mailMeta: forensics tool to help aid in the investigation of spoofed emails

mailMeta

• What is mailMeta?

mailMeta is a python based forensic tool which reads through the email headers from the email file and extracts crucial information to identify if the email is legitimate.

• What are the advantages of using mailMeta?

Have you ever heared of email hacking or sophisticated email crimes where a spoofed email is sent to the victim and the victim trusts this email based on the email address which is infact fake. These email contains mallicious links which can be used to extract some information or install some malware or backdoors on your device. So, in order to avoid you from this mailMeta comes to your rescue.

Here I have added instructions on how to download the email from the file and then pass it to the mailMeta executable. It then parses the headers and informs you if the mail is genuine or not. Whenever you are suspicious about an email be sure to check it once here. It can save you in most of the scenarios. If anyone has some ideas/updates feel free to open an issue or create a pull request.

• What is the information revealed by the mailMeta? mailMeta parses the following headers:
  • Message-ID
  • SPF-Record
  • DKIM-Record
  • DMARC-Record
  • Spoofed Email detection based on the above headers
  • IP-Address of the sender
  • Service Provider used for sending the email
  • Content-Type
  • Data and Time
  • Subject
• Why is it important to check such parameters?
  • ONGC Email Phishing There are many more such cases which you can find online related to email crimes.

Download

git clone https://github.com/gr33nm0nk2802/mailMeta

Use

Either you are on Windows or Linux first download the original metadata of the email using the show original / view raw / download original option.

Then we pass the eml file to the executable.

This is a demo of how to download the mail. You should find something similar.

Copyright (c) 2021 Syed Modassir Ali

Source: https://github.com/gr33nm0nk2802/