The repository includes a recipe file to build a Linux OSINT Distribution for Trace Labs based on the Kali Linux kali-vm script - https://gitlab.com/kalilinux/build-scripts/kali-vm

These are pre-generated bundles that can either import in to Virtualbox or VMWare. They are generated with the code in the Main branch of this repo with no interference from us. The goal here is to produce a finished product but give the users insight in to the "recipe" used to build it.

After you've downloaded the release that applies to you, it should be as simple as importing it in to your hypervisor.

https://github.com/tracelabs/tlosint-vm/releases

osint osint

Note taking app Obsidian comes bundled with the VM. There is an icon on the desktop to launch Obisidian or you can run the appimage located in the home directory. We've already set up a vault for you called "TL Vault" that lives on the Desktop. The first time you run Obsidian open that vault folder. The default theme is the Trace Labs theme.

If you'd rather build your own from source or modify the version we've released then building your own is as straight forward as: (Note: You don't need to do this if you've already downloaded a release and imported to hypervisor)

From a Kali Linux machine run the following commands:

git clone https://github.com/tracelabs/tlosint-vm
sudo apt -y install debos p7zip qemu-utils zerofree
cd tlosint-vm
chmod +x scripts/tl/*.sh
chmod +x scripts/*.sh
chmod +x *.sh
sudo ./build.sh
Locate the OVA in the images/ directory

The majority of OSINT tools no longer come pre-packaged with the VM. There is an option to download them via a script on the desktop though. This keeps the size of the release small enough to build and host on Github. If you want to install the tools in the script then:

• Open a terminal
• Navigate to the Desktop folder
• Execute the install script with ./install-tools.sh

Resources

• Trace Labs OSINT Field Manual
• Trace Labs CTF Contestant Guide

Reporting

• TJ Null's OSINT Joplin template

Browsers

• Firefox ESR
• Tor Browser

Data Analysis

• DumpsterDiver
• Exifprobe
• Exifscan (Private)
• Stegosuite

Domains

• Domainfy (OSRFramework)
• Sublist3r

Downloaders

• Browse Mirrored Websites
• Metagoofil
• Spiderpig
• WebHTTrack Website Copier
• Youtube-DL

Email

• Buster
• Checkfy (OSRFramework)
• Infoga
• Mailfy (OSRFramework)
• theHarvester
• h8mail

Frameworks

• Little Brother (Archived)
• OSRFramework
• sn0int
• Spiderfoot
• Maltego
• OnionSearch

Phone Numbers

• Phonefy (OSRFramework)
• PhoneInfoga

Social Media

• Instaloader
• Twint (Archived)
• Searchfy (OSRFramework)
• Tiktok Scraper
• Twayback

Usernames

• Alias Generator (OSRFramework)
• Sherlock
• Usufy (OSRFramework)

Other Tools

• Photon
• Sherlock
• Shodan
• Joplin

Firefox

• Delete cookies/history on shutdown
• Block geo tracking
• Block mic/camera detection
• Block Firefox tracking
• Preload OSINT Bookmarks

Are you interested in the VM development? Join us on Discord in #osint-vm channel.

PRs are welcome. We ask that you PR in to the Dev branch.