├── README.md ├── debian-osint.json ├── files └── .bashrc ├── http └── preseed.cfg └── scripts ├── system-setup.sh ├── user-setup.sh └── vboxguestadd.sh /README.md: -------------------------------------------------------------------------------- 1 | # DORA OSINT VM 2 | 3 | DORA is a virtual machine based on 4 | [@inteltechnique](https://twitter.com/IntelTechniques) latest 5 | [book](https://inteltechniques.com/book1.html). The vm is built using 6 | [packer](https://www.packer.io/) and the resulting build files can be imported 7 | into [Virtualbox](https://www.virtualbox.org/). The operating system is 64-bit 8 | [Debian](https://www.debian.org/) with [XFCE](https://xfce.org/) as the desktop 9 | environment. 10 | 11 | DORA is not an exact implementation of the VM in the book: 12 | 13 | 1. Not all software in the book is installed 14 | 2. Firefox is not preconfigured and no add-ons have been installed 15 | 3. No scripts from the book have been included, if the author consents then I will consider merging them in. 16 | 17 | This project is meant to provide a method for automating the VM creation and 18 | some of the software installation steps of Chapter 5. The user still needs to 19 | complete the configuration of Firefox and install the desired add-ons. I 20 | strongly recommend purchasing the book and completing the exercise of 21 | building a VM manually. 22 | 23 | ## Requirements 24 | 25 | I use linux as my host machine, there may be additional requirements for Windows 26 | or Mac hosts. 27 | 28 | * [Packer](https://www.packer.io/) 29 | * [Virtualbox](https://www.virtualbox.org/) 30 | 31 | ## Building VM 32 | 33 | ``` 34 | packer build debian-osint.json 35 | ``` 36 | 37 | This can take a while depending on your hardware and network speed and will 38 | create a *vmdk* and *ovf* file in a folder called *output-virtualbox-iso* 39 | 40 | If you have built a previous version or are tweaking the configuration for a new 41 | build you will have to remove the *output-virtualbox-iso* folder before running 42 | packer build. 43 | 44 | ## Importing into VirtualBox 45 | 46 | 1. Launch Virtualbox 47 | 2. Click File > Import Appliance 48 | 3. Click the open file icon next to the File textbox 49 | 4. Navigate to the *output-virtualbox-iso* folder created during the build 50 | 5. Click the *ovf* file 51 | 6. Click Next 52 | 7. Click Import 53 | 54 | ## VM Configuration 55 | 56 | * OS: Debian 10.3.0 64-bit 57 | * Memory: 4GB 58 | * HD Size: 32GB 59 | * Video Memory: 64MB 60 | * Shared clipboard: Bidirectional 61 | * Drag n’ Drop: Bidirectional 62 | * DE: xfce 63 | 64 | ### User Accounts: 65 | 66 | User | Pass | Additional Groups 67 | --- | --- | --- 68 | root | t00r | | 69 | osint | tnis0 | sudo, vboxsf 70 | 71 | ### Installed Software: 72 | 73 | The preseed config installs the following additional packages: 74 | 75 | * [openssh-server](https://packages.debian.org/buster/openssh-server) 76 | * [linux-headers-amd64](https://packages.debian.org/buster/linux-headers-amd64) 77 | * [build-essential](https://packages.debian.org/buster/build-essential) 78 | * [ffmpeg](https://packages.debian.org/buster/ffmpeg) 79 | * [vlc](https://packages.debian.org/buster/vlc) 80 | * [python-pip](https://packages.debian.org/buster/python-pip) 81 | * [python3-pip](https://packages.debian.org/buster/python3-pip) 82 | * [git](https://packages.debian.org/buster/git) 83 | * [mediainfo-gui](https://packages.debian.org/buster/mediainfo-gui) 84 | * [libimage-exiftool-perl](https://packages.debian.org/buster/libimage-exiftool-perl) 85 | * [webhttrack](https://packages.debian.org/buster/webhttrack) 86 | * [keepassxc](https://packages.debian.org/buster/keepassxc) 87 | * [kazam](https://packages.debian.org/buster/kazam) 88 | 89 | Provisioning scripts are used to install the following software 90 | 91 | * [Virtualbox Guest Additions](https://www.virtualbox.org/manual/ch04.html) 92 | * [golang 1.13.6](https://golang.org/) 93 | * [Google Earth Pro](https://www.google.com/earth/versions/#earth-pro) 94 | * [youtube_dl](https://youtube-dl.org/) 95 | * [Instalooter](https://github.com/althonos/InstaLooter) 96 | * [Instaloader](https://github.com/instaloader/Instaloader) 97 | * [twint](https://github.com/twintproject/twint) 98 | * [Eyewitness](https://github.com/FortyNorthSecurity/EyeWitness) 99 | * [Amass](https://github.com/OWASP/Amass) 100 | * [Sublist3r](https://github.com/aboul3la/Sublist3r) 101 | * [Photon](https://github.com/s0md3v/Photon) 102 | * [theHarvester](https://github.com/laramies/theHarvester) 103 | 104 | #### User bashrc 105 | 106 | A modified bashrc file is included which provides environment variables for 107 | golang and updates the $PATH 108 | -------------------------------------------------------------------------------- /debian-osint.json: -------------------------------------------------------------------------------- 1 | { 2 | "variables": { 3 | "debian_version": "10.3.0" 4 | }, 5 | "builders": [ 6 | { 7 | "type": "virtualbox-iso", 8 | "boot_command": [ 9 | "", 10 | "install ", 11 | "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg ", 12 | "debian-installer=en_US.UTF-8 ", 13 | "auto ", 14 | "locale=en_US.UTF-8 ", 15 | "kbd-chooser/method=us ", 16 | "keyboard-configuration/xkb-keymap=us ", 17 | "netcfg/get_hostname={{ .Name }} ", 18 | "netcfg/get_domain=vagrantup.com ", 19 | "fb=false ", 20 | "debconf/frontend=noninteractive ", 21 | "console-setup/ask_detect=false ", 22 | "console-keymaps-at/keymap=us ", 23 | "grub-installer/bootdev=/dev/sda ", 24 | "" 25 | ], 26 | "boot_wait": "5s", 27 | "iso_url": "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-{{user `debian_version`}}-amd64-xfce-CD-1.iso", 28 | "iso_checksum": "745172d8ba09f054335cc738409aede5c5f3463ae39df0a008eb41ceeba44b5c", 29 | "iso_checksum_type": "sha256", 30 | "disk_size": "32768", 31 | "guest_additions_path": "VBoxGuestAdditions_{{.Version}}.iso", 32 | "guest_os_type": "Debian_64", 33 | "virtualbox_version_file": ".vbox_version", 34 | "vm_name": "osint-debian-{{user `debian_version`}}-amd64", 35 | "http_directory": "http", 36 | "headless": true, 37 | "shutdown_command": "echo 'tnis0'|sudo -S shutdown -P now", 38 | "vboxmanage": [ 39 | [ "modifyvm", "{{.Name}}", "--memory", "4096" ], 40 | [ "modifyvm", "{{.Name}}", "--cpus", "1" ], 41 | [ "modifyvm", "{{.Name}}", "--vram", "64" ], 42 | [ "modifyvm", "{{.Name}}", "--graphicscontroller", "vmsvga" ], 43 | [ "modifyvm", "{{.Name}}", "--vrde", "off" ], 44 | [ "modifyvm", "{{.Name}}", "--clipboard-mode", "bidirectional" ], 45 | [ "modifyvm", "{{.Name}}", "--draganddrop", "bidirectional" ], 46 | [ "modifyvm", "{{.Name}}", "--audio", "pulse" ], 47 | [ "modifyvm", "{{.Name}}", "--audiocontroller", "ac97" ], 48 | [ "modifyvm", "{{.Name}}", "--audioout", "on" ] 49 | ], 50 | "ssh_username": "osint", 51 | "ssh_password": "tnis0", 52 | "ssh_port": 22, 53 | "ssh_wait_timeout": "10000s" 54 | } 55 | ], 56 | "provisioners": [ 57 | { 58 | "type": "shell", 59 | "execute_command": "echo 'tnis0' | {{.Vars}} sudo -S -E bash '{{.Path}}'", 60 | "script": "scripts/system-setup.sh" 61 | }, 62 | { 63 | "type": "shell", 64 | "execute_command": "echo 'tnis0' | {{.Vars}} sudo -S -E bash '{{.Path}}'", 65 | "script": "scripts/vboxguestadd.sh" 66 | }, 67 | { 68 | "type": "shell", 69 | "script": "scripts/user-setup.sh" 70 | }, 71 | { 72 | "type": "file", 73 | "source": "files/.bashrc", 74 | "destination": "/home/osint/" 75 | } 76 | ] 77 | } 78 | -------------------------------------------------------------------------------- /files/.bashrc: -------------------------------------------------------------------------------- 1 | # ~/.bashrc: executed by bash(1) for non-login shells. 2 | # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) 3 | # for examples 4 | 5 | # If not running interactively, don't do anything 6 | case $- in 7 | *i*) ;; 8 | *) return;; 9 | esac 10 | 11 | # setup GOLANG 12 | export GOROOT=/usr/local/go 13 | export GOPATH=$HOME/go 14 | 15 | # add to path 16 | export PATH="$HOME/.local/bin:$GOPATH/bin:$GOROOT/bin:$PATH" 17 | 18 | # don't put duplicate lines or lines starting with space in the history. 