v3.0

What's Changed

• Fix quoted-printable decode in get_links (closes #25) by @keraattin in #34
• Fix IndexError crash in spoof check for unparseable headers (closes #26) by @keraattin in #36
• Fix attachments parsed in text mode causing encoding errors (closes #27) by @keraattin in #37
• Feature/issue 38 unit tests by @keraattin in #39
• Fix TypeError crash when attachment payload is None (closes #28) by @keraattin in #40
• Fix None attachment filename used as dict key causing TypeError (clos… by @keraattin in #41
• Fix UnicodeDecodeError on non-UTF-8 encoded emails (closes #30) by @keraattin in #42
• Fix #31: read file once as binary, pass bytes to get_digests() by @keraattin in #43
• Fix #32: escape all user-controlled values in HTML report to prevent XSS by @keraattin in #44
• Fix #33: assign unique IDs to each navbar dropdown by @keraattin in #45
• feat #46: decode RFC 2047 encoded header values by @keraattin in #52
• feat #47: extract and investigate public IPs from Received headers by @keraattin in #53
• feat #48: parse SPF/DKIM/DMARC authentication results into structured… by @keraattin in #55
• feat #49: add MIME type to attachment data output by @keraattin in #56
• feat #50: add --defang flag to output URLs in defanged notation by @keraattin in #57
• Add duplicate attachment detection (#51) by @keraattin in #58
• Fix/issue 59 qp decoding by @keraattin in #64
• Fix LINK_REGEX to match single-quoted href attributes (#60) by @keraattin in #65
• Add file existence check to prevent unhandled FileNotFoundError (#61) by @keraattin in #66
• Fix unnamed attachment fallback index mismatch (#62) by @keraattin in #67
• Extract URLs from plain-text body parts in get_links() (#68) by @keraattin in #69
• Add From display name spoofing detection to header investigation (#70) by @keraattin in #78
• feat: add suspicious header pattern detection (#71) by @keraattin in #79
• feat: investigate X-Originating-IP header alongside X-Sender-IP (#72) by @keraattin in #80
• feat: add Reply-To domain investigation check (#73) by @keraattin in #81
• fix: wrap HTML report in proper / / str… by @keraattin in #82
• feat: add --version flag and VERSION constant (#75) by @keraattin in #83
• feat: add threat summary section to HTML report (#76) by @keraattin in #84
• feat: add sticky navbar and copy-to-clipboard buttons to HTML report … by @keraattin in #85
• Feature/issue 77 clipboard sticky navbar by @keraattin in #86
• Release/v3.0 by @keraattin in #87
• Merge for Release 3.0 by @keraattin in #88

Highlights

• Redesigned HTML report (Bootstrap 5.3.3, Font Awesome 6, jQuery removed)
• Threat Summary card (LOW / MEDIUM / HIGH) with per-check breakdown (#76)
• Sticky navbar, copy-to-clipboard buttons, clickable IP/URL investigation links (#77)
• Merged Data + Investigation tables for Links, Attachments, and Digests
• Five new investigation checks (display name, reply-to domain, x-originating-ip, received IPs, suspicious headers)
• SPF / DKIM / DMARC authentication results parsed into structured output (#48)
• New --version (#75) and --defang (#50) flags
• Full pytest test suite (#38) with fixtures and CLI regression tests

Added - Analysis & Detection

• Display Name spoofing detection in From header (#70)
• Reply-To vs From domain mismatch check (#73)
• X-Originating-IP investigation via VirusTotal & AbuseIPDB (#72)
• Public IP extraction and investigation from Received headers (#47)
• Suspicious header pattern detection — missing Message-ID/MIME-Version, future/old Date, suspicious X-Mailer (#71)
• SPF / DKIM / DMARC authentication parsing with Authentication-Results / Received-SPF fallback (#48)
• Duplicate attachment detection via SHA256 comparison (#51)
• Plain-text URL extraction from text/plain body parts (#68)
• RFC 2047 encoded header decoding (base64 / quoted-printable) (#46)
• MIME type field on attachment output (#49)

