf=pass (google.com: domain of hs@ox.cx designates 66.111.4.26 as permitted sender) smtp.mail=hs@ox.cx;\r\n",
" dkim=pass header.i=@messagingengine.com\r\n",
"Received: from compute6.internal (compute6.nyi.mail.srv.osa [10.202.2.46])\r\n",
"\tby gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 6DE1F20E6D\r\n",
"\tfor <erin.lynn.root@gmail.com>; Thu, 8 Aug 2013 15:09:40 -0400 (EDT)\r\n",
"Received: from frontend1 ([10.202.2.160])\r\n",
" by compute6.internal (MEProxy); Thu, 08 Aug 2013 15:09:42 -0400\r\n",
"DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=\r\n",
"\tmessagingengine.com; h=content-type:subject:mime-version:from\r\n",
"\t:date:content-transfer-encoding:message-id:content-description\r\n",
"\t:to; s=smtpout; bh=ugA8qqmrOXWxgBdB7v0H+0BOcXE=; b=BbM30ezgg/ZCT\r\n",
"\t2g7qKCZPzT7BwCYcxKrW6AK8q6a/88ullbu0fihzOkWx3mkPrTsiPp0m51UAozU4\r\n",
"\tTa/vDwZ8mTrpZQ9C6OCfyUZ+nPw7T1PnKSiGBfVDmLth4+c7cwxOjvjKrv6lvMcF\r\n",
"\tEZpgpOcMNMWbyak/oaO7UR3OPYJoJI=\r\n",
"X-Sasl-enc: vw11Io4FZTVtV4ZAON5Tu4opTtdA/ixWjBahwhRhUsfF 1375988978\r\n",
"Received: from omega.fritz.box (unknown [5.28.99.177])\r\n",
"\tby mail.messagingengine.com (Postfix) with ESMTPA id ECD81C00E8A\r\n",
"\tfor <erin.lynn.root@gmail.com>; Thu, 8 Aug 2013 15:09:37 -0400 (EDT)\r\n",
"Content-Type: multipart/encrypted; boundary=\"Apple-Mail=_514AD934-51DC-469A-BDE1-05A7C8FE2EF6\"; protocol=\"application/pgp-encrypted\";\r\n",
"Subject: gpg test\r\n",
"Mime-Version: 1.0 (Mac OS X Mail 6.5 \\(1508\\))\r\n",
"X-Pgp-Agent: GPGMail 505\r\n",
"From: Hynek Schlawack <hs@ox.cx>\r\n",
"Date: Thu, 8 Aug 2013 21:09:36 +0200\r\n",
"Content-Transfer-Encoding: 7bit\r\n",
"Message-Id: <6663DBC6-3EEB-4360-B893-681E57F042E1@ox.cx>\r\n",
"Content-Description: OpenPGP encrypted message\r\n",
"To: Lynn Root <erin.lynn.root@gmail.com>\r\n",
"X-Mailer: Apple Mail (2.1508)\r\n",
"\r\n",
"This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)\r\n",
"--Apple-Mail=_514AD934-51DC-469A-BDE1-05A7C8FE2EF6\r\n",
"Content-Transfer-Encoding: 7bit\r\n",
"Content-Type: application/pgp-encrypted\r\n",
"Content-Description: PGP/MIME Versions Identification\r\n",
"\r\n",
"Version: 1\r\n",
"\r\n",
"--Apple-Mail=_514AD934-51DC-469A-BDE1-05A7C8FE2EF6\r\n",
"Content-Transfer-Encoding: 7bit\r\n",
"Content-Disposition: inline;\r\n",
"\tfilename=encrypted.asc\r\n",
"Content-Type: application/octet-stream;\r\n",
"\tname=encrypted.asc\r\n",
"Content-Description: OpenPGP encrypted message\r\n",
"\r\n",
"-----BEGIN PGP MESSAGE-----\r\n",
"Comment: GPGTools - http://gpgtools.org\r\n",
"\r\n",
