{"id":13709451,"url":"https://github.com/keraattin/EmailAnalyzer","last_synced_at":"2025-05-06T16:31:43.851Z","repository":{"id":63782116,"uuid":"570523307","full_name":"keraattin/EmailAnalyzer","owner":"keraattin","description":"With EmailAnalyzer you can analyze your suspicious emails. You can extract headers, links, and hashes from the .eml file and you can generate reports.","archived":false,"fork":false,"pushed_at":"2023-10-17T11:48:42.000Z","size":97,"stargazers_count":232,"open_issues_count":0,"forks_count":33,"subscribers_count":10,"default_branch":"main","last_synced_at":"2024-11-13T19:40:19.617Z","etag":null,"topics":["blueteaming","cybersecurity","dfir","email","forensics"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/keraattin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-11-25T11:51:12.000Z","updated_at":"2024-11-06T14:47:45.000Z","dependencies_parsed_at":"2024-01-14T10:57:41.726Z","dependency_job_id":null,"html_url":"https://github.com/keraattin/EmailAnalyzer","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keraattin%2FEmailAnalyzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keraattin%2FEmailAnalyzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keraattin%2FEmailAnalyzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keraattin%2FEmailAnalyzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/keraattin","download_url":"https://codeload.github.com/keraattin/EmailAnalyzer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252721078,"owners_count":21793748,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blueteaming","cybersecurity","dfir","email","forensics"],"created_at":"2024-08-02T23:00:39.393Z","updated_at":"2025-05-06T16:31:43.844Z","avatar_url":"https://github.com/keraattin.png","language":"Python","readme":"![Python](https://img.shields.io/badge/python-3.10-blue.svg) \n![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)\n# EmailAnalyzer\nWith EmailAnalyzer you can able to analyze your suspicious emails. You can extract headers, links and hashes from the .eml file\n\n## Usage\n```\nusage: email-analyzer.py [-h] -f FILENAME [-H] [-d] [-l] [-a] [-i] [-o OUTPUT]\n\noptions:\n  -h, --help            show this help message and exit\n  -f FILENAME, --filename FILENAME\n                        Name of the EML file\n  -H, --headers         To get the Headers of the Email\n  -d, --digests         To get the Digests of the Email\n  -l, --links           To get the Links from the Email\n  -a, --attachments     To get the Attachments from the Email\n  -i, --investigate     Activate if you want an investigation\n  -o OUTPUT, --output OUTPUT\n                        Name of the Output file (Only HTML or JSON format supported)\n```\n\n## Run All\nThis command will get you Headers, Links, Attachments, and Digests with Investigations:\n```\npython3 email-analyzer.py -f \u003ceml file\u003e \n```\n\n## Extract Outputs\nIf you want to extract the outputs to a file you can use this commands:\n```\npython3 email-analyzer.py -f \u003ceml file\u003e -o report.html\n```\nCheck the ![Wiki Page](https://github.com/keraattin/EmailAnalyzer/wiki/Generate-an-HTML-Report) for details\n![image](https://github.com/keraattin/EmailAnalyzer/assets/6709252/b449246e-881c-4d2d-822b-71c4d4a21ca1)\nor \n```\npython3 email-analyzer.py -f \u003ceml file\u003e -o report.json\n```\nCheck the ![Wiki Page](https://github.com/keraattin/EmailAnalyzer/wiki/Generate-a-JSON-Report) for details\n\n\u003e Only supported **JSON** and **HTML** formats currently.