Introduction

The repository includes a recipe file to build a Linux OSINT Distribution for Trace Labs based on the Kali Linux kali-vm script - https://gitlab.com/kalilinux/build-scripts/kali-vm

Releases

These are pre-generated bundles that can either import in to Virtualbox or VMWare. They are generated with the code in the Main branch of this repo with no interference from us. The goal here is to produce a finished product but give the users insight in to the "recipe" used to build it.

After you've downloaded the release that applies to you, it should be as simple as importing it in to your hypervisor.

https://github.com/tracelabs/tlosint-vm/releases

Login Credentials

osint osint

Obsidian

Note taking app Obsidian comes bundled with the VM. There is an icon on the desktop to launch Obisidian or you can run the appimage located in the home directory. We've already set up a vault for you called "TL Vault" that lives on the Desktop. The first time you run Obsidian open that vault folder. The default theme is the Trace Labs theme.

Build

If you'd rather build your own from source or modify the version we've released then building your own is fairly straight forward. (Note: You don't need to do this if you've already downloaded a release and imported to hypervisor)

We highly reccommend that you do your build in Docker. This assumes that you already have Docker installed on your system and that you are running the build on an Intel based chip.

With that in mind you can:

git clone https://github.com/tracelabs/tlosint-vm
cd tlosint-vm
chmod +x build-in-container.sh
./build-in-container.sh

You can explore the different build options with -h flag.

Applications

The majority of OSINT tools no longer come pre-packaged with the VM. There is an option to download them via a script on the desktop though. This keeps the size of the release small enough to build and host on Github. If you want to install the tools in the script then:

• Open a terminal
• Navigate to the Desktop folder
• Execute the install script with ./install-tools.sh

Resources

• Trace Labs OSINT Field Manual
• Trace Labs CTF Contestant Guide

Reporting

• TJ Null's OSINT Joplin template

Browsers

• Firefox ESR
• Tor Browser

Data Analysis

• DumpsterDiver
• Exifprobe
• Stegosuite

Domains

• Domainfy (OSRFramework)
• Sublist3r

Downloaders

• Browse Mirrored Websites
• Metagoofil
• WebHTTrack Website Copier
• Youtube-DL

Email

• Checkfy (OSRFramework)
• Infoga
• Mailfy (OSRFramework)
• theHarvester
• h8mail

Frameworks

• Little Brother (Archived)
• OSRFramework
• sn0int
• Spiderfoot
• Maltego
• OnionSearch

Phone Numbers

• Phonefy (OSRFramework)
• PhoneInfoga

Social Media

• Instaloader
• Twint (Archived)
• Searchfy (OSRFramework)
• Tiktok Scraper
• Twayback
• Stweet

Usernames

• Alias Generator (OSRFramework)
• Usufy (OSRFramework)

Other Tools

• Photon
• Sherlock
• Shodan
• Joplin

Configuration Settings

Firefox

• Delete cookies/history on shutdown
• Block geo tracking
• Block mic/camera detection
• Block Firefox tracking
• Preload OSINT Bookmarks

Contributing

Are you interested in the VM development? Join us on Discord in #osint-vm channel.

PRs are welcome. We ask that you PR in to the Dev branch.