Professional Documents
Culture Documents
Trace Labs OSINT VM Installation Guide v2
Trace Labs OSINT VM Installation Guide v2
Katniss-Melb
Jason Kregting (5nacks)
Tom (humanDecoded)
lowprivs
We leverage our own custom CTF platform that enables the collection of OSINT to
power crowdsourced Capture the Flag (CTF) events known as the “OSINT Search Party
CTF”. OSINT refers to the collection, processing, and analysis of publicly available data
such as social media, forums, government records, and even the dark web.
Trace Labs has taken the traditional CTF competition that we see in the information
security community where participants hack into intentionally vulnerable servers to
obtain “Flags” for points and evolved it into a real-life exercise where the participants’
contributions have real-world impact and the potential to enhance public safety.
// Introduction
The Trace Labs team has set out to create a specialized OSINT VM specifically to
bring together the most effective OSINT tools and customized scripts we saw being
used during our Search Party CTF’s. Inspired by the popular Buscador VM by
Michael Bazzell, the Trace Labs OSINT VM was built in a similar way, to enable
OSINT investigators participating in the Trace Labs Search Party CTFs a quick way
to get started and have access to the most popular OSINT tools and scripts all neatly
packaged under one roof.
We are continuing to build upon the Trace Labs OSINT VM and welcome any and all
feedback. Our goal with this project is to create an OSINT focused VM that provides
security, stealth, and the ability to easily save digital forensic evidence during an
investigation all within an easy to use package.
// Licenses
// System Requirements
The virtual machine is currently pre-allocated with 4G of RAM, 4 CPU cores and 40G
disk space. It requires a 64-bit processor.
If there are not enough resources allocated to the Virtual Machine it will run slowly or
hang, particularly when running multiple browser tabs.
// Distribution Tools and Features
The distribution includes the following tools and features:
Domains Downloaders
• Sublist3r • Browse Mirrored
Websites
• Metagoofil
• Spiderpig
• WebHTTrack
Website Copier
• Youtube-DL
Browsers Email
• DumpsterDiver • FinalRecon
• Exifprobe • Little Brother
• Exifscan • recon-ng
• Photon • sn0int
• Stegosuite • Spiderfoot
• WikiLeaker
Usernames
This customised Kali Linux distribution is supported by the community and does not
come with any official support. Please visit the following communities to get support.
Offensive Security
Offensive Security provides a forum for support with the Kali Distribution.
https://www.kali.org/community/
How to install
To use the Trace Labs OSINT Operating System (OS), you will need to use a Virtual
Machine (VM). It is suggested that you install the OS in a VM instead of installing it as
your computer’s operating system. You can easily create a snapshot before you start
your investigations and rollback to it once the CTF event is over.
If you don’t have a virtualization software, you can download the latest from
VirtualBox here:
https://www.virtualbox.org/wiki/Downloads
If you have VMWare installed, the instructions on how to import the OVA file is found
in the sections below.
VMWare Fusion
Step 1: Go to File>Import. Choose the OVA file you’ve downloaded.
Note: If you encounter the message that the import failed because the OVA file did not
pass OVF specification conformance or virtual hardware compliance checks, just click
Retry.
Step 4: If you want to change the default virtual machine settings, click Customize
Settings. Otherwise, just click Finish.
VMWare Workstation Pro
Step 1: Go to File> Open. Select the OVA you have downloaded.
Step 3: Wait for a few minutes for the importing to complete. Once it is
completed, you will see it saved in your VMWare Workstation and you can use the
green play button to start it.
VMWare Fusion
• Click on the play button to start your newly imported VM. The other option is to
click on File>Open and Run and select the VM you have just imported.
Username: osint
Password: osint
How To / Troubleshooting
See the following links to increase the amount of resources in the virtual machine so
that you can run more applications concurrently.
VMWare: https://kb.vmware.com/s/article/1004059
VirtualBox: https://docs.bitnami.com/virtual-machine/faq/administration/increase-
memory/
Windows 10 has a new feature called Credential Guard which stops VMware being
installed. You may want to refer to the following Microsoft article.
https://support.microsoft.com/en-au/help/3204980/virtualization-applications-do-not-
work-together-with-hyper-v-device-g
You may get an error such as this when trying to power on a virtual machine. If so, it
means you need to enable virtualization in your BIOS.
https://www.howtogeek.com/213795/how-to-enable-intel-vt-x-in-your-computers-bios-
or-uefi-firmware/
// The screen is hard to read
On high definition monitors the virtual machine may appear to be hard to read.
Please refer to this guide:
https://www.kali.org/docs/general-use/hidpi/
// Browsers
The Chromium and Firefox browsers are installed. When you first open these browsers,
you’ll see the following browser extension info page loaded:
1. Privacy Badger – this extension automatically blocks invisible trackers.
2. Add0n Media Tools – this extension detects media resources from web
pages. This can be used to grab media files like video or photos from a webpage.
Aside from the above, the EFF HTTPS Everywhere extension is also installed to make
sure that communications from the browser with major websites are encrypted.
When you click on the Tor Browser for the first time from the applications menu, this will
initiate the download and installation of the Tor browser.
In the Firefox browser, you will find the OSINT Bookmarks in the toolbar. It includes several
websites that the TraceLabs volunteers have used in their OSINT investigations.
// Data Analysis Tools
https://www.kali.org/docs/general-use/hidpi/