{"id":34553720,"url":"https://github.com/suuhm/phat","last_synced_at":"2026-06-01T11:31:20.213Z","repository":{"id":292245028,"uuid":"980271606","full_name":"suuhm/phat","owner":"suuhm","description":"Graphical PowerShell application designed to help investigators, security analysts, and IT professionals examine email headers for signs of phishing or spoofing. The tool parses headers from .eml and .msg files, highlights important fields, and provides insights into SPF, DKIM, and DMARC results.","archived":false,"fork":false,"pushed_at":"2025-05-09T09:16:00.000Z","size":4235,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-25T19:38:29.437Z","etag":null,"topics":["blueteam","graphical-interface","gui","header-analysis","mail","mail-analyzer","phishing","powershell","security-operations-center","soc","spam"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/suuhm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-08T21:20:43.000Z","updated_at":"2025-05-09T09:16:04.000Z","dependencies_parsed_at":"2025-05-08T22:41:35.946Z","dependency_job_id":null,"html_url":"https://github.com/suuhm/phat","commit_stats":null,"previous_names":["suuhm/phat"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/suuhm/phat","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suuhm%2Fphat","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suuhm%2Fphat/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suuhm%2Fphat/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suuhm%2Fphat/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/suuhm","download_url":"https://codeload.github.com/suuhm/phat/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suuhm%2Fphat/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33773771,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-01T02:00:06.963Z","response_time":115,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blueteam","graphical-interface","gui","header-analysis","mail","mail-analyzer","phishing","powershell","security-operations-center","soc","spam"],"created_at":"2025-12-24T08:22:27.866Z","updated_at":"2026-06-01T11:31:20.190Z","avatar_url":"https://github.com/suuhm.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🛡️ PHAT – Phishing Header Analyzer Tool\n\n![grafik](https://github.com/user-attachments/assets/703b647f-ee1e-42bd-9c83-8d5bf0af6493)\n\n\nGraphical PowerShell application designed to help investigators, security analysts, and IT professionals examine email headers for signs of phishing or spoofing. The tool parses headers from `.eml` and `.msg` files, highlights important fields, and provides insights into SPF, DKIM, and DMARC results.\n\n---\n\n## 🎯 Features\n\n- GUI-based interface using `System.Windows.Forms`\n- Load `.eml` or `.msg (actually via COM and/or dll support!)` files directly\n- Parses and highlights:\n  - `SPF`, `DKIM`, and `DMARC` results\n  - Common headers like `From`, `To`, `Subject`, etc.\n  - All `Received` routes\n- Color-coded verdicts (green for pass, red for fail)\n- Export results to:\n  - Plain text (`.txt`)\n  - Comma-separated values (`.csv`)\n\n---\n\n## 💻 Screenshot\n\n![grafik](https://github.com/user-attachments/assets/d162b115-f20e-47cb-a0cf-aab76e422769)\n\n\n---\n\n## 🚀 How to Use\n\n1. **Run the script** in a PowerShell console:\n   ```powershell\n   .\\phat.ps1\n   ```\n2. Paste headers manually or load a .eml/.msg file.\n\n3. Click \"Check\" to parse and display header information.\n\n4. Optionally, click \"Export TXT\" or \"Export CSV\" to save the analysis.\n\n---\n\n## 🛠 Requirements\n\n\u003e Windows PowerShell\n\u003e\n\u003e .NET Framework (for Windows Forms)\n\u003e PowerShell Execution Policy allowing script execution (e.g. RemoteSigned)\n\u003e\n\u003e For .msg support you need Outlook installed! Or download msgreader.dll and put it in root dir of phat.ps1 (https://github.com/Sicos1977/MSGReader)\n    \n---\n\n### This tool is intended for educational and forensic purposes only. Use it responsibly and legally.\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsuuhm%2Fphat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsuuhm%2Fphat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsuuhm%2Fphat/lists"}