A cli script to analyze an E-Mail in the eml format for viewing the header, extracting attachments, etc.
Project description
emlAnalyzer
A CLI script to analyze an email in the EML format for viewing headers, extracting attachments, etc.
Installation
Install the package with pip
pip install eml-analyzer
Usage
Type emlAnalyzer --help to view the help.
usage: emlAnalyzer [-h] [-i [INPUT]] [--header] [-x] [-a] [--text] [--html] [-s] [-u] [-ea EXTRACT] [--extract-all] [-o OUTPUT] [--format [{json}]]
A CLI script to analyze an email in the EML format for viewing headers, extracting attachments, etc.
optional arguments:
-h, --help show this help message and exit
-i [INPUT], --input [INPUT]
Path to the EML file. Accepts standard input if omitted
--header Shows the headers
-x, --tracking Shows content which is reloaded from external resources in the HTML part
-a, --attachments Lists attachments
--text Shows plaintext
--html Shows HTML
-s, --structure Shows structure of the E-Mail
-u, --url Shows embedded links and urls in the HTML and text part
-ea EXTRACT, --extract EXTRACT
Extracts the x-th attachment. Can not be used together with the '--format' parameter.
--extract-all Extracts all attachments. If a output format is specified the content of the attachments will be included in the structural output as a base64 encoded blob
-o OUTPUT, --output OUTPUT
Path for the extracted attachment (default is filename in working directory)
--format [{json}] Specifies a structured output format, the default format is not machine-readable
Examples
Example 1
$ emlAnalyzer -i email_1.eml
=================
|| Structure ||
=================
|- text/html
=========================
|| URLs in HTML part ||
=========================
- https://suspicious.site.com/Zajnad
===============================================
|| Reloaded Content (aka. Tracking Pixels) ||
===============================================
[+] No content found which will be reloaded from external resources
===================
|| Attachments ||
===================
[+] E-Mail contains no attachments
Example 2
$ emlAnalyzer -i email_2.eml
=================
|| Structure ||
=================
|- multipart/mixed
| |- multipart/related
| | |- text/html
| | |- image/jpeg [image002.jpg]
| | |- image/jpeg [image003.jpg]
| | |- image/png [image004.png]
| |- message/rfc822
| | |- multipart/alternative
| | | |- text/plain
| | | |- text/html
=========================
|| URLs in HTML part ||
=========================
- https://example.company.com/random/link
- mailto:john.doe@company.com
===============================================
|| Reloaded Content (aka. Tracking Pixels) ||
===============================================
[+] No content found which will be reloaded from external resources
===================
|| Attachments ||
===================
[1] image002.jpg image/jpeg inline
[2] image003.jpg image/jpeg inline
[3] image004.png image/png inline
Example 3
$ emlAnalyzer -i email_1.eml --header
==============
|| Header ||
==============
From..........................................John Doe <asjkasd@asdasd123.com>
To............................................"bob@company.at" <bob@company.at>
Subject.......................................RANDOM SUBJECT
Thread-Topic..................................RANDOM SUBJECT
X-MS-Exchange-MessageSentRepresentingType.....1
Date..........................................Tue, 19 May 2020 07:02:37 +0000
Accept-Language...............................de-DE, en-US
Content-Language..............................de-DE
X-MS-Exchange-Organization-AuthAs.............Anonymous
X-MS-Has-Attach...............................
X-MS-TNEF-Correlator..........................
x-fireeye.....................................Clean
x-rmx-source..................................123.123.123.123
Content-Type..................................text/html; charset="iso-8859-1"
Content-Transfer-Encoding.....................quoted-printable
MIME-Version..................................1.0
Example 4
$ emlAnalyzer -i email_4.eml --format json
{
"structure": {
"type": "multipart/mixed",
"children": [
{
"type": "text/plain"
},
{
"type": "application/pdf",
"name": "attachment_123.pdf",
"disposition": "attachment"
}
]
},
"urls": [
"https://www.facebook.de/abc123",
"https://www.google.com/demo"
],
"reloaded_content": [],
"attachments": [
{
"type": "application/pdf",
"name": "attachment_123.pdf",
"disposition": "attachment"
}
]
}
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
eml-analyzer-2.0.0.tar.gz
(15.1 kB
view details)
Built Distribution
File details
Details for the file eml-analyzer-2.0.0.tar.gz.
File metadata
- Download URL: eml-analyzer-2.0.0.tar.gz
- Upload date:
- Size: 15.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/3.10.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.60.0 CPython/3.9.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | afb3cb1236d411199a7166d59095ee39c8e84175440f369a9a99c7db2c0ee640 |
|
| MD5 | 70d209e7f3f564d7eae48b81046db1e3 |
|
| BLAKE2b-256 | a6bad3386fdc1b0a9ed07a26612904f3d78e7c5ec59a0f90df9242b7ffb45d17 |
File details
Details for the file eml_analyzer-2.0.0-py3-none-any.whl.
File metadata
- Download URL: eml_analyzer-2.0.0-py3-none-any.whl
- Upload date:
- Size: 14.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/3.10.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.60.0 CPython/3.9.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 97fb94000247c16c04cd97c058edda37feb198f9f686af6d5f611f2c3646e825 |
|
| MD5 | 2a8aaa26e08c5eefdea5a6f36b16a636 |
|
| BLAKE2b-256 | 36450af741452a298c89164d55da8a5e45f7b1f2b224b04890fe2956e085e490 |
