EmailAnalyzer is a Python-based tool that extracts and analyzes headers, links, attachments, and hashes from suspicious .eml email files to aid in email threat investigation and reporting.
With EmailAnalyzer you can analyze your suspicious emails. You can extract headers, links, and hashes from the .eml file and you can generate reports.
This tool is designed for security analysts, threat hunters, and forensic investigators who need to analyze suspicious emails for potential threats. It helps extract critical email components such as headers, links, attachments, and hashes, enabling detailed investigation and report generation in HTML or JSON formats.
Currently, EmailAnalyzer supports output reports only in HTML and JSON formats. Users should have Python 3.10 installed to run the tool. The tool is intended for analyzing .eml files and may require familiarity with command-line operations. For detailed report generation, refer to the repository's Wiki pages.
Ensure Python 3.10 is installed
Download or clone the EmailAnalyzer repository
Run the script using python3 email-analyzer.py with appropriate argumentspython3 email-analyzer.py -f <eml file>
Run full analysis extracting headers, links, attachments, and digests with investigations
python3 email-analyzer.py -f <eml file> -o report.html
Generate a detailed HTML report from the .eml file analysis
python3 email-analyzer.py -f <eml file> -o report.json
Generate a detailed JSON report from the .eml file analysis
python3 email-analyzer.py -f <eml file> --headers
Extract only the headers from the email
python3 email-analyzer.py -f <eml file> -H
Extract only the headers from the email (short option)
python3 email-analyzer.py -f <eml file> --headers --investigate
Extract headers and perform an investigation on them
python3 email-analyzer.py -f <eml file> -Hi
Extract headers and perform an investigation (short options)