"hQIMA/kxqcOmEa16AQ//atOQE0Ye8NSsmyuIbDAtFkdagmNeJO7U7O3HelcJEG7W\r\n",
"knFE0ovxRm0WkugF5aeMgW6F97mlzA7I+hztEefa7Cjz4FMjw3xUjijrqxwGEUve\r\n",
"jnjI/IuaLjn7xpzutG7LHUhv1SQBmMJ6db2onOV/CXK8dREhZ5L5dUPGY/Jm9GVG\r\n",
"TuKS3Pi3A/TMeV/D+jDHOUO2rDtpPAV859zmVrtf0LyQQ/BGVIE4U/LMGHydmykH\r\n",
"zbCmXthk8uQQy1uOdDI+oTLnThIZVo4sAnsBf7uaZ8ztKVOzgyIR1GZ/RHBBQyMJ\r\n",
"NjBEsRNWlY8R43u1q25mfXT041F+0UTtNN/NZBpIlA+ptfFHvzRmhkH9Ezle1F+e\r\n",
"jyMeynUyot5rZp86fqruaOnpImW7bPxxcJYAdhEm1a6LKXmL4CWd+CrNgMxZJ+Bk\r\n",
"usfnMr6IEo+fCaUi7KOTnq1THJDFM1wDTa+ew8MzKuD8svV5UyAMOjX1ctMvt63/\r\n",
"1BDrVhERzSN87WgUj5F2EIar/CeZRT5bmQNVVdr7LIF2MkMjjqrnwSetNGhZO1/L\r\n",
"uHDtNHEszne5YX9G2DAHqbBJbXvQ6myQPwwvX3F4UOvpxWS+4/nidJoaJ6zHf+On\r\n",
"JuEVN8QbgeLYdxpPaWJNe8BxTQbfS3D2tqj9pP1qW3pimFXoGI/k6mzIRpW9ZTuF\r\n",
"Aw4DY0q7mwGCsWMQDACoKkXH3D/CGhmOuKPXlDlJTZQAI5UYLtl1SX/R6BIDvYS4\r\n",
"BTdLXZlkY2gmyTyr1RVFOBKsYMwKebJzevZ2JVlYgqvRmJodIv5ihLMW20bWjzVo\r\n",
"CdPk9Y5lz2BUivSiTfRwU433yGTW9LSZFwAkiOr8elpT1MC0s7QYNf0Lm7BpTD7E\r\n",
"cVyujRfMzia3z4Tz4FFdvxU4FMGr+r3ub6hFGxABrLY5BMbKmTy54zOqP2klihie\r\n",
"F9oD95C6qLQ63VsXBu3FvZe296IyALbT8U2RzBs6olQH9aKCWuXD+GDFLSTY9BQu\r\n",
"ExIkpbm0JNJcXlgqyeUEC294WEb9mxJybssjyy/OKp+xrL9ceHC+iOl/fA97pBmd\r\n",
"fwXpf+5LBIb5KAAvbNZo7AT6AvwE3QRAV113XExPpmAp+dLzjcU19hEK66Nw4lqR\r\n",
"CPKGyureRGJ71iood7A+/fZEqzufbcj4HdY/QQzCNHPMUgfcgdCjl1m3/WdHlpHB\r\n",
"6wKfjOBiaSn5GrWoYeAMAL3xVsvagEOai/rxI42ffLIeb7JJQ9bUJy3G7CLcjlIN\r\n",
"4TRWLHU0htov6cqgxlG6qDzHfzOu9CzxwD9p4FBdb3skbnQhjx5PakEMruUgwITe\r\n",
"EgzUymmzNnTV0pXyusWoCbzXbbBHF/Dxy+N+kvYVCBMRuaeEUQYFbfdwhhlzqfWA\r\n",
"DD9IYn6/TH/crmUjvWC8Cw2rh5dUynzQl9tlIIS30+Vry0JGvZfh7ZGVxwhjKvIZ\r\n",
"iw46+bTeB/TRTl6Pc/PKQoEdi2kHp9iH/RfglRsrFuK6jBF3Z4/dudiY30u+mBux\r\n",
"PjojfDBbpwE+7Q45zKIrRHpG2ATsNDKrXeLdd5w98WbubqD5ldjI8KubUaqbz6pJ\r\n",
"SUVBJ2xSgddYRYljedtS/alElK49kenFfn9QNit+cgZwsyyV1e9NLWq992D5PifZ\r\n",
"PTmKyDDMMfz6G4KKNwp/dw/q1O5LfbHoF1JtFjf++BItEU+IkrUtiwtPJUWHQOz7\r\n",
"cjDUj5j/KCzK06sMpa47jdLpAWRvZvGkUJ/Sh6LR1zvxZMgEEpbh39A/zap07EdD\r\n",
"PTjwZOQeodNPTWuHK/y2N28aC9mAtDQtrILFlxopOBmXUe3oFR1KSzHaXHrTsrCL\r\n",
"cgorISaYiBlimlNjNB/cPUdaJNCgRVlRbnuGkucwdUAOKtCNkJ59heQLcdPGbpMG\r\n",
"96USac3lmisMY9wzomFPT0NpVqzuwd9hdjP9s0NSPQ0VyriTwzlwpKdw1JMHtyKR\r\n",
"0YBM6LJu6o298mO7g3ERPGx3tvZ5FI35N2ygjEN8SbXBoB1nArJtSSfYjVMu7CTq\r\n",
"4sSheKEMTJcJe8PRb/vl1gmSHMKxbE4kTz6z0dofmvXZb93A2sDmhZ2qLB6RCIgB\r\n",
"iJZBCo6gSovPcxk45KwExntm+bkFbn4FLbx2ICtiRM3gSe0yhjQyol92xKi4Tt9S\r\n",
"ZqrueNbFN63F2xFqhtN2vnBubOBVhf9lvAR1JpIcSkiVws8xoxB9IdtDohMfe/z5\r\n",
"S4RoME/R1j2/Zh0EMrR864OYHxr73URB565zokPvdkkPyDOKxG8o6bGnYQhwMV/Y\r\n",
