Email Analyzer

superior_hosting_service

With EmailAnalyzer you can able to analyze your suspicious emails. You can extract headers, links and hashes from the .eml file


Usage

usage: email-analyzer.py [-h] -f FILENAME [-H] [-d] [-l] [-a]

options:
  -h, --help            show this help message and exit
  -f FILENAME, --filename FILENAME
                        Name of file
  -H, --headers         Headers of the eml file
  -d, --digests         Digests of the eml file
  -l, --links           Links from the eml file
  -a, --attachments     Attachments from the eml file

To get Headers

python3 email-analyzer.py -f <eml file> --headers
 _   _                _
| | | | ___  __ _  __| | ___ _ __ ___
| |_| |/ _ \/ _` |/ _` |/ _ \ '__/ __|
|  _  |  __/ (_| | (_| |  __/ |  \__ \
|_| |_|\___|\__,_|\__,_|\___|_|  |___/

_________________________________________________________
Received:
from TEST.TEST.PROD.OUTLOOK.COM (2603:10a6:20b:4f2::13)
 by TEST.TEST.PROD.OUTLOOK.COM with HTTPS; Fri, 25 Nov 2022
 12:36:39 +0000
_________________________________________________________
_________________________________________________________
Content-Type:
multipart/alternative; boundary=335b23d5689bd75ab002f9c46a6e8023c265d60dd923308dcc7eb7a2cf25
_________________________________________________________
_________________________________________________________
Date:
Fri, 25 Nov 2022 12:36:36 +0000 (UTC)
_________________________________________________________
_________________________________________________________
Subject:
How to use EmailAnalyzer
_________________________________________________________
_________________________________________________________
Reply-To:
mymail@example.com
_________________________________________________________
_________________________________________________________
X-Sender-IP:
127.0.0.1
_________________________________________________________

 ___                     _   _             _   _
|_ _|_ ____   _____  ___| |_(_) __ _  __ _| |_(_) ___  _ __
 | || '_ \ \ / / _ \/ __| __| |/ _` |/ _` | __| |/ _ \| '_ \
 | || | | \ V /  __/\__ \ |_| | (_| | (_| | |_| | (_) | | | |
|___|_| |_|\_/ \___||___/\__|_|\__, |\__,_|\__|_|\___/|_| |_|
                               |___/

_________________________________________________________
[X-Sender-IP]
[Virustotal]
https://www.virustotal.com/gui/search/127.0.0.1
[Abuseipdb]
https://www.abuseipdb.com/check/127.0.0.1
_________________________________________________________

To get Hash of eml file & content

python3 email-analyzer.py -f <eml file> --digests
 ____  _                 _
|  _ \(_) __ _  ___  ___| |_ ___
| | | | |/ _` |/ _ \/ __| __/ __|
| |_| | | (_| |  __/\__ \ |_\__ \
|____/|_|\__, |\___||___/\__|___/
         |___/

_________________________________________________________
File MD5:
81dc9bdb52d04dc20036dbd8313ed055
_________________________________________________________
_________________________________________________________
File SHA1:
7110eda4d09e062aa5e4a390b0a572ac0d2c0220
_________________________________________________________
_________________________________________________________
File SHA256:
03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4
_________________________________________________________
_________________________________________________________
Content MD5:
827ccb0eea8a706c4c34a16891f84e7b
_________________________________________________________
_________________________________________________________
Content SHA1:
8cb2237d0679ca88db6464eac60da96345513964
_________________________________________________________
_________________________________________________________
Content SHA256:
5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5
_________________________________________________________

 ___                     _   _             _   _
|_ _|_ ____   _____  ___| |_(_) __ _  __ _| |_(_) ___  _ __
 | || '_ \ \ / / _ \/ __| __| |/ _` |/ _` | __| |/ _ \| '_ \
 | || | | \ V /  __/\__ \ |_| | (_| | (_| | |_| | (_) | | | |
|___|_| |_|\_/ \___||___/\__|_|\__, |\__,_|\__|_|\___/|_| |_|
                               |___/

