EmailAnalyzer

by keraattin

269stars

38forks

10watchers

Updated 8 months ago

About

EmailAnalyzer is a Python-based tool that extracts and analyzes headers, links, attachments, and hashes from suspicious .eml email files to aid in email threat investigation and reporting.

With EmailAnalyzer you can analyze your suspicious emails. You can extract headers, links, and hashes from the .eml file and you can generate reports.

Primary Use Case

This tool is designed for security analysts, threat hunters, and forensic investigators who need to analyze suspicious emails for potential threats. It helps extract critical email components such as headers, links, attachments, and hashes, enabling detailed investigation and report generation in HTML or JSON formats.

Key Features

Extract email headers from .eml files
Extract links embedded in emails
Extract attachments from emails
Generate cryptographic digests (hashes) of email content
Support for investigation mode to analyze headers
Generate reports in HTML or JSON formats
Command-line interface for flexible usage

Installation

Ensure Python 3.10 is installed
Download or clone the EmailAnalyzer repository
Run the script using python3 email-analyzer.py with appropriate arguments

Usage

>_ python3 email-analyzer.py -f <eml file>

Run full analysis extracting headers, links, attachments, and digests with investigations

>_ python3 email-analyzer.py -f <eml file> -o report.html

Generate a detailed HTML report from the .eml file analysis

>_ python3 email-analyzer.py -f <eml file> -o report.json

Generate a detailed JSON report from the .eml file analysis

>_ python3 email-analyzer.py -f <eml file> --headers

Extract only the headers from the email

>_ python3 email-analyzer.py -f <eml file> -H

Extract only the headers from the email (short option)

>_ python3 email-analyzer.py -f <eml file> --headers --investigate

Extract headers and perform an investigation on them

>_ python3 email-analyzer.py -f <eml file> -Hi

Extract headers and perform an investigation (short options)

Security Frameworks

Reconnaissance

Initial Access

Collection

Discovery

Analysis

Usage Insights

Integrate EmailAnalyzer with SIEM platforms to automate suspicious email triage and enrich alerts.
Use the tool in purple team exercises to simulate phishing campaigns and improve detection capabilities.
Leverage generated hashes and extracted links to cross-reference threat intelligence feeds for faster threat validation.
Automate report generation in HTML/JSON for streamlined incident documentation and sharing across teams.
Extend the tool with API hooks to trigger automated containment workflows upon detection of malicious emails.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about EmailAnalyzer. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

This tool hasn't been indexed yet. Request indexing to enable AI chat.

Admin will review your request within 24 hours

Security Profile

Red Team40%

Blue Team90%

Purple Team70%

Details

LicenseGNU General Public License v3.0

LanguagePython

Open Issues5

Topics

blueteaming