"ZE6qcbGRC6o3T1+48S4lcyOmugTErLMxYeaG1Z9k8LiS5e4hGb8I9IWxxlX8xc4E\r\n",
"30qwjQqAOOK5q9YejZjwMD+NxP6E/NvBdxJStqZxMtGRo79IYd0qZuf54LedgG/r\r\n",
"E3UVbSVQ/dbj2tVJpg/qYyGedSpr5Go6\r\n",
"=0DXU\r\n",
"-----END PGP MESSAGE-----\r\n",
"\r\n",
"--Apple-Mail=_514AD934-51DC-469A-BDE1-05A7C8FE2EF6--\r\n",
"\n"
]
}
],
"prompt_number": 5
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"'protocol=\"application/pgp-encrypted\"' in pgp_email # per RFC 3156"
],
"language": "python",
"metadata": {},
"outputs": [
{
"metadata": {},
"output_type": "pyout",
"prompt_number": 6,
"text": [
"True"
]
}
],
"prompt_number": 6
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"import spy"
],
"language": "python",
"metadata": {},
"outputs": [],
"prompt_number": 7
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"ip_addrs = spy.parse_email('pgpemail.txt')"
],
"language": "python",
"metadata": {},
"outputs": [],
"prompt_number": 9
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"ip_addrs"
],
"language": "python",
"metadata": {},
"outputs": [
{
"metadata": {},
"output_type": "pyout",
"prompt_number": 10,
"text": [
"['74.125.82.177', '66.111.4.26', '5.28.99.177']"
]
}
],
"prompt_number": 10
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"spy.trace_route(ip_addrs, \"PGPEmailTraceroute.geojson\")"
],
"language": "python",
"metadata": {},
"outputs": [
{
"output_type": "stream",
"stream": "stdout",
"text": [
"\n",
"Received 42 packets, got 42 answers, remaining 18 packets\n",
" 5.28.99.177:tcp80 66.111.4.26:tcp80 74.125.82.177:tcp80 \n",
"1 10.48.24.1 11 10.48.24.1 11 10.48.24.1 11 \n",
"2 80.239.169.193 11 80.239.169.193 11 80.239.169.193 11 \n",
"3 213.155.136.52 11 213.155.133.102 11 213.155.131.120 11 \n",
"4 213.248.64.38 11 80.91.247.217 11 213.155.133.143 11 \n",
"5 213.155.135.89 11 213.248.99.134 11 - \n",
"6 213.248.75.218 11 4.69.159.6 11 - \n",
"7 92.79.202.102 11 4.69.148.206 11 - \n",
"8 88.79.44.242 11 4.69.200.165 11 - \n",
"9 62.117.4.6 11 4.69.143.197 11 - \n",
"10 62.117.4.18 11 4.69.143.62 11 - \n",
"11 62.117.4.6 11 4.69.143.70 11 - \n",
"12 62.117.4.18 11 4.69.137.74 11 - \n",
"13 62.117.4.6 11 4.69.134.74 11 - \n",
"14 62.117.4.18 11 4.69.148.41 11 - \n",
"15 62.117.4.6 11 4.69.132.98 11 - \n",
"16 62.117.4.18 11 4.69.156.9 11 - \n",
"17 62.117.4.6 11 4.30.130.234 11 - \n",
"18 62.117.4.18 11 64.90.164.74 11 - \n",
"19 62.117.4.6 11 - - \n",
"20 62.117.4.18 11 - - \n",
"\n",
"Received 42 packets, got 42 answers, remaining 18 packetsBegin emission:\n",
"Begin emission:\n",
