CLI Reference¶
Complete command reference for BSOT.
Global Options¶
| Option | Description |
|---|---|
--version |
Show version and exit |
--help |
Show help and exit |
Modules¶
| Module | Description |
|---|---|
phishing |
Email phishing analysis |
intel |
Threat intelligence & IOC enrichment |
file |
File analysis & hashing |
network |
Network security analysis |
logs |
Log parsing & analysis |
data |
Data encoding/decoding |
auth |
Authentication analysis |
system |
System analysis |
ir |
Incident response |
malware |
Malware analysis |
osint |
Open source intelligence |
report |
Reporting & case management |
config |
Configuration management |
cache |
Cache management |
phishing¶
Email phishing analysis.
analyze¶
Analyze an email file.
| Option | Description |
|---|---|
--json |
Output as JSON |
--no-color |
Disable color output |
extract-iocs¶
Extract IOCs from email.
| Option | Description |
|---|---|
--format |
Output format: text, json, csv |
headers¶
Analyze email headers (SPF/DKIM/DMARC).
ai-analyze¶
Analyze email with AI.
| Option | Description |
|---|---|
--provider |
AI provider: openai, anthropic |
reputation¶
Check URL/domain reputation.
intel¶
Threat intelligence and IOC enrichment.
enrich¶
Enrich a single IOC.
| Option | Description |
|---|---|
--json |
Output as JSON |
bulk¶
Bulk enrich IOCs from file.
| Option | Description |
|---|---|
-f, --file |
Input file with IOCs |
--progress |
Show progress bar |
--json |
Output as JSON |
-o, --output |
Output file |
whois¶
WHOIS lookup.
geoip¶
GeoIP lookup.
defang¶
Defang IOC for safe sharing.
refang¶
Refang a defanged IOC.
file¶
File analysis and hashing.
hash¶
Calculate file hashes.
| Option | Description |
|---|---|
--all |
Calculate all hash types |
--json |
Output as JSON |
-r, --recursive |
Process directories recursively |
identify¶
Identify file type.
strings¶
Extract strings from file.
| Option | Description |
|---|---|
--min-length |
Minimum string length (default: 4) |
--category |
Filter by category |
entropy¶
Calculate file entropy.
metadata¶
Extract file metadata.
cred-scan¶
Scan for credentials in files.
| Option | Description |
|---|---|
-r, --recursive |
Scan directories recursively |
network¶
Network security analysis.
ssl-check¶
Check SSL/TLS certificate.
| Option | Description |
|---|---|
--port |
Port number (default: 443) |
--json |
Output as JSON |
headers¶
Audit HTTP security headers.
dns¶
Analyze DNS security (SPF/DKIM/DMARC).
| Option | Description |
|---|---|
--all |
Check all DNS security |
--spf |
Check SPF only |
--dkim |
Check DKIM only |
--dmarc |
Check DMARC only |
ports¶
Scan common ports.
logs¶
Log parsing and analysis.
parse¶
Parse log files.
| Option | Description |
|---|---|
-f, --file |
Input log file |
--format |
Log format: auto, syslog, json, clf, cef |
--limit |
Limit output lines |
analyze¶
Analyze logs for attack patterns.
| Option | Description |
|---|---|
-f, --file |
Input log file |
--checks |
Specific checks to run |
--json |
Output as JSON |
-o, --output |
Output file |
stats¶
Generate log statistics.
| Option | Description |
|---|---|
-f, --file |
Input log file |
--top-ips |
Show top N IPs |
--by-hour |
Group by hour |
data¶
Data encoding and decoding.
decode¶
Decode data.
| Option | Description |
|---|---|
-e, --encoding |
Encoding type |
Encoding types: base64, url, hex, html, unicode-escape, rot13, punycode
encode¶
Encode data.
timestamp¶
Convert timestamps.
hash¶
Hash data.
regex¶
Test regex patterns.
format¶
Format data (JSON, XML, HTML).
auth¶
Authentication analysis.
password-analyze¶
Analyze password strength.
| Option | Description |
|---|---|
--check-breach |
Check against HIBP |
jwt-decode¶
Decode and analyze JWT token.
system¶
System analysis.
processes¶
List and analyze processes.
| Option | Description |
|---|---|
--suspicious |
Show only suspicious processes |
--json |
Output as JSON |
connections¶
List network connections.
ir¶
Incident response.
collect¶
Collect forensic artifacts.
| Option | Description |
|---|---|
--profile |
Collection profile: quick, standard, full |
-o, --output |
Output directory |
hash-tree¶
Generate hash tree for evidence integrity.
contain¶
Generate containment commands.
| Option | Description |
|---|---|
--block-ip |
IP to block |
--disable-user |
User to disable |
--platform |
Target platform |
cf¶
Cloudflare integration.
| Command | Description |
|---|---|
block |
Block IP |
unblock |
Unblock IP |
list |
List rules |
bulk-block |
Bulk block IPs |
test |
Test connection |
malware¶
Malware analysis.
strings¶
Extract and categorize strings.
pe¶
Analyze PE file.
| Option | Description |
|---|---|
--sections |
Show section details |
--imports |
Show imports |
--exports |
Show exports |
--json |
Output as JSON |
yara¶
Scan with YARA rules.
| Option | Description |
|---|---|
-r, --rules |
Custom rules file |
deobfuscate¶
Deobfuscate scripts.
submit¶
Submit to online sandboxes.
| Option | Description |
|---|---|
--no-upload |
Hash lookup only |
ioc¶
Extract IOCs from file.
compare¶
Compare files (fuzzy hashing).
report¶
Reporting and case management.
case¶
Case management commands.
| Command | Description |
|---|---|
new |
Create new case |
list |
List cases |
open |
Open case |
close |
Close case |
add |
Add artifact |
note |
Add note |
timeline |
Add timeline entry |
status |
Show case status |
generate¶
Generate report.
| Option | Description |
|---|---|
--template |
Template: executive, technical, ioc, timeline |
-o, --output |
Output file |
ioc¶
Export IOCs.
| Option | Description |
|---|---|
--format |
Format: json, csv, stix, misp |
timeline¶
Export timeline.
package¶
Package case for delivery.
| Option | Description |
|---|---|
--encrypt |
Encrypt package |
-o, --output |
Output file |
config¶
Configuration management.
| Command | Description |
|---|---|
show |
Show configuration |
set |
Set configuration value |
get |
Get configuration value |
path |
Show config file path |
cache¶
Cache management.
| Command | Description |
|---|---|
clear |
Clear cache |
stats |
Show cache statistics |