Pentest Notes

Email Analysis

Last modified: 2023-04-21

Reconnaissance

Detecting malware from messages, check if they are phishing.

OSINT

InQuest Labs
Message Header Analyzer

Analyses message header of email. It helps to check the phishing emails.
PhishTool

Combines threat intelligence, OSINT, email metadata and battle tested auto-analysis pathways into one powerful phishing response platform.
Simple Email Reputation

Paste the sender’s email address to check if the address is suspicious.
VirusTotal

Manual Analysis

strings example.eml

Sublime Text

You can analyze an email message source.
Download the .eml file from an email provider and open it on the Sublime Text.

Malware Detection in Attached Files

If you got mali in which attached "suspicious" files, you need to investigate them.

View the Message Source
Copy the Attached File's Base64
Change Base64 to SHA256
```
sha256sum attached_file.doc
# or
sha256sum <base64-string>
```
Or there are some useful tools:
- CyberChef is useful to change the cipher.
Investigate the Hash

There are some useful tools:
- InQuest Labs
- Talos File Reputation
- VirusTotal