Skip to content
/ EmailAnalyzer Public

Cybersecurity - a python3 script to parse and analyze .msg and .eml email files

License

GPL-3.0 license
13 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MrCalv1n/EmailAnalyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
confs
confs
 
 
.gitignore
.gitignore
 
 
EmailAnalyzer.py
EmailAnalyzer.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
outlookmsgfile.py
outlookmsgfile.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

License: GPL v3 Python Versions

EmailAnalyzer

Extracts IoCs (emails, IPs, URLs, attachments,...) from .msg and .eml files.

Currently, it also has support to expand shorted URLs and to scan attached files and URLs against VirusTotal.

You need a VirusTotal API to use this feature.

Please note that it doesn't upload any files to VirusTotal, it only checks if there is a match with known hashes (so don't worry about exfiltrating sensitive files ;-) ). It also doesn't visit the expanded URL webpage, it only performs some checks against the short url site provider.

Example usage

To use it as a command-line script:

 python3 EmailAnalyzer.py -r example.msg

This will create several txt files with IoCs extracted (like Bro does) and a folder ("extracted-attachments") with the attached files.

    ▓█████  ███▄ ▄███▓ ▄▄▄       ██▓ ██▓    ▄▄▄       ███▄    █  ▄▄▄       ██▓   ▓██   ██▓▒███████▒▓█████  ██▀███
    ▓█   ▀ ▓██▒▀█▀ ██▒▒████▄    ▓██▒▓██▒   ▒████▄     ██ ▀█   █ ▒████▄    ▓██▒    ▒██  ██▒▒ ▒ ▒ ▄▀░▓█   ▀ ▓██ ▒ ██▒
    ▒███   ▓██    ▓██░▒██  ▀█▄  ▒██▒▒██░   ▒██  ▀█▄  ▓██  ▀█ ██▒▒██  ▀█▄  ▒██░     ▒██ ██░░ ▒ ▄▀▒░ ▒███   ▓██ ░▄█ ▒
    ▒▓█  ▄ ▒██    ▒██ ░██▄▄▄▄██ ░██░▒██░   ░██▄▄▄▄██ ▓██▒  ▐▌██▒░██▄▄▄▄██ ▒██░     ░ ▐██▓░  ▄▀▒   ░▒▓█  ▄ ▒██▀▀█▄
    ░▒████▒▒██▒   ░██▒ ▓█   ▓██▒░██░░██████▒▓█   ▓██▒▒██░   ▓██░ ▓█   ▓██▒░██████▒ ░ ██▒▓░▒███████▒░▒████▒░██▓ ▒██▒
    ░░ ▒░ ░░ ▒░   ░  ░ ▒▒   ▓▒█░░▓  ░ ▒░▓  ░▒▒   ▓▒█░░ ▒░   ▒ ▒  ▒▒   ▓▒█░░ ▒░▓  ░  ██▒▒▒ ░▒▒ ▓░▒░▒░░ ▒░ ░░ ▒▓ ░▒▓░
    ░ ░  ░░  ░      ░  ▒   ▒▒ ░ ▒ ░░ ░ ▒  ░ ▒   ▒▒ ░░ ░░   ░ ▒░  ▒   ▒▒ ░░ ░ ▒  ░▓██ ░▒░ ░░▒ ▒ ░ ▒ ░ ░  ░  ░▒ ░ ▒░
    ░   ░      ░     ░   ▒    ▒ ░  ░ ░    ░   ▒      ░   ░ ░   ░   ▒     ░ ░   ▒ ▒ ░░  ░ ░ ░ ░ ░   ░     ░░   ░
    ░  ░       ░         ░  ░ ░      ░  ░     ░  ░         ░       ░  ░    ░  ░░ ░       ░ ░       ░  ░   ░
                                                                              ░ ░     ░
usage: EmailAnalyzer.py [-h] [-r INPUT_FILE | -R INPUT_DIR] [-w OUTPUT_DIR]
                        [-vt]

optional arguments:
  -h, --help            show this help message and exit
  -r INPUT_FILE, --read-file INPUT_FILE
                        reads a msg/eml file as input
  -R INPUT_DIR, --read-directory INPUT_DIR
                        reads msg/eml files in a directory
  -w OUTPUT_DIR, --output-directory OUTPUT_DIR
                        specifies a directory as output
  -vt, --virus-total    Enables scanning of email attachments in VirusTotal

#TODO

  • Check for Windows OS compatibility;
  • Customize the header fields for requests;
  • Create HTML final report (summary report);
  • Add proxy support;
  • ...

Installation

Please make sure you have all the requirements installed before using this tool:

  • Pypi

    pip3 install -r requirements.txt

Credits

Joshua Tauberer (outlookmsgfile)

Matthew Walker (extract_msg)

GOVCERT.LU (eml_parser)

About

Cybersecurity - a python3 script to parse and analyze .msg and .eml email files

Resources

Readme

License

GPL-3.0 license
Activity

Stars

13 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages