ripMIME - email attachment / decomposition tool.
ripMIME -i <mime file> -d <directory>
[-p prefix] [-e [headerfile]]
[-v] [-q] [--verbose-contenttype] [--verbose-oldstyle] [--verbose-defects]
[--stdout] [--stderr] [--syslog]
[--paranoid]
[--name-by-type] [--no-nameless] [--overwrite] [--no_nameless]
[--unique_names[--prefix|--postfix|--infix]] [--mailbox]
[--no-quotedprintable] [--no-uudecode] [--no-ole] [--no-doublecr] [--no-mht]
[--disable-header-fix]
[--disable-qmail-bounce] [--recursion-max <level>]
[--no-multiple-filenames]
[--extended-errors] [--debug] [--version|-V] [--buildcodes] [-h]
ripMIME is a command line tool used to aid in the extraction of
email borne attachments to files which can be processed using other UNIX
tools. ripMIME supports both the RFC MIME standards as well as being able to
behave according to various MUA 'features' which are often used as
exploitation holes.
- -i
- Input MIME encoded file (use '-' to input from STDIN)
- -d
- Output directory
- -p
- Specify prefix filename to be used on files without a filename (default
'text')
- -e [headers file name]
- Dump headers from mailpack (default '_headers_')
- -v
- Turn on verbosity
- -q
- Run quietly, do not report non-fatal errors
- --verbose-contenttype
- Turn on verbosity of file content type
- --verbose-oldstyle
- Uses the v1.2.x style or filename reporting
- --verbose-defects
- Report MIME header/body defects located in the mailpack
- --stdout
- All reporting goes to stdout (Default)
- --stderr
- All reporting goes to stderr
- --syslog
- All reporting goes to syslog
- --no-paranoid
- [ Deprecated ] Turns off strict ascii-alnum filenaming
- --paranoid
- Converts all filenames to strict 7-bit compliance
- --name-by-type
- Saves a given attachment by its content-type if it has no other name
- --no-nameless
- Do not save nameless attachments
- --overwrite
- Overwrite files if they have the same name on extraction
- --unique-names
- Dont overwrite existing files (This is the default behaviour)
- --prefix
- rename by putting unique code at the front of the filename
- --postfix
- rename by putting unique code at the end of the filename
- --infix
- rename by putting unique code in the middle of the filename
- --recursion-max
<maximum level>
- Set the maximum recursion level into a mailpack. Often emails are
forwarded copies of an existing email, each time this is done a new
recursion level is required. Malicious emails can be constructed with many
hundereds of recursion levels to induce stack faults in decoding programs.
ripMIME is hard coded with a default of 20 levels, this may be overidden
using this parameter.
- --mailbox
- Process mailbox file
- --extended-errors
- Returns error codes for non-fatal decoding situations
- --debug
- Produces detailed information about the whole decoding process
- --buildcodes
- Displays the information obtained by the Makefile script when ripMIME was
built. This includes the Unix timestamp, human readable version of the
timestamp and the output from 'uname -a'.
- -V --version
- Give version information
- -h
- Terse information on how to use ripMIME.
To unpack an email in a file 'mailpack' to the directory /tmp with
verbose output of the files unpacked;
ripmime -i mailpack -v -d /tmp
Paul L Daniels
ripMIME WWW site http://www.pldaniels.com/ripmime
ripMIME mailing list <ripmime-general@pldaniels.com>
For mailpacks which do not appear to decode correctly - please email to
<mailpacks-2004@pldaniels.com>