Smasher v1.1

Forensic tool to analyze eml files

VT api

Visit the following sites and get an api token, then put them in the tokens.ini file
VirusTotal token -> https://docs.virustotal.com/reference/getting-started

Installation

git clone https://github.com/sp34rh34d/Smasher.git
pip3 install -r requirements.txt

Smasher Features

Headers extractor for eml files
Urls extractor for eml files
Kaspersky reputation check for sender domain
MXToolBox Blacklist check for sender domain
VirusTotal reputation check for sender domain
Kaspersky malicious activity check for urls detected
Metadata extractor for attachments detected
VirusTotal reputation check for attachements detected (sha256)

Commands

Usage:
  python3 smasher.py eml [args]

Args
    -f,  --file                  set eml file (required)
    -tz, --timezone              set timezone used on eml delivery date default[America/New_York]
    -bc, --blacklist-check       check the domain on MXToolBox [Blacklist]
    -ac, --attachment-check      check sha256 on Virus Total looking for malicious activity 
    -am, --attachment-metadata   extract metadata for attachment on eml file
    -h,  --help                  show this message

blacklist check:

use: python3 smasher.py eml -f file.eml -bc

attachment check on Virus Total:

use: python3 smasher.py eml -f file.eml -ac

metadata extractor

use: python3 smasher.py eml -f file.eml -am

show available timezone

use: python3 smasher.py eml -tz all

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Smasher v1.1

VT api

Installation

Smasher Features

Commands

blacklist check:

attachment check on Virus Total:

metadata extractor

show available timezone

Files

README.md

Latest commit

History

README.md

File metadata and controls

Smasher v1.1

VT api

Installation

Smasher Features

Commands

blacklist check:

attachment check on Virus Total:

metadata extractor

show available timezone