With EmailAnalyzer you can able to analyze your suspicious emails. You can extract headers, links and hashes from the .eml file
usage: email-analyzer.py [-h] -f FILENAME [-H] [-d] [-l] [-a]
options:
-h, --help show this help message and exit
-f FILENAME, --filename FILENAME
Name of file
-H, --headers Headers of the eml file
-d, --digests Digests of the eml file
-l, --links Links from the eml file
-a, --attachments Attachments from the eml file
python3 email-analyzer.py -f <eml file> --headers
_ _ _
| | | | ___ __ _ __| | ___ _ __ ___
| |_| |/ _ \/ _` |/ _` |/ _ \ '__/ __|
| _ | __/ (_| | (_| | __/ | \__ \
|_| |_|\___|\__,_|\__,_|\___|_| |___/
_________________________________________________________
Received:
from TEST.TEST.PROD.OUTLOOK.COM (2603:10a6:20b:4f2::13)
by TEST.TEST.PROD.OUTLOOK.COM with HTTPS; Fri, 25 Nov 2022
12:36:39 +0000
_________________________________________________________
_________________________________________________________
Content-Type:
multipart/alternative; boundary=335b23d5689bd75ab002f9c46a6e8023c265d60dd923308dcc7eb7a2cf25
_________________________________________________________
_________________________________________________________
Date:
Fri, 25 Nov 2022 12:36:36 +0000 (UTC)
_________________________________________________________
_________________________________________________________
Subject:
How to use EmailAnalyzer
_________________________________________________________
_________________________________________________________
Reply-To:
[email protected]
_________________________________________________________
_________________________________________________________
X-Sender-IP:
127.0.0.1
_________________________________________________________
___ _ _ _ _
|_ _|_ ____ _____ ___| |_(_) __ _ __ _| |_(_) ___ _ __
| || '_ \ \ / / _ \/ __| __| |/ _` |/ _` | __| |/ _ \| '_ \
| || | | \ V / __/\__ \ |_| | (_| | (_| | |_| | (_) | | | |
|___|_| |_|\_/ \___||___/\__|_|\__, |\__,_|\__|_|\___/|_| |_|
|___/
_________________________________________________________
[X-Sender-IP]
[Virustotal]
https://www.virustotal.com/gui/search/127.0.0.1
[Abuseipdb]
https://www.abuseipdb.com/check/127.0.0.1
_________________________________________________________
python3 email-analyzer.py -f <eml file> --digests
____ _ _
| _ \(_) __ _ ___ ___| |_ ___
| | | | |/ _` |/ _ \/ __| __/ __|
| |_| | | (_| | __/\__ \ |_\__ \
|____/|_|\__, |\___||___/\__|___/
|___/
_________________________________________________________
File MD5:
81dc9bdb52d04dc20036dbd8313ed055
_________________________________________________________
_________________________________________________________
File SHA1:
7110eda4d09e062aa5e4a390b0a572ac0d2c0220
_________________________________________________________
_________________________________________________________
File SHA256:
03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4
_________________________________________________________
_________________________________________________________
Content MD5:
827ccb0eea8a706c4c34a16891f84e7b
_________________________________________________________
_________________________________________________________
Content SHA1:
8cb2237d0679ca88db6464eac60da96345513964
_________________________________________________________
_________________________________________________________
Content SHA256:
5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5
_________________________________________________________
___ _ _ _ _
|_ _|_ ____ _____ ___| |_(_) __ _ __ _| |_(_) ___ _ __
| || '_ \ \ / / _ \/ __| __| |/ _` |/ _` | __| |/ _ \| '_ \
| || | | \ V / __/\__ \ |_| | (_| | (_| | |_| | (_) | | | |
|___|_| |_|\_/ \___||___/\__|_|\__, |\__,_|\__|_|\___/|_| |_|
|___/
