🛡️ PHAT – Phishing Header Analyzer Tool

Graphical PowerShell application designed to help investigators, security analysts, and IT professionals examine email headers for signs of phishing or spoofing. The tool parses headers from .eml and .msg files, highlights important fields, and provides insights into SPF, DKIM, and DMARC results.

---

🎯 Features

• GUI-based interface using System.Windows.Forms
• Load .eml or .msg (actually via COM and/or dll support!) files directly
• Parses and highlights:
  • SPF, DKIM, and DMARC results
  • Common headers like From, To, Subject, etc.
  • All Received routes
• Color-coded verdicts (green for pass, red for fail)
• Export results to:
  • Plain text (.txt)
  • Comma-separated values (.csv)

---

💻 Screenshot

---

🚀 How to Use

1. Run the script in a PowerShell console:

   .\phat.ps1

2. Paste headers manually or load a .eml/.msg file.

3. Click "Check" to parse and display header information.

4. Optionally, click "Export TXT" or "Export CSV" to save the analysis.

---

🛠 Requirements

Windows PowerShell

.NET Framework (for Windows Forms) PowerShell Execution Policy allowing script execution (e.g. RemoteSigned)

For .msg support you need Outlook installed! Or download msgreader.dll and put it in root dir of phat.ps1 (https://github.com/Sicos1977/MSGReader)

---

This tool is intended for educational and forensic purposes only. Use it responsibly and legally.