Trace Labs OSINT VM

The Trace Labs team has set out to create a specialized OSINT VM specifically to bring together the most effective OSINT tools and customized scripts we saw being used during our Search Party CTF’s. Inspired by the infamous Buscador VM, the Trace Labs OSINT VM was built in a similar way, to enable OSINT investigators participating in the Trace Labs Search Party CTF’s a quick way to get started and have access to the most popular OSINT tools and scripts all neatly packaged under one roof.

To get started, download the OVA version of choice below and run it in your choice of VM software (ie. VMware Workstation, Virtualbox etc.). The default credentials to log in to the TL OSINT VM 2020.2 are osint:osint and kali:kali for 2020.1

VM ReleaseSizeInstall GuideSHA256 Hash
TL OSINT VM 2020.23.6 GBInstall Guide v2a4e83e93b6d432cd051566e1da67063e874d80971d6a65c63f9ef88f311d9a54
TL OSINT VM 2020.15.1 GBInstall Guide v196ad609a0737bd1a28e1079b6b0b5cadff2380d481b6932ef643b3bb12eb67ae

System Requirements:

Note: The TL OSINT VM requires a 64-bit processor and operating system

ComponentSystem Requirement
Operating SystemWindows 10 x64 / Mac OS X / Linux Distribution x64
ProcessorIntel Core i3 2.5 Ghz or AMD Phenom II 2.6 Ghz or greater
Memory8 GB RAM
Storage40GB available

We are continuing to build upon the Trace Labs OSINT VM and welcome any and all feedback. Our goal with this project is to create an OSINT focused VM that provides security, stealthiness and the ability to easily save digital forensic evidence during an investigation all within an easy to use package.

Want to contribute tool and configuration suggestions? Log a GitHub Issue on our GitHub page for the project here:

Credit for the creation & maintenance of this project goes to Jason Kregting, Tom Hocker (humanDecoded), Swetha Balla, lowprivs, and Paul “Krkn” D!

Check out Krkn’s blog to see what other cool project’s they’re working on!

Applications included in the build

Domains• Sublist3r
Downloaders• Browse Mirrored Websites
• Metagoofil
• Spiderpig
• WebHTTrack Website Copier
• Youtube-DL
Browsers• Chromium Web Browser
• Firefox ESR
• Tor Browser
Email• Buster
• H8mail
• Infoga
• OSINT-Search
• theHarvester
Data Analysis• DumpsterDiver
• Exifprobe
• Exifscan
• Photon
• Stegosuite
Frameworks• FinalRecon
• Little Brother
• recon-ng
• sn0int
• Spiderfoot
• WikiLeaker
Phone Numbers• OSINT-Search
• PhoneInfoga
Social Media• Instaloader
• Twint
Usernames• Sherlock
• WhatsMyName
FireFox Configuration Settings• Delete cookies/history on shutdown
• Privacy protection (block mic/camera/geo)
• OSINT Bookmarks
Other tools (not listed in the menu)• checkdmarc
• Photon
• Carbon14
• Sherlock
• skiptracer
• h8mail
• Shodan
• Wireshark