_________________________________________________________
[File MD5]
[Virustotal]
https://www.virustotal.com/gui/search/81dc9bdb52d04dc20036dbd8313ed055
_________________________________________________________

_________________________________________________________
[File SHA1]
[Virustotal]
https://www.virustotal.com/gui/search/7110eda4d09e062aa5e4a390b0a572ac0d2c0220
_________________________________________________________

_________________________________________________________
[File SHA256]
[Virustotal]
https://www.virustotal.com/gui/search/03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4
_________________________________________________________

_________________________________________________________
[Content MD5]
[Virustotal]
https://www.virustotal.com/gui/search/827ccb0eea8a706c4c34a16891f84e7b
_________________________________________________________

_________________________________________________________
[Content SHA1]
[Virustotal]
https://www.virustotal.com/gui/search/8cb2237d0679ca88db6464eac60da96345513964
_________________________________________________________

_________________________________________________________
[Content SHA256]
[Virustotal]
https://www.virustotal.com/gui/search/5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5
_________________________________________________________

To get Links from eml file

python3 email-analyzer.py -f <eml file> --links
 _     _       _
| |   (_)_ __ | | _____
| |   | | '_ \| |/ / __|
| |___| | | | |   <\__ \
|_____|_|_| |_|_|\_\___/


[1]->https://example.com
[2]->https://testlinks.com/campaing/123124
 ___                     _   _             _   _
|_ _|_ ____   _____  ___| |_(_) __ _  __ _| |_(_) ___  _ __
 | || '_ \ \ / / _ \/ __| __| |/ _` |/ _` | __| |/ _ \| '_ \
 | || | | \ V /  __/\__ \ |_| | (_| | (_| | |_| | (_) | | | |
|___|_| |_|\_/ \___||___/\__|_|\__, |\__,_|\__|_|\___/|_| |_|
                               |___/

_________________________________________________________
[1]
[VirusTotal]:
https://www.virustotal.com/gui/search/example.com
[UrlScan]:
https://urlscan.io/search/#example.com
_________________________________________________________

_________________________________________________________
[2]
[VirusTotal]:
https://www.virustotal.com/gui/search/testlinks.com/campaing/123124
[UrlScan]:
https://urlscan.io/search/#testlinks.com/campaing/123124
_________________________________________________________

To get Attachments from eml file

python3 email-analyzer.py -f <eml file> --attachments
    _   _   _             _                          _
   / \ | |_| |_ __ _  ___| |__  _ __ ___   ___ _ __ | |_ ___
  / _ \| __| __/ _` |/ __| '_ \| '_ ` _ \ / _ \ '_ \| __/ __|
 / ___ \ |_| || (_| | (__| | | | | | | | |  __/ | | | |_\__ \
/_/   \_\__|\__\__,_|\___|_| |_|_| |_| |_|\___|_| |_|\__|___/


[1]example.pdf
[2]malicious.pdf
 ___                     _   _             _   _
|_ _|_ ____   _____  ___| |_(_) __ _  __ _| |_(_) ___  _ __
 | || '_ \ \ / / _ \/ __| __| |/ _` |/ _` | __| |/ _ \| '_ \
 | || | | \ V /  __/\__ \ |_| | (_| | (_| | |_| | (_) | | | |
|___|_| |_|\_/ \___||___/\__|_|\__, |\__,_|\__|_|\___/|_| |_|
                               |___/

_________________________________________________________
[1]
[Virustotal]
[md5]->https://www.virustotal.com/gui/search/81dc9bdb52d04dc20036dbd8313ed055
[sha1]->https://www.virustotal.com/gui/search/7110eda4d09e062aa5e4a390b0a572ac0d2c0220
[sha256]->https://www.virustotal.com/gui/search/03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4
_________________________________________________________
_________________________________________________________
[2]
[Virustotal]
[md5]->https://www.virustotal.com/gui/search/827ccb0eea8a706c4c34a16891f84e7b
[sha1]->https://www.virustotal.com/gui/search/8cb2237d0679ca88db6464eac60da96345513964
[sha256]->https://www.virustotal.com/gui/search/5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5
_________________________________________________________

The EmailAnalyzer is a github repository by Kerem