For anyone using open source information to conduct an investigation, a balance between powerful tools and privacy controls is essential. Buscador is a virtual machine full of useful OSINT tools and optimized for online research. This program can be easily set up in VirtualBox, and once that's done, we'll guide you through some of the most useful tools in it.
When I used staff from Uber research tools such as The Harvester and Maltego, the response ranged from wide-eyed to suspicious questions about the legality of the programs. Most people have similar responses to the amount and type of information that can be obtained from open sources. OSINT search tools provide access to the incredible amount of data our society produces, often as forensic clues to investigate a crime or as a scouting tool to help a hacker plan his attack.
With all available data in the digital world, the problem for a researcher is rare, whether the information exists or not; The amount of data available is overwhelming and difficult to sort, but the right data is almost always there. Instead, finding the most efficient path to the right data is one of the key challenges an investigator faces. This means that you use tools that are much more sophisticated than a Google search to find clues to a target. There are a lot of great tools for doing that, but installing and configuring these systems can be very painful.
Speakers Mike Bazzell and David Westcott say that many police departments have behaved in the reliability of OSINT research. They have set themselves the goal of creating a dedicated VM that brings together the most effective OSINT tools and customized scripts that are used by you and other investigators. Another focus of this VM was security, stealth, and the ability to easily store digital forensic evidence found during an investigation.
Hackers can imagine the Buscador OSINT virtual machine as an OSINT-focused version of Kali Linux. Bascador is not based on Debian but on Ubuntu and does not include the impressive cyber weapons that Kali offers, but instead includes a collection of useful OSINT, privacy and capture tools in a secret package. Since detection of detection errors is a goal that investigators and hackers share, Buscador comes pre-installed with Tor and other useful privacy tools.
Buscador VM can also be booted from any USB flash drive on any available computer, loaded on the hard drive and booted directly. This gives you the flexibility to use it anywhere you have access to a computer, whether or not you have your own personal device with you. With 3.5 GB, the VM image is compact and easy to transport on a flash drive with 8 GB or more.
Extensively documented in the book "Open Source Intelligence Techniques" by Mike Bazzell, Buscador promotes good research habits and empowers researchers to find more clues in their investigations. Some familiar tools like Maltego, Recon-ng, Creepy, Spiderfoot, TheHarvester, Sublist3r, and other tools that we've treated in zero bytes are preinstalled.
Get Bazzell's Book on Amazon: Open Source Intelligence Techniques: Resources to Find and Analyze Online Information
What You Need
It's easy to try Buscador. You must download the latest version of Buscador from the IntelTechniques website. The latest VirtualBox version of August 2018 is Buscador 1.2.
Next you need to download VirtualBox and the VirtualBox Extension Pack to run the virtual machine. Make sure that you install both before proceeding, as running Buscador without the expansion pack can make Buscador's use more annoying by triggering an escape sequence to unmount the mouse from the VM
Once You have installed both VirtualBox and the VirtualBox Extension Pack, you can proceed with the first step to setting up Buscador.
Step 1: Importing and Configuring the Virtual Appliance
First, we need to import the appliance and make some settings. Open VirtualBox and click "File" from the drop-down menu and then "Import Appliance" to select the Buscador .OVA file that you downloaded earlier. Then select "Next".
Click Import to load the virtual machine.
Next, click on "Preferences" and rename the Buscador VM on the "General" tab to something you will remember. Under "Advanced," change the "Shared Clipboard" to "Bidirectional" to allow copying and pasting between the guest and host systems.
Click the System tab and add about half of the "motherboard" total system RAM for the virtual machine. Then click the Display tab and then click Screen to increase Video Memory to at least 128 MB, so that video and other digital evidence can be displayed correctly.
To do this, click the Storage tab, then click the plus icon in the lower-left corner, select Add Optical Drive, and then select "Leave Empty" option.
Finally, click the Shared Folders tab and select the plus icon on the right. Now you can create or select a folder that you want to use to store evidence from Buscador on your computer. Once selected, make sure the folder is set to "Auto-mount".
This complete solution allows you to run Buscador for the first time. Click "OK" to save the settings, then select the Buscador VM from the list of VMs in VirtualBox and click the green "Start" button.
After the Buscador boots you should find yourself in a login menu with a spooky OSINT guy, possibly a self-portrait by Mike Bazzell, as wallpaper. The default username is osint and you can log in with the password osint .
