A reader asked about bulk extraction of email attachments with emldump.py

If you want to extract all attachments and write them to disk, you can use the following command:

emldump.py --jsonoutput sample.eml | myjson-filter.py -W hashvir

This command will produce a MyJSON data structure will the content and metadata of all parts (not only attachments, also the different bodies) and save the parts to disk with filenames formatted as the sha256 hash of the content and the extension .vir.

You can then run the desired analysis commands on the files written to disk.

But you can also run a command directly on the items, without writing them to disk. Here is an example of such a command:

emldump.py --jsonoutput sample.eml | myjson-filter.py -r "cmd.exe /c oledump.py"

This command will start a oledump.py command for each part in the multipart document, and provide the content of each part via stdout.

Quickpost info