analyzing-email-headers-for-phishing-investigation
CommunityTrace phishing origins via email header analysis.
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Phishing emails often spoof senders and obfuscate delivery paths; this skill provides automated header analysis to trace origin, verify authenticity, and identify spoofing indicators.
Core Features & Use Cases
- Parse email headers to extract key fields (From, To, Date, Message-ID, Return-Path, Received chain).
- Validate SPF/DKIM/DMARC results using Authentication-Results headers and DNS lookups.
- Map delivery path via Received headers (bottom-up) to identify hops and relays.
- Detect header anomalies such as From/Reply-To mismatch, URL display/href mismatches, and suspicious attachments.
- Extract URLs and attachments for further analysis and reputation checks.
Quick Start
Analyze a raw email file (EML) to produce a header analysis report and phishing indicators.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: analyzing-email-headers-for-phishing-investigation Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#analyzing-email-headers-for-phishing-investigation Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.