EML analyzer is an application to analyze the EML file which can:
- Analyze headers.
- Analyze bodies.
- Extract IOCs (URLs, domains, IP addresses, emails) in bodies.
- Analyze attachments.
- Identify whether attachments contain suspicious OLE files.
git clone https://github.com/ninoseki/eml_analyzer.git
cd eml_analyzer
docker build . -t eml_analyzer
docker run -i -d -p 8000:8000 eml_analyzerThe application is running at: http://localhost:8000/ in your browser.
git clone https://github.com/ninoseki/eml_analyzer.git
cd eml_analyzer
docker-compose up- Docker:
- Run Uvicorn and SpamAssassin in the same container. (The processes are managed by Circus)
- Docker Compose:
- Run Gunicorn and SpamAssassin in each container.
Thus Docker Compose is suitable for the production use.
Alternatively, you can deploy the application on Heroku.
Configuration can be done via environment variables.
Alternatively you can set values through .env file. Values in .env file will be automatically loaded.
| Key | Desc. | Default |
|---|---|---|
INQUEST_API_KEY |
InQuest API key | - |
REDIS_EXPIRE |
Redis cache expiration time (in seconds) | 3600 |
REDIS_KEY_PREFIX |
Redis key prefix | analysis |
REDIS_URL |
Redis URL | - |
SPAMASSASSIN_HOST |
SpamAssassin host | 127.0.0.1 |
SPAMASSASSIN_PORT |
SpamAssassin port | 783 |
SPAMASSASSIN_TIMEOUT |
SpamAssassin timeout (in seconds) | 10 |
URLSCAN_API_KEY |
urlscan.io API Key | - |
VIRUSTOTAL_API_KEY |
VirusTotal API Key | - |
ASYNC_MAX_AT_ONCE |
Max number of concurrently running lookup tasks | None |
ASYNC_MAX_PER_SECOND |
Max number of tasks spawned per second | None |
- Support MSG format.
- In-depth attachments analysis by using oletools.