My Bio Box
thisisatestaccountwithalong replied to a thread
![[Image: 8bZfA-IcQ0iSU_aCzJ6JPg.png]](https://image.prntscr.com/image/8bZfA-IcQ0iSU_aCzJ6JPg.png)
Introduction
A friend of mine recently recommended me to use an OS made specifically designed for online investigations. I was doing some research but didn't find much until I stumbled on a website some of you may know, IntelTechniques. Most visitors use the website for their free online investigation tools found here, but apparently they also made their very own OS, Buscador. Buscador, Spanish for Search Engine, is based on Ubuntu Linux and the build is designed to run on a Virtual Machine.
Why should I use Buscador?
If you are not used to using a Linux build this one is perfect for you. Unlike traditional Linux builds where most tools are ran by using commands in the Terminal, Buscador has a UI for every tool pre-installed on the build. Your options when it comes to pentesting will be limited though. If you are a pentester I strongly recommend using a different Linux build.
Technical information
Version: v1.1
Release date: 07/05/2017
ETA on v1.2: end of January 2018. This tutorial will be updated when Buscador has been updated.
Installation
First decide what Virtual Machine you want to run Buscador on. VirtualBox is free and will be discussed in this tutorial, while VMWare is a premium service. Although Buscador was designed to run on a VM you can also find an experimental USB Boot on IntelTechnique's website.
Downloading Buscador
Virtualbox: Click to download! (MD5: 52bd85e7037c7523f85728761039d1ae)
VMWare: Click to download! (MD5: 0e4a4d1a2c731fa2d3f7a24dde99460b)
ISO (experimental USB Live Boot): Click to download! (MD5: 255fdf5e562d25a9ccccad97d5a83473)
Installation & Configuration
In this tutorial we'll be showing you how to install Buscador in Virtualbox. Configuring Buscador is very straight-forward but to make things even easier I have added pictures for some steps in the installation process.
- Download Virtualbox & Buscador
- Launch Virtualbox, Under the 'File...' tab, click the 'Import' button and import the OVA file you downloaded. This process should only take a few minutes. (Image)
- Before launching the VM, we'll have to edit some settings. Highlight the machine and click the 'Settings' button. If you want you can change the name of the machine now. (Image)
- Under 'General' go to 'Advanced' and change the 'Shared Clipboard' setting to bi-directional. This way you can easily copy information from your VM to your computer and vice versa.
- Under 'System' > 'Motherboard' increase the RAM to half of your computer's capacity. (Image)
- Under 'Display' > 'Screen' increase Video Memory to 128 MB.
- Under 'Storage' add a new optical drive. You can do this by right-clicking the plus icon on the left. Choose 'Add optical drive' & 'Leave empty' option.
- Now go to 'Shared folders' and click the plus icon on the right. Choose the folder to collect evidence on and select 'Auto-Mount'. (Image)
- We can now launch the machine! Default username is 'osint'. Default password is 'osint'
- Configuration is not completely done yet though. In the VirtualBox menu select 'Devices' > 'Insert Guest Additions CD Image'
- Let the Image be installed and reboot your system. This may take a few minutes to complete. (Image)
- Open up the Terminal and type the following command: sudo adduser osint vboxsf
- Reboot your system and configuration is done!
If you plan on running Buscador in VMWare or by USB Live boot, check out the installation guide found here!
Snapshots
After doing some investigations you have the risk of your VM being cluttered with information you no longer need. Therefor I highly recommend making a snapshot of your fresh Buscador build. Shut down your VM completely and click the Snapshots button. Click the plus button and name the Snapshot whatever you want.
![[Image: 6CPQjkAAQ8e1_8wRGAATrQ.png]](https://image.prntscr.com/image/6CPQjkAAQ8e1_8wRGAATrQ.png)
If you ever want to revert to your old snapshot just right-click it and click the 'Restore...' option.
Features
The current build is 3,5 GB and includes, but isn't limited to the following resources:
Custom Firefox & Chrome install with add-ons
- Default extensions in Firefox: Copy All, Disconnect, DownThemAll, DuckDuckGo, Exif Viewer, Firegestures, Firefox, FoxyProxy, Foxyspider, gtranslate, HTTPS Everywhere, JSONView, Nimbus Screen Capture, NoScript, Self-Destructing Cookies, UA Switches, Video Downloader.
