This repository is actively maintained by Trace Labs staff.
- Contributing: PRs are welcome. Please read CONTRIBUTING.md before opening a PR.
- Issues: To recommend a tool, report a bug, or share feedback, open an issue.
- Code of conduct: We follow the Contributor Covenant. By participating, you agree to uphold it.
The repository includes a recipe file to build a Linux OSINT Distribution for Trace Labs based on the Kali Linux kali-vm script - https://gitlab.com/kalilinux/build-scripts/kali-vm
Use this if you just want to import and go.
-
GitHub Releases (canonical):
https://github.com/tracelabs/tlosint-vm/releases (2026.05 VM release) -
Mirror (Google)
-
Click here to download the VirtualBox OVA (2026.05 VM Release)
-
Click here to download the VMware OVA (2026.05 VM Release)
-
Checksums:
-
VMware:
d078731e2940e670bdf5af5c20d9602bdbbb0680df59a80259048b2cdcbf078a -
VirtualBox:
7377109bad57162d45f76c9892305b09897d4a925cfb9db1688e2ca12f0d4187
-
# Linux/macOS
sha256sum <downloaded-file>.ova
# Windows (PowerShell)
Get-FileHash .\<downloaded-file>.ova -Algorithm SHA256- VirtualBox: File → Import Appliance… → select
.ova - VMware (Workstation/Player/Fusion): File → Open… → select
.ova
Default login
username: osint
password: osint
Use this option if you want to start with your own base OS and then install OSINT tools and apply Firefox hardening on demand.
Note:
tlosint-tools.shis a standalone script that is not part of the VM build process. It's designed to be downloaded and run manually by end-users on any Kali or Debian-based system to install OSINT tools on-demand. This keeps the VM image size small while giving users flexibility to customize their toolset.
Download the raw file, not the GitHub "blob" page.
# Inside Kali (or other Debian-based OS)
cd ~/Desktop # or any folder you prefer
# Fetch the script (RAW URL)
wget https://raw.githubusercontent.com/tracelabs/tlosint-vm/main/scripts/tlosint-tools.sh
# Give the script executable permission
chmod +x tlosint-tools.sh
# Execute the script
./tlosint-tools.sh- Refreshes the Debian archive keyring and applies updates
- Installs a curated OSINT toolset (Shodan CLI, Sherlock, PhoneInfoga, SpiderFoot, sn0int, Metagoofil, Sublist3r, steghide/stegseek, StegOSuite, exiftool, tor, torbrowser-launcher, translate-shell, etc.)
- Adds a Self-Heal & Update shortcut to the Desktop
- Applies Firefox hardening (delete cookies/history on shutdown, block geolocation/mic/camera prompts by default, stronger tracking protection, preload OSINT bookmarks)
Releases follow a scheduled cadence. Releases are owned by assigned maintainers—usually Trace Labs staff. Release owners and timelines are proposed and confirmed during our quarterly planning meetings.
See RELEASES.md for more details.
Releases are pre-built VM images you can import into VirtualBox or VMware. They are built from the main branch of this repo. The source here is the "recipe" for the VM; you can build your own or inspect how it was made.
After downloading a release, import it into your hypervisor. See Releases.
osint
osint
Note taking app Obsidian comes bundled with the VM. There is an icon on the desktop to launch Obisidian or you can run the appimage located in the home directory. We've already set up a vault for you called "TL Vault" that lives on the Desktop. The first time you run Obsidian open that vault folder. The default theme is the Trace Labs theme.
If you'd rather build your own from source or modify the version we've released then building your own is fairly straight forward. (Note: You don't need to do this if you've already downloaded a release and imported to hypervisor)
We highly reccommend that you do your build in Docker. This assumes that you already have Docker installed on your system and that you are running the build on an Intel based chip.
With that in mind you can:
git clone https://github.com/tracelabs/tlosint-vm
cd tlosint-vm
chmod +x build-in-container.sh
./build-in-container.shYou can explore the different build options with -h flag.
The majority of OSINT tools no longer come pre-packaged with the VM. There is an option to download them via a helper script. This keeps the size of the release small enough to build and host on GitHub.
Note: The tlosint-tools.sh script is a standalone utility that is not executed during the VM build process. It's provided as a convenience script for users who want to install OSINT tools on-demand after importing the VM.
If you want to install the tools using our helper script, run the tlosint-tools.sh script found in the scripts/ folder:
- Open a terminal.
- From the repository root (or wherever you saved the script), make it executable and run:
chmod +x scripts/tlosint-tools.sh
./scripts/tlosint-tools.sh- From the repository root (or wherever you saved the script), make it executable and run it:
chmod +x scripts/tlosint-tools.sh
./scripts/tlosint-tools.shResources
Reporting
Browsers
Browser Extensions
Data Analysis
Domains
Downloaders
Frameworks
- Little Brother (Archived)
- OSRFramework
- sn0int
- Spiderfoot
- Maltego
- OnionSearch
Phone Numbers
Social Media
Usernames
Other Tools
Firefox
- Delete cookies/history on shutdown
- Block geo tracking
- Block mic/camera detection
- Block Firefox tracking
- Preload OSINT Bookmarks
PRs are welcome; please target the dev branch and read CONTRIBUTING.md. This project is licensed under GPL-3.0.