Best experienced on desktop — this tool is optimized for screens 1024px and wider. Some features may not display correctly on mobile.
Analysis Tool · Red Team Intelligence
Email Threat Analyzer
Analyze emails from any provider — Gmail, Outlook, Yahoo, or corporate Exchange. Connect Gmail live or paste any raw email to run AI-powered threat analysis with MITRE ATT&CK mapping and employee training explanations.
1
Source
Gmail or paste
2
Fetch
Pull emails
3
Analyze
AI threat scan
4
Review
Flags & training
01 — Email Source
Gmail Live Connection
Connects to your Gmail inbox via Google OAuth — read-only access, nothing is stored or sent anywhere. Works from any browser, no extensions needed.
Read-only access · No data stored · Revoke anytime in your Google account · Privacy Policy
AI Analysis Engine
All analysis runs via a secure Cloudflare proxy — your API key is stored server-side, never exposed in the browser. All four input modes work fully.
● Ready
🛡
Safest method for non-technical users
Export the email as a file from your client — the original email is never opened in the browser, so there is zero risk of accidentally clicking a malicious link. Works with Gmail, Outlook, Yahoo, Exchange, and any other provider.
📧 Outlook (Desktop)
File → Save As → Save as type: Outlook Message (.msg) or drag the email out of Outlook onto your desktop
🌐 Outlook Web (OWA)
Open email → ⋯ → Download → saves as .eml
📨 Gmail (single email)
Open email → ⋮ → Download message → saves as .eml
📦 Gmail (full inbox export)
Go to takeout.google.com → deselect all → select Gmail → Inbox only → export → upload the .mbox file here
🍎 Apple Mail
Select email → File → Save As → Raw Message Source (.eml)
⚠ Large mailboxes
Tool analyzes up to 100 emails per upload — for large mbox files it automatically picks the 100 most recent
⬆
Drop .eml, .msg, or .mbox files here
or click to browse · multiple files supported · mbox = full inbox export
⚠
Important — get the raw source, not the visible email
Do NOT open the email and copy the text you see. Use your email client's "Show Original" or "View Source" feature to copy the full raw message — this includes hidden headers that reveal the true sender and routing path. The raw source is what makes analysis accurate.
📧 Gmail
Open the email → click ⋮ (three dots, top right) → Show original → Copy to clipboard
🌐 Outlook Web (OWA)
Open the email → click ⋯ → View → View message source → select all → copy
📧 Outlook Desktop
Open the email → File → Properties → copy Internet headers. Forward as plain text for the body.
🍎 Apple Mail
View menu → Message → Raw Source → select all → copy
1 email queued
🎓
Training mode — built-in phishing samples
These are realistic but fictional phishing email samples for classroom training. No real email accounts needed. Select one or more scenarios and run analysis — CIPHER will guide students through what to look for in each.
0 selected
02 — Fetch Emails
Initializing...0%
0
total
0
critical
0
high
0
medium
0
clean
⌕
✕
Threat Summary
Indicators of Compromise
MITRE ATT&CK Techniques
Email Snippet
Training — What to Look For
Link Scanner — VirusTotal
Add your free VirusTotal API key to scan URLs
Step 1. Go to virustotal.com and create a free account Step 2. Click your profile icon → API Key Step 3. Copy and paste your key below — free tier allows 4 scans/min
Extracted URLs — click Scan to check each one
No external URLs detected in this email.
⬡ CIPHER
THREAT ANALYSIS GUIDE
No email selected — select one to get context-aware help
Hi — I'm CIPHER, your threat analysis guide. I can explain any flagged email, walk you through IOCs, decode MITRE techniques, or help train your team on what to look for. Select an email or ask me anything.