\n\n## To get ONLY Headers\n```\npython3 email-analyzer.py -f \u003ceml file\u003e --headers\n```\nor\n```\npython3 email-analyzer.py -f \u003ceml file\u003e -H\n```\n\n```\n██╗  ██╗███████╗ █████╗ ██████╗ ███████╗██████╗ ███████╗\n██║  ██║██╔════╝██╔══██╗██╔══██╗██╔════╝██╔══██╗██╔════╝\n███████║█████╗  ███████║██║  ██║█████╗  ██████╔╝███████╗\n██╔══██║██╔══╝  ██╔══██║██║  ██║██╔══╝  ██╔══██╗╚════██║\n██║  ██║███████╗██║  ██║██████╔╝███████╗██║  ██║███████║\n╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝╚═════╝ ╚══════╝╚═╝  ╚═╝╚══════╝\n\n_________________________________________________________\n[received]\nfrom TEST.TEST.PROD.OUTLOOK.COM (2603:10a6:20b:4f2::13)\n by TEST.TEST.PROD.OUTLOOK.COM with HTTPS; Fri, 25 Nov 2022\n 12:36:39 +0000\n_________________________________________________________\n_________________________________________________________\n[content-type]\nmultipart/alternative; boundary=335b23d5689bd75ab002f9c46a6e8023c265d60dd923308dcc7eb7a2cf25\n_________________________________________________________\n_________________________________________________________\n[date]\nFri, 25 Nov 2022 12:36:36 +0000 (UTC)\n_________________________________________________________\n_________________________________________________________\n[subject]\nHow to use EmailAnalyzer\n_________________________________________________________\n_________________________________________________________\n[reply-to]\ninfo123@gmail.com\n_________________________________________________________\n_________________________________________________________\n[from]\n\"Admin\"\u003cinfo@officialmail.com\u003e\n_________________________________________________________\n_________________________________________________________\n[to]\nme\n_________________________________________________________\n_________________________________________________________\n[x-sender-ip]\n127.0.0.1\n_________________________________________________________\n```\n\n## To Investigate Headers\n```\npython3 mail-analyzer.py -f \u003ceml file\u003e --headers --investigate\n```\nor\n```\npython3 mail-analyzer.py -f \u003ceml file\u003e -Hi\n```\n\n```\n █████╗ ███╗   ██╗ █████╗ ██╗  ██╗   ██╗███████╗██╗███████╗\n██╔══██╗████╗  ██║██╔══██╗██║  ╚██╗ ██╔╝██╔════╝██║██╔════╝\n███████║██╔██╗ ██║███████║██║   ╚████╔╝ ███████╗██║███████╗\n██╔══██║██║╚██╗██║██╔══██║██║    ╚██╔╝  ╚════██║██║╚════██║\n██║  ██║██║ ╚████║██║  ██║███████╗██║   ███████║██║███████║\n╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝╚══════╝╚═╝   ╚══════╝╚═╝╚══════╝\n\n_________________________________________________________\n[X-Sender-IP]\nVirustotal:\nhttps://www.virustotal.com/gui/search/127.0.0.1\n\nAbuseipdb:\nhttps://www.abuseipdb.com/check/127.0.0.1\n_________________________________________________________\n\n_________________________________________________________\n[Spoof Check]\nReply-To:\ninfo123@gmail.com\n\nFrom:\ninfo@officialmail.com\n\nConclusion:\nReply Address and From Address is NOT Same. This mail may be SPOOFED.\n_________________________________________________________\n```\n\n## To get Hash of eml file \u0026 content\n```\npython3 email-analyzer.py -f \u003ceml file\u003e --digests\n```\nor\n```\npython3 email-analyzer.py -f \u003ceml file\u003e -d\n```\n\n```\n██████╗ ██╗ ██████╗ ███████╗███████╗████████╗███████╗\n██╔══██╗██║██╔════╝ ██╔════╝██╔════╝╚══██╔══╝██╔════╝\n██║  ██║██║██║  ███╗█████╗  ███████╗   ██║   ███████╗\n██║  ██║██║██║   ██║██╔══╝  ╚════██║   ██║   ╚════██║\n██████╔╝██║╚██████╔╝███████╗███████║   ██║   ███████║\n╚═════╝ ╚═╝ ╚═════╝ ╚══════╝╚══════╝   ╚═╝   ╚══════╝\n\n_________________________________________________________\n[File MD5]\n81dc9bdb52d04dc20036dbd8313ed055\n_________________________________________________________\n_________________________________________________________\n[File