phishing-analysis
CommunityTurn suspicious emails into threat insights.
Content & Communication#threat-hunting#qr-code#ioc#email-security#phishing-analysis#attachment-analysis
Authorchenchunrun
Version1.0.0
Installs0
System Documentation
What problem does it solve?
The phishing-analysis skill provides comprehensive phishing threat analysis for suspicious emails, including header validation, evasion technique detection, IOC extraction, QR code analysis, attachment analysis, and attribution. It helps security teams quickly identify phishing campaigns and surface downstream actions.
Core Features & Use Cases
- Header and authentication evaluation: SPF, DKIM, DMARC checks and header integrity.
- IOC extraction and enrichment: domains, URLs, IPs, email addresses, hashes, and attachments.
- Attachment and archive analysis: unzip/encrypt archives, extract files, macro and payload detection.
- QR code analysis: detect and interpret QR codes in images to reveal embedded URLs or data.
- Downstream skill orchestration: based on IOCS, automatically propose and trigger related skills for deeper analysis.
Quick Start
To start analysis, run python scripts/analyze_email.py suspicious.eml --save-attachments to extract headers, attachments, URLs, and IOCs.
Dependency Matrix
Required Modules
Pillowpyzbarqreaderopencv-pythonnumpypyzipperpy7zrrarfile
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: phishing-analysis Download link: https://github.com/chenchunrun/onyx-soc/archive/main.zip#phishing-analysis Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.