- Default extensions in Google Chrome: DuckDuckGo, GNOME Shell Integration, G Docs, HTTPS Everywhere, ipinfo, JSON Viewer, Lightshot, Prophet, Proxy SwitchYOmega, Shodan, Threatpinch Lookup, uBlock Origin (+ Extra), UA Switcher, Wappalyzer, WEBRTC Leak Prevent Toggle
Video Manipulation Utilities (FFmpeg)
FFmpeg is a cross-platform solution to convert audio and video.
Youtube Downloader
A simple command-line tool that downloads videos from Youtube. Comes with a UI in Buscador.
Recon-NG
Recon-NG is a web reconnaissance framework written in Python. Documentation can be found here.
Some users have reported Recon-NG does not work in Buscador v1.1.
The developers are aware of the issue and will fix this in v1.2 (coming out Jan 2018)
![[Image: i1-29bhDRR_Th1KFbJNyGA.png]](https://image.prntscr.com/image/i1-29bhDRR_Th1KFbJNyGA.png)
Maltego
Before using Maltego you'll have to sign up for free on Paterva.
Cree.py
This is honestly one of my favorite tools. I made a tutorial on configuring Creepy earlier, you can find that tutorial here!
Metagoofil
Very powerful tool for collecting meta-data from websites.
Example output for Youtube
Code
======== /home/osint/Metagoofil/docs_youtube.com/jp.pdf
File Name : jp.pdf
MIME Type : application/pdf
PDF Version : 1.3
Page Count : 9
Title : YouTubeNextUp2017JapanContestRulesJAPAN_FINALV2
Producer : Mac OS X 10.12.4 Quartz PDFContext
Create Date : 2017:04:28 16:10:03ZExiftool
Extracts meta-data from images. Also allows you to delete or edit meta-data too.
Example output from this image
Code
File Name : Priam's_treasure.jpg
Orientation : Horizontal (normal)
Caption Writer : Susan Jane Williams
Legacy IPTC Digest : 5A29C52C2E2B7308256F9615389F5A61
Workagent : Heinrich Schliemann (German archaeologist)
Worktitle : Priam’s Treasure (Gold of Troy)
Workdescription : Heinrich Schliemann (German archaeologist, 1822-1890); Priam’s Treasure; Gold of Troy; partial view; 1873 (discovery) Nearly all Schliemann’s material, which was in Berlin at the end of World War II, disappeared in 1945; gold, electrum, silver, and bronze
Workrights : publicDomain
Image Size : 400x600
Megapixels : 0.240MediaInfo
MediaInfo is another tool that is able to extract meta-data from media files.
![[Image: vMw6JXmLRym5V7SimgVXgA.png]](https://image.prntscr.com/image/vMw6JXmLRym5V7SimgVXgA.png)
Harvester
'The Harvester' scans domains for emails and hosts. An example output can be seen here. (Large image)
WayBack Packer
The WayBack Packer allows you to download the entire WB archive for a specific URL.
HTTrack
HTTrack allows you to completely copy websites.
Snapper
Another tool that lets you take snapshots of domains.
Knock
Knock is a subdomain scanner, that scans for DNS zone transfer and tries to bypass the wildcard DNS record (if enabled). Tool is very easy to use.
Subbrute
Very similar to Knock. It also scans for subdomains.
Twitter Export
Exports data retrieved from Twitter profiles.
Currently does not work for everyone in v1.1
Tinfoleak
Analyzes Twitter profiles and saves the output to a html document.
Veracrypt
Veracrypt is a free disk encryption tool based on Truecrypt.
Keepass
Keepass allows you to store your passwords safely.
You have reached the end of this tutorial. Thank you for taking the time to read this. I hope some of you have learnt something or started using Buscador thanks to this thread. I'd truly appreciate it if you left me some feedback below. I'm always eager to learn and your input will be very much appreciated!
The text editor was so annoying when I tried to post this.
Polls look weird too. Can’t vote either.
Replies (6)
I can’t even vote on the poll.
You need a good time with the new guy in your car so I’ll talk later I will see what he can get on Twitter it was the best day I had a great day I was thinking of coming to the party and then
Replies (3)