seanthegeek / yaramail

A Python package and command line utility for scanning emails with YARA rules

https://seanthegeek.github.io/yaramail/

email information-security infosec security security-tools yara yara-scanner malware phishing

yaramail

yaramail is a Python package and command line utility for scanning emails with YARA rules. It is ideal for automated triage of phishing reports.

CLI Demo

Features

Scans all parts of an email via API or CLI
- Headers
  - Removes header indents by default for consistent scanning
- Plain text and HTML body content
  - Converts body content to Markdown by default for consistent scanning
- Attachments
  - Raw file content
  - Emails attached to emails
  - PDF document text
  - ZIP file contents, including nested ZIP files
    - Uses message body content as a list of possible ZIP passwords
    - Customizable list of passwords to use when attempting to scan encrypted ZIP files
Provides a built-in methodology for categorizing emails
Parses Authentication-Results headers

About

A Python package and command line utility for scanning emails with YARA rules

https://seanthegeek.github.io/yaramail/

email information-security infosec security security-tools yara yara-scanner malware phishing

Apache License 2.0

Languages

Language:Python 85.6%Language:YARA 8.8%Language:Shell 5.6%