Tell me what you have, or pick a shortcut. I will point you to the right CSINT page and the next safe step.
Project page
GOSI-Ready OSINT VM / Download
Download and import
A repeatable OSINT analyst workstation for GIAC GOSI practice.
There are two ways to get the lab. Both produce the same Ubuntu 24.04 workstation. The difference is auditability versus speed. Whichever path you choose, this VM is only a work environment. It is not an identity hiding tool and it is not an offensive distribution.
Download options
Two installation paths.
| Method | Best for | What you do |
|---|---|---|
| Install with setup scriptRecommended | Auditability and learning | Clone the GitHub repo, read setup.sh, then run it on a fresh Ubuntu VM. |
| Import OVA imageOptional | Speed and convenience | Download the OVA and .sha256 file from GitHub Releases when an OVA release exists. |
Recommended path
Install with the setup script.
- 01Create a fresh Ubuntu Desktop 24.04 LTS VM.
- 02Clone the public GitHub repo and read setup.sh.
- 03Run the setup script. It installs conservative tools and creates the ~/OSINT workspace.
The public GitHub repo is open. The setup script, VM guides, tool list, OPSEC notes, and report templates live there. The OVA image will not be committed to git.
Release plan
- The public repo is open and contains setup.sh, VM setup docs, tool lists, OPSEC notes, report templates, and OVA import guidance.
- The OVA file will not be stored in git. Large VM images belong in GitHub Releases with a matching .sha256 file.
- When an OVA release is published, this page will link directly to the release and checksum.
OVA image
A ready image can be published later.
OVA release status
The public repo is open, but the OVA release is not published yet. There is no direct OVA download link right now. When it is ready, the image will be published through GitHub Releases with a matching SHA-256 checksum.
Verify before import
Always check the SHA-256 checksum.
If the checksum does not match the published value, do not import the image.
# Linux, inside the folder that contains the OVA and .sha256 file sha256sum -c GOSI-Ready-OSINT-VM.ova.sha256
# Windows PowerShell, compare this value with the published .sha256 file Get-FileHash .\GOSI-Ready-OSINT-VM.ova -Algorithm SHA256
First boot
After importing an OVA.
- 01Sign in with the analyst user if you imported an OVA.
- 02Change the password immediately.
- 03Run ./scripts/post-import-check.sh to verify the lab state.
- 04Create your own VirtualBox snapshot before starting real practice.
- 05Read opsec-checklist.md, then start the first case with ./scripts/create-case.sh.
Scope
What this VM is and is not.
This VM is
- A clean Ubuntu-based analyst workstation for legal, passive, public-source OSINT practice.
- A structured local workspace with case folders, evidence logs, source reliability matrices, timelines, and report templates.
- A study aid aligned with GIAC GOSI and SANS SEC497 style workflows.
This VM is not
- It does not hide your identity. NAT traffic still exits through the host network.
- It does not remove legal, ethical, or OPSEC risk.
- It is not an offensive distribution and does not include exploit, brute-force, or malware execution tooling.
- It is not for doxxing, harassment, leaked database collection, dark web scraping, or private-data hunting.