Skip to content

BSOT Documentation

Blue Security Operations Toolkit - A comprehensive CLI toolkit for security analysts.

What is BSOT?

BSOT (pronounced "bee-sot") is a unified command-line toolkit that brings together essential security operations capabilities. Built for analysts, by analysts.

# Analyze a phishing email
bsot phishing analyze suspicious.eml

# Enrich an IOC
bsot intel enrich 8.8.8.8

# Hash a file
bsot file hash malware.exe --all

Key Features

  • Phishing Analysis

    Parse email headers, extract IOCs, check reputation, and use AI for analysis.

    Learn more

  • Threat Intelligence

    Enrich IOCs via VirusTotal, AbuseIPDB, GreyNoise, OTX, and more.

    Learn more

  • File Analysis

    Hash files, identify types, extract strings, and analyze entropy.

    Learn more

  • Network Security

    Check SSL certificates, audit headers, analyze DNS security.

    Learn more

  • Log Analysis

    Parse and analyze logs for attack patterns like brute force.

    Learn more

  • Malware Analysis

    PE analysis, YARA scanning, deobfuscation, sandbox submission.

    Learn more

Quick Start

Installation

pip install bsot

Or download the standalone binary from the releases page.

Basic Usage

# Get help
bsot --help

# Analyze an email
bsot phishing analyze email.eml

# Enrich an IOC
bsot intel enrich suspicious-domain.com

# Hash a file
bsot file hash sample.exe

Full Getting Started Guide

Modules

Module Description
phishing Email phishing analysis
intel Threat intelligence & IOC enrichment
file File analysis & hashing
network Network security analysis
logs Log parsing & analysis
data Data encoding/decoding
auth Authentication analysis
system System analysis
ir Incident response
malware Malware analysis
report Reporting & case management
osint Open source intelligence

Use Cases

Getting Help