19 | # See bash(1) for more options 20 | HISTCONTROL=ignoreboth 21 | 22 | # append to the history file, don't overwrite it 23 | shopt -s histappend 24 | 25 | # for setting history length see HISTSIZE and HISTFILESIZE in bash(1) 26 | HISTSIZE=1000 27 | HISTFILESIZE=2000 28 | 29 | # check the window size after each command and, if necessary, 30 | # update the values of LINES and COLUMNS. 31 | shopt -s checkwinsize 32 | 33 | # If set, the pattern "**" used in a pathname expansion context will 34 | # match all files and zero or more directories and subdirectories. 35 | #shopt -s globstar 36 | 37 | # make less more friendly for non-text input files, see lesspipe(1) 38 | #[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" 39 | 40 | # set variable identifying the chroot you work in (used in the prompt below) 41 | if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then 42 | debian_chroot=$(cat /etc/debian_chroot) 43 | fi 44 | 45 | # set a fancy prompt (non-color, unless we know we "want" color) 46 | case "$TERM" in 47 | xterm-color|*-256color) color_prompt=yes;; 48 | esac 49 | 50 | # uncomment for a colored prompt, if the terminal has the capability; turned 51 | # off by default to not distract the user: the focus in a terminal window 52 | # should be on the output of commands, not on the prompt 53 | #force_color_prompt=yes 54 | 55 | if [ -n "$force_color_prompt" ]; then 56 | if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then 57 | # We have color support; assume it's compliant with Ecma-48 58 | # (ISO/IEC-6429). (Lack of such support is extremely rare, and such 59 | # a case would tend to support setf rather than setaf.) 60 | color_prompt=yes 61 | else 62 | color_prompt= 63 | fi 64 | fi 65 | 66 | if [ "$color_prompt" = yes ]; then 67 | PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' 68 | else 69 | PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' 70 | fi 71 | unset color_prompt force_color_prompt 72 | 73 | # If this is an xterm set the title to user@host:dir 74 | case "$TERM" in 75 | xterm*|rxvt*) 76 | PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" 77 | ;; 78 | *) 79 | ;; 80 | esac 81 | 82 | # enable color support of ls and also add handy aliases 83 | if [ -x /usr/bin/dircolors ]; then 84 | test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" 85 | alias ls='ls --color=auto' 86 | #alias dir='dir --color=auto' 87 | #alias vdir='vdir --color=auto' 88 | 89 | #alias grep='grep --color=auto' 90 | #alias fgrep='fgrep --color=auto' 91 | #alias egrep='egrep --color=auto' 92 | fi 93 | 94 | # colored GCC warnings and errors 95 | #export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' 96 | 97 | # some more ls aliases 98 | #alias ll='ls -l' 99 | #alias la='ls -A' 100 | #alias l='ls -CF' 101 | 102 | # Alias definitions. 103 | # You may want to put all your additions into a separate file like 104 | # ~/.bash_aliases, instead of adding them here directly. 105 | # See /usr/share/doc/bash-doc/examples in the bash-doc package. 106 | 107 | if [ -f ~/.bash_aliases ]; then 108 | . ~/.bash_aliases 109 | fi 110 | 111 | # enable programmable completion features (you don't need to enable 112 | # this, if it's already enabled in /etc/bash.bashrc and /etc/profile 113 | # sources /etc/bash.bashrc). 114 | if ! shopt -oq posix; then 115 | if [ -f /usr/share/bash-completion/bash_completion ]; then 116 | . /usr/share/bash-completion/bash_completion 117 | elif [ -f /etc/bash_completion ]; then 118 | . /etc/bash_completion 119 | fi 120 | fi 121 | 122 | 123 | -------------------------------------------------------------------------------- /http/preseed.cfg: -------------------------------------------------------------------------------- 1 | # Copied from examples, not sure if required 2 | apt-cdrom-setup apt-setup/cdrom/set-first boolean false 3 | apt-mirror-setup apt-setup/use_mirror boolean true 4 | choose-mirror-bin mirror/http/proxy string 5 | 6 | #### Contents of the preconfiguration file (for buster) 7 | ### Localization 8 | d-i debian-installer/language string en 9 | d-i debian-installer/country string US 10 | d-i debian-installer/locale string en_US.UTF-8 11 | 12 | # Keyboard selection. 