Added - CLI & Output

• --version flag printing version from VERSION constant (#75)
• -D/--defang flag to output URLs in defanged notation (#50)
• -A/--authentication flag for SPF/DKIM/DMARC parsing (#48)
• Early validation of output format against SUPPORTED_OUTPUT_TYPES
• File existence check with friendly error before parsing (#61)

Added - HTML Report

• Threat Summary section with severity badges and per-check alert cards (#76)
• Sticky navbar and copy-to-clipboard for URLs and hashes (#77)
• Clickable links for IP/URL values inside Investigation cards
• Merged Data + Investigation tables for Links, Attachments, and Digests
• Bootstrap 5.3.3 / Font Awesome 6.5.2 upgrade; jQuery dependency removed
• Proper <!DOCTYPE html> / <html> / <body> structure with <title> (#74)
• Authentication entry converted from dropdown to plain nav-item

Added - Testing

• Initial pytest suite with regression coverage (#38)
• New test files: test_originating_ip (#72), test_replyto_domain (#73), test_suspicious_headers (#71), test_display_name (#70), test_plaintext_links (#68), test_cli (#75), test_html_generator (#32), test_defang (#50), test_attachment_mime (#49), test_auth_results (#48), test_received_ips (#47), test_rfc2047 (#46)
• New fixtures for spoofing, IP, encoding, auth, and structural edge cases
• Expanded happy-path and edge-case coverage across all analyzers (#38)

Fixed - Crashes

• IndexError in spoof check when From/Reply-To has no parseable address (#26)
• TypeError when attachment payload is None on multipart sub-parts (#28)
• TypeError from None attachment filename used as dict key (#29)
• UnicodeDecodeError on non-UTF-8 encoded emails (#30)
• Quoted-printable decode applied to entire raw email instead of body (#25, #59)
• Attachments parsed in text mode causing encoding errors / wrong hashes (#27)
• File read inconsistency between text and binary modes for digests (#31)
• Unnamed attachment fallback index mismatch (#62)
• FileNotFoundError shown as raw traceback when file missing (#61)
• print_data crash when Duplicate Warning entry present in attachment investigation

Fixed - Security & Correctness

• XSS in HTML report — all user-controlled values now escaped (#32)
• Duplicate id=\"navbarDropdown\" across navbar entries; unique IDs assigned (#33)
• LINK_REGEX failing to match single-quoted href attributes (#60)

Changed

• README rewritten: new Investigation Checks table, HTML Report section, updated test/fixture lists, plain-text URL extraction note, fixed mail-analyzer.py typo
• Introduction banner now uses VERSION constant (no more hardcoded version string)
• AUTH banner shrunk so it doesn't overflow narrow terminals
• Code quality cleanup: dict literals replace json.loads init, TER_COL_SIZE moved into print_data, unused vars removed
• Removed Wiki links from README

Full Changelog: v2.0...v3.0

v2.0

What's Changed

• Generating reports added
• Help messages changed
• PyFiglet dependency removed & New banners added by @keraattin in #9
• Fixed when redirecting output to a file by @Ltnicles in #10
• Priting removed from functions by @keraattin in #11
• Investigation is now optional by @keraattin in #12
• Printing style changed by @keraattin in #13
• #18 Html encode issue fixed by @keraattin in #20
• #19 Getting All Received headers added and Issue 19 fixed by @keraattin in #21

Full Changelog: v1.0...v2.0

v1.0

Initial Release

What's Changed

• Header extracting added by @keraattin in #1
• File & content digests extracting added by @keraattin in #2
• Link extracting added by @keraattin in #3
• Investigation links added to link extracting method by @keraattin in #4
• Printing by terminal size is added by @keraattin in #5
• Investigation added to headers by @keraattin in #7
• Readme by @keraattin in #8

Full Changelog: https://github.com/keraattin/EmailAnalyzer/commits/v1.0