Smasher v1.1

Forensic tool to analyze eml files

VT api

Visit the following sites and get an api token, then put them in the tokens.ini file
VirusTotal token -> https://docs.virustotal.com/reference/getting-started

Installation

git clone https://github.com/sp34rh34d/Smasher.git
pip3 install -r requirements.txt

Smasher Features

• Headers extractor for eml files
• Urls extractor for eml files
• Kaspersky reputation check for sender domain
• MXToolBox Blacklist check for sender domain
• VirusTotal reputation check for sender domain
• Kaspersky malicious activity check for urls detected
• Metadata extractor for attachments detected
• VirusTotal reputation check for attachements detected (sha256)

Commands

Usage:
  python3 smasher.py eml [args]

Args
    -f,  --file                  set eml file (required)
    -tz, --timezone              set timezone used on eml delivery date default[America/New_York]
    -bc, --blacklist-check       check the domain on MXToolBox [Blacklist]
    -ac, --attachment-check      check sha256 on Virus Total looking for malicious activity 
    -am, --attachment-metadata   extract metadata for attachment on eml file
    -h,  --help                  show this message

blacklist check:

use: python3 smasher.py eml -f file.eml -bc

attachment check on Virus Total:

use: python3 smasher.py eml -f file.eml -ac

metadata extractor

use: python3 smasher.py eml -f file.eml -am

show available timezone

use: python3 smasher.py eml -tz all