BSOT
Features Modules Use Cases Install
GitHub Documentation
Open Source Security Toolkit

Security Operations
From Your Terminal

A comprehensive CLI toolkit for security analysts. Analyze phishing emails, enrich IOCs, triage malware, and more—all without leaving your terminal.

Get Started Documentation
bsot
$ bsot phishing analyze suspicious.eml
═══════════════════════════════════════════
Phishing Analysis Report
═══════════════════════════════════════════
Subject: URGENT: Your account...
From: security@arnazon.com
Date: 2025-01-15 14:32:00
── 🚨 Suspicious Indicators ──
[HIGH] Typosquatting: arnazon.com
[HIGH] Urgency keywords in subject
[MED] Reply-To differs from sender

The Problem

  • Switching between dozens of web tools for every investigation
  • Manually copying IOCs between different platforms
  • No standardized workflow for common security tasks
  • Disconnected tools that don't integrate well

The Solution

  • One unified toolkit for all security operations
  • Pipe outputs between commands for automation
  • Consistent CLI patterns across all modules
  • JSON output for SIEM/SOAR integration

Built for Security Analysts

Everything you need for day-to-day security operations, in one place.

Phishing Analysis

Parse email headers, extract IOCs, check SPF/DKIM/DMARC, and use AI for sophisticated analysis.

Threat Intelligence

Enrich IOCs via VirusTotal, AbuseIPDB, GreyNoise, OTX, and more—with a single command.

Malware Triage

PE analysis, YARA scanning, string extraction, deobfuscation, and sandbox submission.

12 Powerful Modules

Each module is focused on a specific security domain, with consistent patterns across all commands.

phishing
Email analysis
intel
IOC enrichment
file
File analysis
network
Network security
logs
Log analysis
data
Encoding/decoding
auth
Auth analysis
system
System analysis
ir
Incident response
malware
Malware analysis
report
Case management
osint
Open source intel

Real-World Use Cases

See how BSOT streamlines common security workflows.

Phishing Investigation

Analyze suspicious emails end-to-end: parse headers, extract IOCs, check reputation, and generate reports.

$ bsot phishing analyze email.eml
$ bsot phishing extract-iocs email.eml | bsot intel bulk -f -

Malware Triage

Quick static analysis: identify file type, check hashes, analyze PE structure, scan with YARA.

$ bsot file identify sample.exe
$ bsot malware pe sample.exe --sections

Incident Response

Collect artifacts, contain threats, document findings, and generate reports—all from the CLI.

$ bsot ir collect --profile full
$ bsot ir cf block 1.2.3.4

Get Started in Seconds

Install BSOT with pip and start analyzing immediately.

install from source
# Install from source
$ git clone git@github.com:Remillardj/SecurityToolbox.git
$ cd SecurityToolbox
$ pip install -e .
# Or install requirements manually
$ pip install -r requirements.txt
examples
# Quick examples
$ bsot intel enrich 8.8.8.8
$ bsot file hash malware.exe --all
$ bsot network ssl-check example.com
$ bsot data decode -e base64 "aGVsbG8gd29ybGQ="
Read the Docs View on GitHub

Ready to Streamline Your
Security Operations?

Join security analysts who've simplified their workflow with BSOT.

Install BSOT Explore Documentation