SpamScope is a fast, distributed spam analysis tool that processes emails in real-time to detect phishing, malware, and other threats using modular integrations.
Fast Advanced Spam Analysis Tool
SpamScope is designed for security analysts and threat hunters who need to analyze large volumes of emails quickly and efficiently to identify phishing attempts, malware, and spam characteristics. It is ideal for organizations looking to automate and scale their email security analysis using a distributed system.
SpamScope requires Apache Storm to be installed and running for distributed processing; users should familiarize themselves with Storm concepts and Streamparse. The tool’s modular design allows integration with multiple third-party services, but API keys or accounts may be needed for services like VirusTotal and Shodan. Docker support simplifies deployment but configuring custom topologies and modules may require advanced knowledge of Apache Storm and Python.
Install and run Apache Storm (refer to Apache Storm Concepts and Streamparse Quickstart)
Clone the SpamScope repository from GitHub
Install Python dependencies (implied by PyPI badge and usage)
Run Apache Storm cluster or local instance
Deploy SpamScope topologies to Apache Storm
Optionally configure and enable desired analysis modules
Use provided Docker images and docker-compose files for simplified setupRun Apache Storm cluster
Start the Apache Storm environment to enable distributed processing
Deploy topologies from ./topologies/ folder
Launch SpamScope processing workflows on Apache Storm
Enable/disable post processing modules
Customize SpamScope functionality by selecting which analysis modules to run
Input raw emails (RFC822 or Outlook formats)
Feed emails into SpamScope for analysis
Receive JSON output
Obtain structured analysis results including phishing scores and extracted data