EML analyzer

EML analyzer is an application to analyze the EML file which can:

• Analyze headers.
• Analyze bodies.
  • Extract IOCs (URLs, domains, IP addresses, emails) in bodies.
• Analyze attachments.
  • Identify whether attachments contain suspicious OLE files.

Installation

Docker

git clone https://github.com/ninoseki/eml_analyzer.git
cd eml_analyzer
docker build . -t eml_analyzer
docker run -i -d -p 8000:8000 eml_analyzer

The application is running at: http://localhost:8000/ in your browser.

Docker Compose

git clone https://github.com/ninoseki/eml_analyzer.git
cd eml_analyzer
docker-compose up

Docker vs. Docker compose

• Docker:
  • Run Uvicorn and SpamAssassin in the same container. (The processes are managed by Circus)
• Docker Compose:
  • Run Gunicorn and SpamAssassin in each container.

Thus Docker Compose is suitable for the production use.

Heroku

Alternatively, you can deploy the application on Heroku.

ToDo

• Support MSG format.
• In-depth attachments analysis by using oletools.