Modules¶

BSOT is organized into focused modules, each addressing a specific security domain.

Module Overview¶

Phishing

Email analysis: parse headers, extract IOCs, check reputation, AI analysis.
Intel

Threat intelligence: enrich IOCs via VirusTotal, AbuseIPDB, GreyNoise, and more.
File

File analysis: hashing, identification, strings, entropy, metadata.
Network

Network security: SSL/TLS, HTTP headers, DNS security, port scanning.
Logs

Log analysis: parsing, attack detection, statistics.
Data

Data operations: encoding/decoding, timestamps, hashing, regex.
Auth

Authentication: password analysis, JWT decoding.
System

System analysis: processes, network connections.
IR

Incident response: artifact collection, containment, Cloudflare integration.
Malware

Malware analysis: PE analysis, YARA, deobfuscation, sandbox submission.
Report

Reporting: case management, report generation, IOC export.
OSINT

Open source intelligence: domain recon, email lookup, username search.

Module	Primary Use Case	Key Commands
`phishing`	Email investigation	`analyze`, `extract-iocs`, `headers`
`intel`	IOC enrichment	`enrich`, `bulk`, `whois`
`file`	File triage	`hash`, `identify`, `strings`
`network`	Network assessment	`ssl-check`, `headers`, `dns`
`logs`	Log analysis	`analyze`, `parse`, `stats`
`data`	Data manipulation	`decode`, `encode`, `timestamp`
`auth`	Credential analysis	`password-analyze`, `jwt-decode`
`system`	System investigation	`processes`, `connections`
`ir`	Incident handling	`collect`, `contain`, `cf`
`malware`	Malware analysis	`pe`, `yara`, `deobfuscate`
`report`	Documentation	`case`, `generate`, `ioc`
`osint`	OSINT gathering	`domain`, `email`, `username`

All modules support JSON output for scripting:

bsot <module> <command> --json

Many commands accept file input:

bsot <module> <command> -f input.txt

Save results to a file:

bsot <module> <command> -o output.json