Browse Source

Modified regex to detect Microsoft ATP URLs (#1976)

pull/2060/head
Glenn Wilkinson 1 year ago
committed by GitHub
parent
commit
0b2ab68f8d
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
  1. +4
    -2
      imap/monitor.go

+ 4
- 2
imap/monitor.go View File

@ -21,8 +21,10 @@ import (
"github.com/gophish/gophish/models"
)
// Pattern for GoPhish emails e.g ?rid=AbC123
var goPhishRegex = regexp.MustCompile("(\\?rid=(3D)?([A-Za-z0-9]{7}))") // We include the optional quoted-printable 3D at the front, just in case decoding fails
// Pattern for GoPhish emails e.g ?rid=AbC1234
// We include the optional quoted-printable 3D at the front, just in case decoding fails. e.g ?rid=3DAbC1234
// We also include alternative URL encoded representations of '=' and '?' to handle Microsoft ATP URLs e.g %3Frid%3DAbC1234
var goPhishRegex = regexp.MustCompile("((\\?|%3F)rid(=|%3D)(3D)?([A-Za-z0-9]{7}))")
// Monitor is a worker that monitors IMAP servers for reported campaign emails
type Monitor struct {

Loading…
Cancel
Save