Email and suspicious file analysis

We will be using emlAnalyzer to parse headers, body, embedded URLs, plaintext and HTML data, and extract attachments

To install emlAnalyzer :

sudo pip install eml-analyzer

You need to have python and pip installed to use this command

The email file may be in .eml or .msg format, to extract using emlAnalyzer, we use the following command :

emlAnalyzer -i path/to/file --header --html -u --text --extract-all

To check senders email reputation for any malicious records : emailrep.io

We can use a number of sources to check the malicious attachements, each file has its own unique sha256 hash, so we can use the hash to verify if there are any previous reports on the particular hash.

To get the sha256 hash of a file :

sha256sum path/to/file

Then we can cross check the hash with services like :

• VirusTotal - Suspicious file, domain, ip & url check
• Inquest - Threat analysis

For IP and Url linked in email :

  IP :

• Ipinfo.io - Detailed IP infos like geolocation
• Talos reputation - Search by IP, domain, or network owner for real-time threat data.

  URL Sandbox:

• urlscan.io
• Browserling
• Wannabrowser

Stay safe surfing the web !