We will be using emlAnalyzer to parse headers, body, embedded URLs, plaintext and HTML data, and extract attachments
To install emlAnalyzer :
sudo pip install eml-analyzer
You need to have python and pip installed to use this command
The email file may be in .eml or .msg format, to extract using emlAnalyzer, we use the following command :
emlAnalyzer -i path/to/file --header --html -u --text --extract-all
To check senders email reputation for any malicious records : emailrep.io
We can use a number of sources to check the malicious attachements, each file has its own unique sha256 hash, so we can use the hash to verify if there are any previous reports on the particular hash.
To get the sha256 hash of a file :
sha256sum path/to/file
Then we can cross check the hash with services like :
For IP and Url linked in email :
IP :
- Ipinfo.io - Detailed IP infos like geolocation
- Talos reputation - Search by IP, domain, or network owner for real-time threat data.
URL Sandbox: