Using the Virtual Machine

This virtual machine has the following tools. Click on the name of the tools below to see the relevant documentation. The tools are under the Open Source Intelligence folder in the Menu.

• Using the Terminal
• Browsers
• Data Analysis Tools
• Domains
• Downloaders
• Email
• Frameworks
• Note Taking
• Phone Numbers
• Social Media
• Usernames

Using the Terminal />

Many OSINT tools are run through a terminal window rather than via a graphical interface. Please see some excellent instructions on how to use the Linux terminal here: https://youtu.be/eItJq2PCRWc by OSINTCURIO.US.

Browsers

The Chromium and Firefox browsers are installed. In these browsers, you can see the OSINT Bookmark folder on the toolbar. This folder contains several folders containing bookmarks for web resources:

1. Company - links to OSINT resources for company-related research.
2. Domain & IP - links to OSINT resources for domain and IP address-related research.
3. Email Search - links to OSINT resources for looking up email addresses and other email-related search.
4. Phone Numbers - links to OSINT resources for phone look-ups.
5. People - links to OSINT resources for people search sites.
6. Maps & Geography - links to OSINT resources to look up maps and locations.
7. Search - links to OSINT resources to do text, image, data and video search.
8. Social Media Tools - links to OSINT resources for doing social media research.
9. Social Networks - links to different social media sites.
10. Web History - links to resources to look up historical/previously archived web sites.
11. User Name Check - links to OSINT resources to search for user names or user accounts.

When you click on the Tor Browser for the first time from the applications menu, this will initiate the download and installation of the Tor browser.

In the Firefox browser, you will find the OSINT Bookmarks in the toolbar. It includes several websites that the TraceLabs volunteers have used in their OSINT investigations.

Data Analysis Tools

The following tools are installed in the VM:

• DumpsterDiver – this command line (CLI) tool will analyze a big volume of data for hardcoded secrets likes keys.
• Exifgrep – this is a shell script that reports on the EXIF data found in an image.
• Exifprobe – this tool will read image files and reports on the structure of the files and the metadata contained within the files.
• Exiftool - this tool will read and write metadata in image, audio and video files.
• Photon – this is an CLI-based OSINT web crawler.
• Stegosuite – this is a steganography tool that can be used to hide information in image files.

Domains

• Recon-ng - this is a tool for web-based open-source reconnaissance.
• theHarvester - this is a tool for doing open-source reconnaissance on a company's external landscape.

Downloaders

The following tools are installed in the VM:

• Metagoofil – this CLI tool will extract metadata of public documents available in the target website.
• Spiderpig – this CLI tool will harvest metadata by spidering or crawling a website first, then downloading the documents before parsing out data.
• WebHTTrack Website Copier – this GUI-based tool will back up complete websites for offline access. Once the offline copies have been made, you can browse the mirrored websites.
• Youtube-DL – this CLI tool will download videos from YouTube.com and other sites.

Email

The following tools are installed in the VM:

• Buster – this tool is for finding information based on email or username. It will get social accounts of an email, breaches involving an email, domains registered using an email, and generate potential email and usernames of a person.
• Checkfy - this command line tool is for finding potential email addresses based on a list of aliases (provided as an argument or from a file). This is part of OSRFramework.
• H8mail – this tool is for email information and password lookup using different data breach and reconnaissance services.
• Infoga – this tool is for gathering email account information from different public sources.
• Mailfy - this command line tool is for checking the existence of an email. This is part of OSRFramework.
• theHarvester – this tool will gather email, names, subdomains, IPs and URLs using multiple public data sources.

Frameworks

The following tools are installed in the VM:

• FinalRecon – this tool is for doing web reconnaissance. It provides header information; SSL certificate information; results of whois lookups, DNS enumeration, sub-domain enumeration, traceroute and others.
• LittleBrother - this tool is an information collection tool for doing research on a French, Swiss, Luxembourger or Belgian person.
• Maltego - provides a library of transforms for discovery of data from open sources.
• Metagoofil – this CLI tool will extract metadata of public documents available in the target website.
• OnionSearch - this is a search engine for finding contents on the Tor network.
• OSRFramework - this is a set of libraries developed to perform OSINT collection tasks.
• recon-ng – this is a reconnaissance framework that can be used to conduct open source web-based reconnaissance.
• sn0int – this is a semi-automatic OSINT framework that will gather intelligence on a given target.
• Spiderfoot – this is an OSINT automation tool that gathers intel about IP addresses, domains, e-mail addresses and research the targets from many data sources.
• theHarvester - this is a tool for doing open-source reconnaissance on a company's external landscape.
• WikiLeaker – this is a scraper for domains.

Note Taking

The following tools are installed in the VM:

• CherryTree - this is a hierarchical note taking application.
• Joplin - this is note taking and to-do application.
• Mousepad - this is a simple text editor.
• Ristretto Image Viewer - this is an application for viewing and scrolling through images.

Phone Numbers

The following tools are installed in the VM:

• Phonefy - this tool will check the existence of a phone number against a set of phone number lists associated with malicious activities. This is part of OSRFramework.
• PhoneInfoga – this tool will check if the phone number exists and gather standard information such as country, line type and carrier. It will also check for reputation reports.

Social Media

The following tools are installed in the VM:

• Instaloader – this is a tool that will download various types of data from an Instagram profile.
• Searchfy - this is a tool that performs a query on the platforms include in the OSRFramework.
• Tiktok Scraper - this is a tool for scraping and downloading information from Tiktok.
• Twint – this is a tool that will scrape tweets from Twitter profiles without using the Twitter API.

Usernames

The following tools are installed in the VM:

• Alias Generator - is a tool that tries to create potential nicknames based on the predefined input or information about a person. This is part of OSRFramework.
• Sherlock – this tool will find usernames across different social networks.
• Usufy - this tool will check whether a username exists in about 300 platforms. This is part of OSRFramework.
• WhatsMyName – this is a standalone script that will look up a single username.