An automated email artifact analysis tool designed to parse .eml files, extract attachments, headers, and embedded URLs, and enrich them with threat intelligence from VirusTotal, URLScan.io, and ScreenshotAPI. Built using Flask and Python, this tool streamlines phishing investigation and enhances email security operations.
This project provides a lightweight, web-based platform for automating the extraction and enrichment of email artifacts from .eml files. It aims to assist security analysts in quickly identifying phishing attempts, malicious attachments, and suspicious URLs.
- Upload
.emlfiles through a web interface - Parse and extract:
- Sender address, recipient, subject, date, and originating IP
- Attachment filenames and generate SHA-256 hashes
- Embedded URLs, including unwrapping URLDefense links
- Threat enrichment:
- Visual preview of URLs via ScreenshotAPI
- Reputation checks on URLs using VirusTotal and URLScan.io
- Direct links for further analysis on external threat platforms
- Full email body display for manual inspection
- Guidance for next-step analysis included
- Flask β Web application framework
- BeautifulSoup β HTML parsing
- VirusTotal API
- URLScan.io API
- ScreenshotAPI
| Upload Page | Parsed Results | URL Visual Preview |
|---|---|---|
 |
 |
 |
(Make sure to add your screenshots inside a /screenshots/ folder!)
- Python 3.8+
- pip (Python package manager)
- Clone the repository:
git clone https://github.com/yourusername/automated-email-artifact-analyzer.git cd automated-email-artifact-analyzer