_________________________________________________________
[File MD5]
[Virustotal]
https://www.virustotal.com/gui/search/81dc9bdb52d04dc20036dbd8313ed055
_________________________________________________________
_________________________________________________________
[File SHA1]
[Virustotal]
https://www.virustotal.com/gui/search/7110eda4d09e062aa5e4a390b0a572ac0d2c0220
_________________________________________________________
_________________________________________________________
[File SHA256]
[Virustotal]
https://www.virustotal.com/gui/search/03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4
_________________________________________________________
_________________________________________________________
[Content MD5]
[Virustotal]
https://www.virustotal.com/gui/search/827ccb0eea8a706c4c34a16891f84e7b
_________________________________________________________
_________________________________________________________
[Content SHA1]
[Virustotal]
https://www.virustotal.com/gui/search/8cb2237d0679ca88db6464eac60da96345513964
_________________________________________________________
_________________________________________________________
[Content SHA256]
[Virustotal]
https://www.virustotal.com/gui/search/5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5
_________________________________________________________
python3 email-analyzer.py -f <eml file> --links
_ _ _
| | (_)_ __ | | _____
| | | | '_ \| |/ / __|
| |___| | | | | <\__ \
|_____|_|_| |_|_|\_\___/
[1]->https://example.com
[2]->https://testlinks.com/campaing/123124
___ _ _ _ _
|_ _|_ ____ _____ ___| |_(_) __ _ __ _| |_(_) ___ _ __
| || '_ \ \ / / _ \/ __| __| |/ _` |/ _` | __| |/ _ \| '_ \
| || | | \ V / __/\__ \ |_| | (_| | (_| | |_| | (_) | | | |
|___|_| |_|\_/ \___||___/\__|_|\__, |\__,_|\__|_|\___/|_| |_|
|___/
_________________________________________________________
[1]
[VirusTotal]:
https://www.virustotal.com/gui/search/example.com
[UrlScan]:
https://urlscan.io/search/#example.com
_________________________________________________________
_________________________________________________________
[2]
[VirusTotal]:
https://www.virustotal.com/gui/search/testlinks.com/campaing/123124
[UrlScan]:
https://urlscan.io/search/#testlinks.com/campaing/123124
_________________________________________________________
python3 email-analyzer.py -f <eml file> --attachments
_ _ _ _ _
/ \ | |_| |_ __ _ ___| |__ _ __ ___ ___ _ __ | |_ ___
/ _ \| __| __/ _` |/ __| '_ \| '_ ` _ \ / _ \ '_ \| __/ __|
/ ___ \ |_| || (_| | (__| | | | | | | | | __/ | | | |_\__ \
/_/ \_\__|\__\__,_|\___|_| |_|_| |_| |_|\___|_| |_|\__|___/
[1]example.pdf
[2]malicious.pdf
___ _ _ _ _
|_ _|_ ____ _____ ___| |_(_) __ _ __ _| |_(_) ___ _ __
| || '_ \ \ / / _ \/ __| __| |/ _` |/ _` | __| |/ _ \| '_ \
| || | | \ V / __/\__ \ |_| | (_| | (_| | |_| | (_) | | | |
|___|_| |_|\_/ \___||___/\__|_|\__, |\__,_|\__|_|\___/|_| |_|
|___/
_________________________________________________________
[1]
[Virustotal]
[md5]->https://www.virustotal.com/gui/search/81dc9bdb52d04dc20036dbd8313ed055
[sha1]->https://www.virustotal.com/gui/search/7110eda4d09e062aa5e4a390b0a572ac0d2c0220
[sha256]->https://www.virustotal.com/gui/search/03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4
_________________________________________________________
_________________________________________________________
[2]
[Virustotal]
[md5]->https://www.virustotal.com/gui/search/827ccb0eea8a706c4c34a16891f84e7b
[sha1]->https://www.virustotal.com/gui/search/8cb2237d0679ca88db6464eac60da96345513964
[sha256]->https://www.virustotal.com/gui/search/5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5
_________________________________________________________