Multiverse 2.357

Dedicated OSINT linux distros seem to be getting more popular now, bundled with tools for the job. Today I tried one from Trace Labs based on Kali linux. Kali linux is a debian-based distro loved by pentesters, and usually comes bundled with lots of tools for scanning, attacking, persisting and reporting.

This distro has very few of the pentesting tools you normally expect with Kali. That makes sense, since the main area of overlap is reconnaisance, and there are few programs that you would normally expect to see in Kali.

This is an opinionated distro, meaning that they’ve made decisions about the configuration, pre-installed software and more. There are fewer tools pre-installed than in other OSINT-focused distros we’ve seen. That’s not necessarily a bad thing, because they’ve chosen a useful mix of programs and there are plenty more avaiable from the repo. One example of this curated selection of software is the inclusion of Anbox, an Android emulator.

The Firefox-ESR browser comes loaded wth bookmarks, which is so very useful for OSINT. The version I installed came with python v3.8.3 and lots of familiar scripts. There was no ISO file available to install when I checked, only an OVA appliance to import. That’s just fine, since it should not be a daily driver, but just be used as a virtual machine. Kali is not exactly a high security distro, it’s made to perform your tasks and then exit.

You might wonder why they’ve built an OSINT-oriented distro on Kali. I wonder too. It seems more sensible to use another debian-based distro, or Ubuntu instead. I suppose the idea is that early phases of pentesting and OSINT go hand in hand so it’s a natural fit. Some other distros are OSINT and forensics combos. This one is more like BlackArch linux, but better organized. So in case you’re looking for an OSINT distro and want something different give this a try.