"Finished to send 60 packets.Finished to send 60 packets.\n",
"\n"
]
},
{
"output_type": "stream",
"stream": "stdout",
"text": [
"\n",
" 5.28.99.177:tcp80 66.111.4.26:tcp80 74.125.82.177:tcp80 \n",
"1 10.48.24.1 11 10.48.24.1 11 10.48.24.1 11 \n",
"2 80.239.169.193 11 80.239.169.193 11 80.239.169.193 11 \n",
"3 80.91.246.188 11 213.155.133.102 11 213.155.136.52 11 \n",
"4 213.155.134.247 11 213.155.131.29 11 80.91.246.235 11 \n",
"5 213.155.135.89 11 213.248.99.134 11 - \n",
"6 213.248.75.218 11 4.69.159.6 11 - \n",
"7 92.79.202.102 11 4.69.148.206 11 - \n",
"8 88.79.44.242 11 4.69.200.161 11 - \n",
"9 62.117.4.6 11 4.69.143.201 11 - \n",
"10 62.117.4.18 11 4.69.143.54 11 - \n",
"11 62.117.4.6 11 4.69.143.78 11 - \n",
"12 62.117.4.18 11 4.69.137.74 11 - \n",
"13 62.117.4.6 11 4.69.134.78 11 - \n",
"14 62.117.4.18 11 4.69.148.37 11 - \n",
"15 62.117.4.6 11 4.69.132.98 11 - \n",
"16 62.117.4.18 11 4.69.156.9 11 - \n",
"17 62.117.4.6 11 4.30.130.234 11 - \n",
"18 62.117.4.18 11 64.90.164.74 11 - \n",
"19 62.117.4.6 11 - - \n",
"20 62.117.4.18 11 - - \n",
"\n",
"Received 44 packets, got 41 answers, remaining 19 packetsBegin emission:\n",
"Finished to send 60 packets.\n"
]
},
{
"output_type": "stream",
"stream": "stdout",
"text": [
"\n",
" 5.28.99.177:tcp80 66.111.4.26:tcp80 74.125.82.177:tcp80 \n",
"1 10.48.24.1 11 10.48.24.1 11 10.48.24.1 11 \n",
"2 80.239.169.193 11 80.239.169.193 11 80.239.169.193 11 \n",
"3 213.155.131.124 11 80.91.248.206 11 213.155.131.124 11 \n",
"4 80.91.249.12 11 213.155.131.29 11 - \n",
"5 213.155.135.83 11 213.248.99.134 11 - \n",
"6 213.248.75.218 11 4.69.159.14 11 - \n",
"7 92.79.202.102 11 4.69.148.206 11 - \n",
"8 88.79.44.242 11 4.69.200.161 11 - \n",
"9 62.117.4.6 11 4.69.143.197 11 - \n",
"10 62.117.4.18 11 4.69.143.58 11 - \n",
"11 62.117.4.6 11 4.69.143.82 11 - \n",
"12 62.117.4.18 11 4.69.137.74 11 - \n",
"13 62.117.4.6 11 4.69.134.70 11 - \n",
"14 62.117.4.18 11 4.69.148.37 11 - \n",
"15 62.117.4.6 11 4.69.132.98 11 - \n",
"16 62.117.4.18 11 4.69.156.9 11 - \n",
"17 62.117.4.6 11 4.30.130.234 11 - \n",
"18 62.117.4.18 11 64.90.164.74 11 - \n",
"19 62.117.4.6 11 - - \n",
"20 62.117.4.18 11 - - \n"
]
}
],
"prompt_number": 14
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"# upload the PGPEmailTraceroute.geojson to a GitHub Gist"
],
"language": "python",
"metadata": {},
"outputs": [],
"prompt_number": 15
},
{
"cell_type": "code",
"collapsed": false,
"input": [],
"language": "python",
"metadata": {},
"outputs": []
}
],
"metadata": {}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment