Email/Phishing Headers

[Arkanyus]

Nice work on the enhancements, I'll keep adding until you tell me to stop haha

• A decoder along the lines of >> Paste internet headers from email >> tool outputs fields of interest (e.g Sender IP, Original true sender address, SPF etc.) in a pretty and liftable snippet

[TheresAFewConors]

Haha keep 'em coming!

That's actually a feature I'm working on right now, it works by choosing the email in a file explorer - it then extracts all the email addresses from the email, next I need to get the URL extractor working and then it's on to the headers for analysis - aiming for completion on Friday (if all goes well)

Again I'll keep this ticket open as a reminder and close it when complete - you'll get a notification too so you know when it's been uploaded

[TheresAFewConors]

Ok so released the first iteration of the header analyser, its only tested with .msg files from outlook right now, but I'll add the .eml files next

[Arkanyus]

Getting an error with an Outlook .msg file, not much additional info to be able to give on the error and i assume its working fine for you, was there a req. added for this?

Also, getting an error with the ipwhois import now, do you have a link for the install for this? I used: https://github.com/secynic/ipwhois

[TheresAFewConors]

Hmm that is strange.

• For the outlook error: what OS are you on? I'll take a look and see if I can find any errors. EDIT: ok I think I identified the error - if the filename has spaces in it then it can cause an exception - so I'm dealing with that now EDIT: Is fixed for the most part - still an issue with Python not releasing the file so the same email can't be analyzed twice (not that it needs to or anything though). Will continue to work on this bug before more features are added.

• I'll take a look at the ipwhois now - I haven't changed it so not sure why its giving an error - regardless I'll take a look. EDIT: Can't seem to find any issues on this end - nothing has changed from the requirements file in over a week now.

[TheresAFewConors]

Going to close this issue due to no actions to be taken - comment below if the error persists and we'll figure it out.

[Arkanyus]

Apologies for the delayed response.

• I'm using Ubuntu, will see if the spacing was the issue for the email files
• Still getting the ipwhois import issue, is this the right one to use?: https://github.com/secynic/ipwhois

[TheresAFewConors]

I've modified the code so if a file has a space in its name it will remove it before opening - which seems to have fixed some of the issue - there is still a problem with Python not releasing the emails after though so each can only be checked once per launch

Are you installing from the requirements file? That should be the correct import and version