SHA1]\n7110eda4d09e062aa5e4a390b0a572ac0d2c0220\n_________________________________________________________\n_________________________________________________________\n[File SHA256]\n03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4\n_________________________________________________________\n_________________________________________________________\n[Content MD5]\n827ccb0eea8a706c4c34a16891f84e7b\n_________________________________________________________\n_________________________________________________________\n[Content SHA1]\n8cb2237d0679ca88db6464eac60da96345513964\n_________________________________________________________\n_________________________________________________________\n[Content SHA256]\n5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5\n_________________________________________________________\n```\n\n## To Investigate Digests\n```\npython3 email-analyzer.py -f \u003ceml file\u003e --digests --investigate\n```\nor\n```\npython3 email-analyzer.py -f \u003ceml file\u003e -di\n```\n\n```\n █████╗ ███╗   ██╗ █████╗ ██╗  ██╗   ██╗███████╗██╗███████╗\n██╔══██╗████╗  ██║██╔══██╗██║  ╚██╗ ██╔╝██╔════╝██║██╔════╝\n███████║██╔██╗ ██║███████║██║   ╚████╔╝ ███████╗██║███████╗\n██╔══██║██║╚██╗██║██╔══██║██║    ╚██╔╝  ╚════██║██║╚════██║\n██║  ██║██║ ╚████║██║  ██║███████╗██║   ███████║██║███████║\n╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝╚══════╝╚═╝   ╚══════╝╚═╝╚══════╝\n\n_________________________________________________________\n[File MD5]\nVirustotal:\nhttps://www.virustotal.com/gui/search/81dc9bdb52d04dc20036dbd8313ed055\n_________________________________________________________\n\n_________________________________________________________\n[File SHA1]\nVirustotal:\nhttps://www.virustotal.com/gui/search/7110eda4d09e062aa5e4a390b0a572ac0d2c0220\n_________________________________________________________\n\n_________________________________________________________\n[File SHA256]\nVirustotal:\nhttps://www.virustotal.com/gui/search/03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4\n_________________________________________________________\n\n_________________________________________________________\n[Content MD5]\nVirustotal:\nhttps://www.virustotal.com/gui/search/827ccb0eea8a706c4c34a16891f84e7b\n_________________________________________________________\n\n_________________________________________________________\n[Content SHA1]\nVirustotal:\nhttps://www.virustotal.com/gui/search/8cb2237d0679ca88db6464eac60da96345513964\n_________________________________________________________\n\n_________________________________________________________\n[Content SHA256]\nVirustotal:\nhttps://www.virustotal.com/gui/search/5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5\n_________________________________________________________\n\n```\n\n## To get Links from eml file\n\n```\npython3 email-analyzer.py -f \u003ceml file\u003e --links\n```\nor\n```\npython3 email-analyzer.py -f \u003ceml file\u003e -l\n```\n\n```\n██╗     ██╗███╗   ██╗██╗  ██╗███████╗\n██║     ██║████╗  ██║██║ ██╔╝██╔════╝\n██║     ██║██╔██╗ ██║█████╔╝ ███████╗\n██║     ██║██║╚██╗██║██╔═██╗ ╚════██║\n███████╗██║██║ ╚████║██║  ██╗███████║\n╚══════╝╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝╚══════╝\n\n\n[1]-\u003ehttps://example.com\n[2]-\u003ehttps://testlinks.com/campaing/123124\n```\n\n## To Investigate Links\n```\npython3 email-analyzer.py -f \u003ceml file\u003e --links --investigate\n```\nor\n```\npython3 email-analyzer.py -f \u003ceml file\u003e --li\n```\n\n```\n █████╗ ███╗   ██╗ █████╗ ██╗  ██╗   ██╗███████╗██╗███████╗\n██╔══██╗████╗  ██║██╔══██╗██║  ╚██╗ ██╔╝██╔════╝██║██╔════╝\n███████║██╔██╗ ██║███████║██║   ╚████╔╝ ███████╗██║███████╗\n██╔══██║██║╚██╗██║██╔══██║██║    ╚██╔╝  ╚════██║██║╚════██║\n██║  ██║██║ ╚████║██║  ██║███████╗██║   ███████║██║███████║\n╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝╚══════╝╚═╝   ╚══════╝╚═╝╚══════╝\n\n_________________________________________________________\n[1]\nVirusTotal:\nhttps://www.virustotal.com/gui/search/example.com\n\nUrlScan:\nhttps://urlscan.io/search/#example.com\n_________________________________________________________\n\n_________________________________________________________\n[2]\nVirusTotal:\nhttps://www.virustotal.com/gui/search/testlinks.com/campaing/123124\n\nUrlScan:\nhttps://urlscan.io/search/#testlinks.com/campaing/123124\n_________________________________________________________\n```\n\n## To get Attachments from eml file\n```\npython3 email-analyzer.py -f \u003ceml file\u003e --attachments\n```\nor\n```\npython3 email-analyzer.py -f \u003ceml file\u003e -a\n```\n\n```\n █████╗ ████████╗████████╗ █████╗  ██████╗██╗  ██╗███████╗\n██╔══██╗╚══██╔══╝╚══██╔══╝██╔══██╗██╔════╝██║  ██║██╔════╝\n███████║   ██║      ██║   ███████║██║     ███████║███████╗\n██╔══██║   ██║      ██║   ██╔══██║██║     ██╔══██║╚════██║\n██║  ██║   ██║      ██║   ██║  ██║╚██████╗██║  ██║███████║\n╚═╝  ╚═╝   ╚═╝      ╚═╝   ╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝╚══════╝\n\n[1]-\u003eexample.pdf\n_________________________________________________________\n[2]-\u003emalicious.pdf\n_________________________________________________________\n```\n\n## To Investigate Attachments\n```\npython3 email-analyzer.py -f \u003ceml file\u003e --attachments --investigate\n```\nor\n```\npython3 email-analyzer.py -f \u003ceml file\u003e -ai\n```\n\n```\n █████╗ ███╗   ██╗ █████╗ ██╗  ██╗   ██╗███████╗██╗███████╗\n██╔══██╗████╗  ██║██╔══██╗██║  ╚██╗ ██╔╝██╔════╝██║██╔════╝\n███████║██╔██╗ ██║███████║██║   ╚████╔╝ ███████╗██║███████╗\n██╔══██║██║╚██╗██║██╔══██║██║    ╚██╔╝  ╚════██║██║╚════██║\n██║  ██║██║ ╚████║██║  ██║███████╗██║   ███████║██║███████║\n╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝╚══════╝╚═╝   ╚══════╝╚═╝╚══════╝\n\n_________________________________________________________\n- example.pdf\n\nVirustotal:\n[Name Search]-\u003ehttps://www.virustotal.com/gui/search/example.pdf\n[MD5]-\u003ehttps://www.virustotal.com/gui/search/81dc9bdb52d04dc20036dbd8313ed055\n[SHA1]-\u003ehttps://www.virustotal.com/gui/search/7110eda4d09e062aa5e4a390b0a572ac0d2c0220\n[SHA256]-\u003ehttps://www.virustotal.com/gui/search/03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4\n_________________________________________________________\n_________________________________________________________\n- malicious.pdf\n\nVirustotal:\n[Name Search]-\u003ehttps://www.virustotal.com/gui/search/malicious.pdf\n[MD5]-\u003ehttps://www.virustotal.com/gui/search/827ccb0eea8a706c4c34a16891f84e7b\n[SHA1]-\u003ehttps://www.virustotal.com/gui/search/8cb2237d0679ca88db6464eac60da96345513964\n[SHA256]-\u003ehttps://www.virustotal.com/gui/search/5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5\n_________________________________________________________\n```\n","funding_links":[],"categories":["[](#table-of-contents) Table of contents","Emailing"],"sub_categories":["[](#warc)Tools for working with WARC (WebARChive) files","Email helpers"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeraattin%2FEmailAnalyzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeraattin%2FEmailAnalyzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeraattin%2FEmailAnalyzer/lists"}