Skip to content
/ eml_analyzer Public

A cli script to analyze an E-Mail in the EML format for viewing the header, extracting attachments, etc.

License

MIT license
94 stars 19 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

wahlflo/eml_analyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

60 Commits
.github/workflows
.github/workflows
 
 
eml_analyzer
eml_analyzer
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

Unit-Tests

emlAnalyzer

A CLI script to analyze an email in the EML format for viewing headers, extracting attachments, etc.

Installation

Install the package with pip

pip install eml-analyzer

Usage

Type emlAnalyzer --help to view the help.

usage: emlAnalyzer [-h] [-i [INPUT]] [--header] [-x] [-a] [--text] [--html] [-s] [-u] [-ea EXTRACT] [--extract-all] [-o OUTPUT] [--format [{json}]]

A CLI script to analyze an email in the EML format for viewing headers, extracting attachments, etc.

optional arguments:
  -h, --help            show this help message and exit
  -i [INPUT], --input [INPUT]
                        Path to the EML file. Accepts standard input if omitted
  --header              Shows the headers
  -x, --tracking        Shows content which is reloaded from external resources in the HTML part
  -a, --attachments     Lists attachments
  --text                Shows plaintext
  --html                Shows HTML
  -s, --structure       Shows structure of the E-Mail
  -u, --url             Shows embedded clickable links and urls in the HTML and text part
  -ea EXTRACT, --extract EXTRACT
                        Extracts the x-th attachment. Can not be used together with the '--format' parameter.
  --extract-all         Extracts all attachments. If a output format is specified the content of the attachments will be included in the structural output as a base64 encoded blob
  -o OUTPUT, --output OUTPUT
                        Path for the extracted attachment (default is filename in working directory)
  --format [{json}]     Specifies a structured output format, the default format is not machine-readable

Examples

Example 1

$ emlAnalyzer -i email_1.eml
 =================
 ||  Structure  ||
 =================
|- text/html

 =========================
 ||  URLs in HTML part  ||
 =========================
 - https://suspicious.site.com/Zajnad

 ===============================================
 ||  Reloaded Content (aka. Tracking Pixels)  ||
 ===============================================
[+] No content found which will be reloaded from external resources

 ===================
 ||  Attachments  ||
 ===================
[+] E-Mail contains no attachments

Example 2

$ emlAnalyzer -i email_2.eml
 =================
 ||  Structure  ||
 =================
|- multipart/mixed
|  |- multipart/related
|  |  |- text/html
|  |  |- image/jpeg                        [image002.jpg]
|  |  |- image/jpeg                        [image003.jpg]
|  |  |- image/png                         [image004.png]
|  |- message/rfc822
|  |  |- multipart/alternative
|  |  |  |- text/plain
|  |  |  |- text/html

 =========================
 ||  URLs in HTML part  ||
 =========================
 - https://example.company.com/random/link
 - mailto:[email protected]

 ===============================================
 ||  Reloaded Content (aka. Tracking Pixels)  ||
 ===============================================
[+] No content found which will be reloaded from external resources

 ===================
 ||  Attachments  ||
 ===================
[1] image002.jpg        image/jpeg        inline
[2] image003.jpg        image/jpeg        inline
[3] image004.png        image/png         inline

Example 3

$ emlAnalyzer -i email_1.eml --header

 ==============
 ||  Header  ||
 ==============
From..........................................John Doe <[email protected]>
To............................................"[email protected]" <[email protected]>
Subject.......................................RANDOM SUBJECT
Thread-Topic..................................RANDOM SUBJECT
X-MS-Exchange-MessageSentRepresentingType.....1
Date..........................................Tue, 19 May 2020 07:02:37 +0000
Accept-Language...............................de-DE, en-US
Content-Language..............................de-DE
X-MS-Exchange-Organization-AuthAs.............Anonymous
X-MS-Has-Attach...............................
X-MS-TNEF-Correlator..........................
x-fireeye.....................................Clean
x-rmx-source..................................123.123.123.123
Content-Type..................................text/html; charset="iso-8859-1"
Content-Transfer-Encoding.....................quoted-printable
MIME-Version..................................1.0

Example 4

$ emlAnalyzer -i email_4.eml --format json
{
    "structure": {
        "type": "multipart/mixed",
        "children": [
            {
                "type": "text/plain"
            },
            {
                "type": "application/pdf",
                "name": "attachment_123.pdf",
                "disposition": "attachment"
            }
        ]
    },
    "urls": [
        "https://www.facebook.de/abc123",
        "https://www.google.com/demo"
    ],
    "reloaded_content": [],
    "attachments": [
        {
            "type": "application/pdf",
            "name": "attachment_123.pdf",
            "disposition": "attachment"
        }
    ]
}

About

A cli script to analyze an E-Mail in the EML format for viewing the header, extracting attachments, etc.

Topics

python malware-analysis eml eml-analyzer

Resources

Readme

License

MIT license
Activity

Stars

94 stars

Watchers

3 watching

Forks

19 forks
Report repository

Releases 7

v3.0.0 Latest
Aug 4, 2023
+ 6 releases

Contributors 3

  •  
  •  
  •  

Languages