13 | d-i keyboard-configuration/xkb-keymap select us 14 | 15 | ### Network configuration 16 | # Disable network configuration entirely. This is useful for cdrom 17 | # installations on non-networked devices where the network questions, 18 | # warning and long timeouts are a nuisance. 19 | #d-i netcfg/enable boolean false 20 | 21 | # netcfg will choose an interface that has link if possible. This makes it 22 | # skip displaying a list if there is more than one interface. 23 | d-i netcfg/choose_interface select auto 24 | 25 | ### Mirror settings 26 | # If you select ftp, the mirror/country string does not need to be set. 27 | #d-i mirror/protocol string ftp 28 | d-i mirror/country string manual 29 | d-i mirror/http/hostname string httpredir.debian.org 30 | d-i mirror/http/directory string /debian 31 | d-i mirror/http/proxy string 32 | 33 | ### Account setup 34 | # Configure root 35 | d-i passwd/root-login boolean false 36 | d-i passwd/root-password password t00r 37 | d-i passwd/root-password-again password t00r 38 | 39 | # To create a normal user account. 40 | d-i passwd/user-fullname string osint 41 | d-i passwd/username string osint 42 | d-i passwd/user-password password tnis0 43 | d-i passwd/user-password-again password tnis0 44 | d-i passwd/user-uid string 1010 45 | 46 | # User config 47 | d-i user-setup/allow-password-weak boolean true 48 | d-i user-setup/encrypt-home boolean false 49 | 50 | # The user account will be added to some standard initial groups. To 51 | # override that, use this. 52 | #d-i passwd/user-default-groups string audio cdrom video 53 | 54 | ### Clock and time zone setup 55 | d-i clock-setup/utc boolean true 56 | d-i clock-setup/utc-auto boolean true 57 | d-i time/zone string UTC 58 | 59 | ### Partitioning 60 | d-i partman-auto/method string lvm 61 | d-i partman-auto-lvm/guided_size string max 62 | d-i partman-lvm/device_remove_lvm boolean true 63 | d-i partman-lvm/confirm boolean true 64 | d-i partman-lvm/confirm_nooverwrite boolean true 65 | d-i partman-auto/choose_recipe select atomic 66 | 67 | # This makes partman automatically partition without confirmation, provided 68 | # that you told it what to do using one of the methods above. 69 | d-i partman-partitioning/confirm_write_new_label boolean true 70 | d-i partman/choose_partition select finish 71 | d-i partman/confirm boolean true 72 | d-i partman/confirm_nooverwrite boolean true 73 | 74 | ### Base system installation 75 | # The kernel image (meta) package to be installed; "none" can be used if no 76 | # kernel is to be installed. 77 | d-i base-installer/kernel/image string linux-image-amd64 78 | 79 | ### Apt setup 80 | # You can choose to install non-free and contrib software. 81 | #d-i apt-setup/non-free boolean true 82 | #d-i apt-setup/contrib boolean true 83 | d-i apt-setup/use_mirror boolean true 84 | # required to get around an error during install 85 | d-i apt-setup/services-select multiselect 86 | 87 | ### Package selection 88 | tasksel tasksel/first multiselect standard, xfce-desktop 89 | 90 | # Individual additional packages to install 91 | d-i pkgsel/include string openssh-server linux-headers-amd64 build-essential ffmpeg vlc python-pip python3-pip git mediainfo-gui libimage-exiftool-perl webhttrack keepassxc kazam 92 | 93 | # Upgrade packages after debootstrap. 94 | d-i pkgsel/upgrade select full-upgrade 95 | 96 | # Set update policy 97 | d-i pkgsel/update-policy select unattended-upgrades 98 | 99 | # Some versions of the installer can report back on what software you have 100 | # installed, and what software you use. The default is not to report back, 101 | # but sending reports helps the project determine what software is most 102 | # popular and include it on CDs. 103 | popularity-contest popularity-contest/participate boolean false 104 | 105 | ### Boot loader installation 106 | # This is fairly safe to set, it makes grub install automatically to the MBR 107 | # if no other operating system is detected on the machine. 