Tell me what you have, or pick a shortcut. I will point you to the right CSINT page and the next safe step.
Project / GIAC GOSI
GOSI-Ready OSINT VM
A repeatable Ubuntu workstation for legal, passive OSINT practice.
GOSI-Ready OSINT VM builds a clean Ubuntu Desktop 24.04 LTS analyst workstation with case folders, evidence logs, source reliability matrices, OPSEC notes, and report templates. It is designed for GIAC GOSI and SANS SEC497 practice, but it also works as a disciplined local lab for public-source research.
Why this exists
Script-first is safer to inspect.
A ready-made VM image can accidentally carry browser sessions, tokens, shell history, cache files, keys, downloads, or personal settings. That is a real privacy and security risk for both the publisher and the person importing the image.
This project keeps the default path transparent: start from a fresh Ubuntu VM, read the setup script, and run it yourself. If an OVA is published later, it is treated as a convenience option, not the trusted core of the project.
Install paths
Use the setup script, or import an OVA when a release exists.
Recommended
Fresh VM plus setup script
Clone the public repo, read setup.sh, and run it on a clean Ubuntu Desktop 24.04 LTS VM. This is the most auditable path.
Optional
OVA image
A cleaned VirtualBox image can be published later through GitHub Releases. Import it only after checking the SHA-256 file.
What it installs
Conservative tools from Ubuntu repositories.
Core utilities
git, curl, wget, gnupg, ca-certificates, file, unzip, p7zip-full, tree, ripgrep, jq
Domain and DNS
whois, dnsutils, dig, RDAP and DNS workflow notes
Metadata and files
exiftool, mat2, mediainfo, tesseract-ocr, poppler-utils, imagemagick
Documentation
flameshot, gimp, libreoffice, geany, evidence templates
Data and scripts
sqlitebrowser, python3, venv, pipx, a cautious osint-basic Python environment
Credential hygiene
keepassxc and OPSEC checklist notes
Boundaries
What this VM does not do.
- No exploit, brute-force, malware execution, credential theft, or offensive automation tooling.
- No automatic account enumeration tools by default.
- No third-party PPA and no curl-to-shell install pattern.
- No identity hiding promise. NAT still exits through the host network.
- No doxxing, harassment, leaked database collection, or private-data hunting workflow.
Example workflow
Collect, verify, document, report.
01
Collect
Save the original public source, timestamp, screenshot, and visible context.
02
Verify
Check independent sources, archives, metadata, and source reliability.
03
Document
Keep evidence IDs, facts, assumptions, confidence, and limits separate.
04
Report
Write concise findings without overstating what the evidence supports.
Start here
The public repo contains the setup script, VM guide, tool list, OPSEC checklist, case templates, and OVA import guide. The OVA itself is not stored in git.