A comprehensive command-line security toolkit for system administrators, security professionals, and DevOps engineers. BSOT provides practical, easy-to-use tools for file analysis, network scanning, data decoding, authentication auditing, system monitoring, and log analysis.
- permissions - Scan for files with overly permissive permissions
- suid-finder - Find SUID/SGID binaries (privilege escalation vectors)
- cred-scan - Detect hardcoded credentials and secrets in files
- hash-check - Calculate and verify file hashes
- ssl-check - Verify SSL/TLS certificates and check security configuration
- port-scan - Scan for open ports on target hosts
- web-headers - Audit HTTP security headers
- dns-lookup - Perform DNS security lookups (SPF, DMARC, etc.)
- url-decode - Decode URL-encoded strings
- base64-decode - Decode base64-encoded data
- hex-decode - Decode hexadecimal strings
- email-header - Analyze email headers for security issues
- password-analyze - Analyze password strength and security
- jwt-decode - Decode and analyze JWT tokens
- ssh-audit - Audit SSH configuration for security issues
- process-check - Detect suspicious processes (with optional VirusTotal integration)
- analyze - Comprehensive log analysis with attack detection, brute force identification, and pattern matching
# Install from source
git clone git@github.com:Remillardj/SecurityToolbox.git
cd SecurityToolbox
pip install -e .
# Or install requirements manually
pip install -r requirements.txt# File security
bsot file permissions /var/www
bsot file suid-finder /usr/bin
bsot file cred-scan ./my-project --extensions "py,js,env"
bsot file hash-check download.iso --compare abc123...
# Network security
bsot network ssl-check google.com
bsot network port-scan 192.168.1.1 --ports 1-1024
bsot network web-headers https://example.com
bsot network dns-lookup example.com
# Data analysis
bsot data url-decode "Hello%20World%21"
bsot data base64-decode "SGVsbG8gV29ybGQ="
bsot data hex-decode "48656c6c6f"
bsot data email-header suspicious_email.txt
# Authentication
bsot auth password-analyze "MyP@ssw0rd123"
bsot auth jwt-decode eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
bsot auth ssh-audit /etc/ssh/sshd_config
# System monitoring
bsot system process-check --vt-api-key YOUR_KEY
# Log analysis
bsot logs analyze /var/log/auth.log
bsot logs analyze access.log --focus brute_force
bsot logs analyze app.log --output jsonVT_API_KEY- VirusTotal API key for malware scanning (optional)
All commands follow this pattern:
bsot <category> <command> [arguments] [options]
Categories:
file- File security analysisnetwork- Network security scanningdata- Data encoding/decodingauth- Authentication securitysystem- System monitoringlogs- Log analysis
Get help for any command:
bsot --help
bsot file --help
bsot network ssl-check --help- Python 3.7+
- click>=8.0.0
- requests>=2.25.0
- dnspython>=2.1.0
Copyright (c) 2025 Jaryd Remillard. All rights reserved.
This software is licensed for personal, non-commercial use only. You may use and modify the software for private purposes, but distribution is prohibited.
Key restrictions:
✅ Personal use allowed
✅ Modifications for personal use allowed
❌ No distribution of original or modified versions
❌ No commercial use
Commercial licensing: For commercial use or distribution rights, contact jaryd.remillard@gmail.com
See the LICENSE file for full terms.
Contributions are welcome! Please feel free to submit pull requests or open issues for bugs and feature requests.