108 | d-i grub-installer/only_debian boolean true 109 | 110 | # Due notably to potential USB sticks, the location of the MBR can not be 111 | # determined safely in general, so this needs to be specified: 112 | d-i grub-installer/bootdev string /dev/sda 113 | # 114 | ### Finishing up the installation 115 | # Avoid that last message about the install being complete. 116 | d-i finish-install/reboot_in_progress note 117 | 118 | # Prevent packaged version of VirtualBox Guest Additions being installed: 119 | d-i preseed/early_command string sed -i \ 120 | '/in-target/idiscover(){/sbin/discover|grep -v VirtualBox;}' \ 121 | /usr/lib/pre-pkgsel.d/20install-hwpackages 122 | 123 | # Comment out cdrom in apt/sources.list 124 | d-i preseed/late_command string sed -i '/^deb cdrom:/s/^/#/' /target/etc/apt/sources.list 125 | -------------------------------------------------------------------------------- /scripts/system-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | apt-get update 3 | 4 | # install golang 5 | wget https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz 6 | tar -C /usr/local -xzf go1.13.6.linux-amd64.tar.gz 7 | 8 | # install google earth pro 9 | wget -O google-earth64.deb http://dl.google.com/dl/earth/client/current/google-earth-stable_current_amd64.deb 10 | dpkg -i google-earth64.deb 11 | # need to understand what this line does 12 | apt-get -f install; rm google-earth64.deb 13 | 14 | -------------------------------------------------------------------------------- /scripts/user-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Make some directories 4 | mkdir $HOME/go 5 | mkdir -p $HOME/Downloads/Programs 6 | 7 | # Install PIP software 8 | # installing all pip software system-wide due to Eyewitness requirement to install as root 9 | # python 2 10 | echo 'tnis0'|sudo -S pip install --upgrade youtube_dl 11 | echo 'tnis0'|sudo -S pip install Instalooter 12 | # python 3 13 | echo 'tnis0'|sudo -S pip3 install Instaloader 14 | echo 'tnis0'|sudo -S pip3 install twint 15 | 16 | 17 | # Install from source 18 | # Eyewitness 19 | cd ~/Downloads/Programs 20 | git clone https://github.com/ChrisTruncer/EyeWitness.git 21 | cd EyeWitness/setup 22 | echo 'tnis0'|sudo -S ./setup.sh 23 | 24 | # Amass 25 | cd ~/Downloads/Programs 26 | export GO111MODULE=on 27 | export GOROOT=/usr/local/go 28 | export GOPATH=$HOME/go 29 | export PATH=$GOPATH/bin:$GOROOT/bin:$PATH 30 | go get -v -u github.com/OWASP/Amass/v3/... 31 | 32 | # Sublist3r 33 | cd ~/Downloads/Programs 34 | git clone https://github.com/aboul3la/Sublist3r.git 35 | cd Sublist3r 36 | echo 'tnis0'|sudo -S pip install -r requirements.txt 37 | 38 | # Photon 39 | cd ~/Downloads/Programs 40 | git clone https://github.com/s0md3v/Photon.git 41 | cd Photon 42 | echo 'tnis0'|sudo -S pip3 install -r requirements.txt 43 | 44 | # theHarvester 45 | cd ~/Downloads/Programs 46 | git clone https://github.com/laramies/theHarvester.git 47 | # need to understand why we are checking out a branch 48 | cd theHarvester 49 | git checkout 8b88a66 50 | echo 'tnis0'|sudo -S pip3 install -r requirements.txt 51 | 52 | -------------------------------------------------------------------------------- /scripts/vboxguestadd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Install additional guests 4 | mkdir /tmp/vbox 5 | VER=$(cat /home/osint/.vbox_version) 6 | mount -o loop /home/osint/VBoxGuestAdditions_$VER.iso /tmp/vbox 7 | yes | sh /tmp/vbox/VBoxLinuxAdditions.run 8 | umount /tmp/vbox 9 | rmdir /tmp/vbox 10 | rm /home/osint/*.iso 11 | ln -s /opt/VBoxGuestAdditions-*/lib/VBoxGuestAdditions /usr/lib/VBoxGuestAdditions 12 | 13 | # Add user to vbox group 14 | usermod -a -G vboxsf osint 15 | 16 | # Cleanup 17 | rm -rf VBoxGuestAdditions_*.iso VBoxGuestAdditions_*.iso.? 18 | rm -rf /usr/src/virtualbox-ose-guest* 19 | rm -rf /usr/src/vboxguest* 20 | --------------------------------------------------------------------------------