When you receive emails, whether it is to do manual investigation, tracking the source IP, if its Masked by VPN, or check if it goes through the SMTP host, depending on the complexity or protection used in setting up the outgoing and incoming of emails, all this info gets stored in raw mode in their headers. So when working on studying by analyzing the headers either to track someone, or collect IP Addresses involved in the delivery of emails, for further recon analysis (Nmap, etc..) E-Mail header analyzer (MHA) is a tool written in flask by lnxg33k for parsing email headers and converting them to a human readable format and it also can:
Identify hop delays.
Identify the source of the email.
Hop country.
E-Mail Header Analyzer (MHA)
MHA is an alternative for the following:
Installation
Install system dependencies:
sudo apt-get update
sudo apt-get install python-pip
sudo pip install virtualenv
Create a Python virtual environment and activate it:
virtualenv virt
source virt/bin/activate
Clone the GitHub repo:
git clone https://github.com/lnxg33k/MHA.git
Install Python dependencies:
cd MHA
pip install -r requirements.txt
Run the development server:
python server.py -d
You can change the bind address or port by specifying the appropriate options: python server.py -b 0.0.0.0 -p 8080
Everything should go well, now visit http://localhost:8080.
Docker
A Dockerfile is provided if you wish to build a docker image.
docker build -t mha:latest .
You can then run a container with:
docker run -d -p 8080:8080 mha:latest
#mha #emailheaderanalyzer #cybersecurity #digitalforensics #blackhatethicalhacking