Once you're logged in and the desktop has booted, click the Devices tab at the top of the VirtualBox menu, and then select " Insert Guest Additions CD image "to display the CD in Buscador. If it does not run automatically, select the CD on the desktop and click Run Software to automatically run the Guest Addition Installer. Restart the virtual machine after the installation is complete.
After logging in and loading the desktop, open a terminal window. We need to add the "osint" user to the "vboxsf" user group. To do this, we type the following and press Return / Enter .
sudo adduser osint vboxsf  Enter the password (osint) and restart the VM when the process is complete.
After these steps have been completed, your Buscador will be set up and ready to use!
Buscador offers a number of browsers preconfigured with the most useful add-ons and extensions for investigators. This curated list focuses on collecting clues that you will find for further reviews and analysis, and we will be going into some of the most useful ones for Firefox.
Firefox is a fast and powerful browser that comes with eight browser add-ons installed in Buscador. You will see the icons in the upper right corner of the browser. The first two, Nimbus Capture and FireShot, are designed to take detailed screenshots of interesting pages so you can archive them, take notes, or even make PDF copies of websites.
Next are two browser enhancements for collecting video and audio that are published online. With these you can save all video files either individually or in large quantities with Video DownloadHelper or Bulk Media Downloader.
Ublock Origin should be known to anyone who does not want to be tracked or wants to see ads in its content. but the User-Agent Switcher could be an interesting new toy for many researchers. The User-Agent Switcher add-on changes the operating system and browser type that your browser sends with each request. So you can pretend that you are any device. This is useful for getting the mobile version of a webpage or doing something you can not do on a desktop device (for example, a photo on Instagram).
The last two add-ons for Firefox are Google Translate to help you quickly translate pages in other languages and the super-helpful Resurrect pages, which will find old versions of web pages that have been changed or deleted so you can see them What people are hiding.
Chrome Browser Extensions
Google Chrome, which defaults to incognito mode, is also included in Buscador. It includes even more extensions than Firefox, including Ublock Origin, Fireshot, and 15 other extensions.
Chrome has a User-Agent Switcher and Wappalyzer that breaks down the underlying technology of a website to analyze websites
Shodan as a browser extension is also very useful for discovering information about a specific site in Shodan. Privacy tools such as HTTPS Everywhere and WebRTC Leak Prevent aim to isolate the investigator of malicious web pages or potential detection.
These browser tools can cleverly be used together to trigger attacks such as finding a user's Tinder profile.
Step 4: Use the Helpful Tools
Apart from Maltego Community Edition, there are several tools well documented on zero bytes that are included in Buscador. You should review these OSINT staples to get a feel for what Buscador has to offer.
For email scraping, Buscador comes with TheHarvester, which you can search for All the email addresses of a domain you are interested in ,
Also included is the powerful cross-platform OSINT Spiderfoot tool. Spiderfoot autonomously collects information about a target and converts the results into an easily understandable report.
Based on Metasploit, Recon-ng is a complete Python module for the education of Tim Tomes, which is popular with hackers and investigators.
Although we have not covered all the tools available in Buscador for zero bytes, there are many useful, customized scripts for downloading videos and images from targeted social media accounts and other places where people share information about themselves. With these tools, we can capture, process and analyze large volumes of data with just a few clicks.
We'll cover some of these tools in more detail in a next tutorial, but if you want to learn more about Mike Bazzell's OSINT techniques, you can read his book.
Buscador can help you follow the clues
After I set up Buscador, I recommend checking one of the zero byte guides on the included OSINT tools to get a head start in performing your first investigation , It's important to practice using these tools to answer a question rather than looking for information. Without doing so, you will probably be lost in the sea of information that OSINT tools can return. There is little value in all of this data if it fails to answer a question that guides the investigator's understanding of the situation.
Since no investigation can succeed without answering well-posed questions, the goal of this specialized VM is to help a researcher by bringing together all the tools and data they need to decide which questions to ask. If you need a powerful and convenient system to conduct research outside of Google Search, Buscador will help you find the answers you need.
I hope you liked this tutorial on setting up the virtual Buscador OSINT machine! If you have questions about this tutorial on Buscador or have a comment, you can reach me on Twitter @KodyKinzie .