Things You’ll Wish You’d Known Before Your First Search Party CTF
February 16, 2021
Where do you begin? How do you move forward? Below are a few general tips our community has found to be useful.
The Trace Labs team created a specialized OSINT VM specifically to bring together the most effective OSINT tools and customized scripts we saw being used during our Search Party CTF’s. Inspired by the infamous Buscador VM, the Trace Labs OSINT VM was built in a similar way, to enable OSINT investigators participating in the Trace Labs Search Party CTF’s a quick way to get started and have access to the most popular OSINT tools and scripts all neatly packaged under one roof.
Download OVATo get started, download the OVA version of choice below and run it in your choice of VM software (ie. VMware Workstation, Virtualbox etc.). The default credentials to log in to the TL OSINT VM are osint:osint
4.2 GB
Install Guide v2.1f664cabc51f664bdb6c678c7190eb36ae9340c870c90d9c7232a807c0d6101d2
TL OSINT VM 2021.2 AU Mirror4.2 GB
Install Guide v2.1f664cabc51f664bdb6c678c7190eb36ae9340c870c90d9c7232a807c0d6101d2
TL OSINT VM 2020.2.13.1 GB
Install Guide v2.13b67c6ac86c6af7a182afc4adb001daecca45f5f0f01c0c5f140374a131ee875
TL OSINT VM 2020.23.6 GB
Install Guide v2a4e83e93b6d432cd051566e1da67063e874d80971d6a65c63f9ef88f311d9a54
Windows 10 x64 / Mac OS X / Linux Distribution x64
Intel Core i3 2.5 Ghz or AMD Phenom II 2.6 Ghz or greater
8 GB RAM
40 GB Available
We are continuing to build upon the Trace Labs OSINT VM and welcome any and all feedback. Our goal with this project is to create an OSINT focused VM that provides security, stealthiness and the ability to easily save digital forensic evidence during an investigation all within an easy to use package.
Want to contribute tool and configuration suggestions? Log a GitHub Issue on our GitHub page for the project here: https://github.com/tracelabs/tlosint-live
Credit for the creation & maintenance of this project goes to Jason Kregting, Tom Hocker (humanDecoded), Swetha Balla, lowprivs, Katniss, and Paul “Krkn” D!
• Sublist3r
• Browse Mirrored Websites
• Metagoofil
• Spiderpig
• WebHTTrack Website Copier
• Youtube-DL
• Chromium Web Browser
• Firefox ESR
• Tor Browser
• Buster
• H8mail
• Infoga
• theHarvester
• DumpsterDiver
• Exifprobe
• Exifscan
• Photon
• Stegosuite
• FinalRecon
• Little Brother
• recon-ng
• sn0int
• Spiderfoot
• WikiLeaker
• OSINT-Search
• PhoneInfoga
• Instaloader
• Twint
• Sherlock
• WhatsMyName
• Delete cookies/history on shutdown
• Privacy protection (block mic/camera/geo)
• OSINT Bookmarks
• checkdmarc
• Photon
• Carbon14
• Sherlock
• skiptracer
• h8mail
• Shodan
Our valued sponsors have enabled us to grow and expand our mission with their continued support.
