https://github.com/suuhm/phat

Graphical PowerShell application designed to help investigators, security analysts, and IT professionals examine email headers for signs of phishing or spoofing. The tool parses headers from .eml and .msg files, highlights important fields, and provides insights into SPF, DKIM, and DMARC results.
https://github.com/suuhm/phat

blueteam graphical-interface header-analysis mail mail-analyzer phishing powershell security-operations-center soc spam

Last synced: about 2 months ago
JSON representation

Graphical PowerShell application designed to help investigators, security analysts, and IT professionals examine email headers for signs of phishing or spoofing. The tool parses headers from .eml and .msg files, highlights important fields, and provides insights into SPF, DKIM, and DMARC results.

• Host: GitHub
• URL: https://github.com/suuhm/phat
• Owner: suuhm
• License: apache-2.0
• Created: 2025-05-08T21:20:43.000Z (9 months ago)
• Default Branch: main
• Last Pushed: 2025-05-08T21:41:04.000Z (9 months ago)
• Last Synced: 2025-05-08T22:31:10.361Z (9 months ago)
• Topics: blueteam, graphical-interface, header-analysis, mail, mail-analyzer, phishing, powershell, security-operations-center, soc, spam
• Language: PowerShell
• Homepage:
• Size: 3.74 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# 🛡️ PHAT – Phishing Header Analyzer Tool

![grafik](https://github.com/user-attachments/assets/703b647f-ee1e-42bd-9c83-8d5bf0af6493)

Graphical PowerShell application designed to help investigators, security analysts, and IT professionals examine email headers for signs of phishing or spoofing. The tool parses headers from `.eml` and `.msg` files, highlights important fields, and provides insights into SPF, DKIM, and DMARC results.

---

## 🎯 Features

- GUI-based interface using `System.Windows.Forms`

- Load `.eml` or `.msg (actually via COM and/or dll support!)` files directly

- Parses and highlights:

  - `SPF`, `DKIM`, and `DMARC` results

  - Common headers like `From`, `To`, `Subject`, etc.

  - All `Received` routes

- Color-coded verdicts (green for pass, red for fail)

- Export results to:

  - Plain text (`.txt`)

  - Comma-separated values (`.csv`)

---

## 💻 Screenshot

![grafik](https://github.com/user-attachments/assets/d162b115-f20e-47cb-a0cf-aab76e422769)

---

## 🚀 How to Use

1. **Run the script** in a PowerShell console:

   ```powershell

   .\phat.ps1

   ```

2. Paste headers manually or load a .eml/.msg file.

3. Click "Check" to parse and display header information.

4. Optionally, click "Export TXT" or "Export CSV" to save the analysis.

---

## 🛠 Requirements

> Windows PowerShell

>

> .NET Framework (for Windows Forms)

> PowerShell Execution Policy allowing script execution (e.g. RemoteSigned)

>

> For .msg support you need Outlook installed! Or download msgreader.dll and put it in root dir of phat.ps1 (https://github.com/Sicos1977/MSGReader)

    

---

### This tool is intended for educational and forensic purposes only. Use it responsibly and legally.