What Is Buscador?
Buscador is a virtual machine packed full of useful OSINT tools and streamlined for online research. This program can easily be set up in VirtualBox, and I will be walking you through how to set it up below and then provide links to awesome articles on how to use some of the tools.
Hackers can think of the Buscador OSINT virtual machine like an OSINT-focused version of Kali Linux. Based on Debian in v2.0, Buscador does not include the formidable set of cyber weaponry that Kali boasts, instead there is a hand-picked collection of useful OSINT, privacy, and capture tools in one stealthy package. Because avoiding detection is a goal of both investigators and hackers share, Buscador comes with Tor preinstalled and boasts other helpful privacy tools.
Buscador urges good research habits and inspires researchers to find more clues within their investigations.
What You Will Need
Trying out Buscador is easy. You’ll need to download the most current version of Buscador from the IntelTechniques website, the latest version as of this blog is 2.0. Do yourself a favor and download the VM from their Google Drive mirror as it is much faster.
Next, you’ll need to download VirtualBox, as well as the VirtualBox Extension Pack to run the virtual machine. I am still recommending version 5 of Virtualbox if your host is Windows 10, this is due to the way it interacts with the hypervisor services. With recent Specter/Meltdown kernel fixes in Debian, the Windows 10 hypervisor services might prevent the VM from booting.
Make sure to install both before continuing, as running Buscador without the extension pack can make using Buscador more annoying by requiring you to hit an escape sequence to release the mouse from the VM.
Once you’ve installed both VirtualBox and the VirtualBox Extension Pack, you can proceed to the first step of setting up Buscador.
Import & Configure the Virtual Appliance
First, we will need to import the appliance and adjust a few settings. Open VirtualBox, and in the drop-down menu, click on File and then Import Appliance to select the Buscador .OVA file you downloaded previously. Then, select Continue.
Go ahead and click Next to show a summary screen, then click Import to load the virtual machine.
Next, click on Settings, and in the General tab, rename the Buscador VM to something you will remember. Under Advanced, change Shared Clipboard to Bi-Directional to allow copying and pasting between the guest and host system.
Click on the System tab, and under Motherboard, add about half of the total system RAM to the virtual machine. Then, click the Display tab and then Screen to increase Video Memory to at least 128 MB, to allow for video and other digital evidence to be displayed properly.
When this is done, click on the Storage tab, then click on the plus-shaped icon in the lower-left corner, select Add Optical Drive, and then select the Leave Empty option.
Finally, click on the Shared Folders tab, and select the plus-shaped icon on the right. Now, you can create or select which folder you want to use to save evidence from Buscador onto your computer. Once this is selected, make sure the folder is set to Auto-mount.
With this complete, you’re ready to run Buscador for the first time. Click OK to save the settings, and then select the Buscador VM from the list of VMs in VirtualBox, and click the green Start button.
Run Buscador for the First Time
After Buscador boots, you should find yourself at a login menu with a spooky OSINT guy as the wallpaper. The default username is osint, and you can log in with the password osint.
Once you’ve logged in and the desktop has booted, click on the “Devices” tab at the top of the VirtualBox menu, and then select Insert Guest Additions CD Image to show the CD in Buscador. If it doesn’t auto-run, select the CD on the desktop, then click Run Software to auto-run the Guest Additions installer. Once it’s finished installing, restart the virtual machine.
After logging in again and loading the desktop, open a terminal window. You will need to add the osint user to the vboxsf user group, and to do so, type the following and press Return/Enter.
Supply the password (osint) and then reboot the VM again when the process is complete.
Now that these steps are complete, your Buscador is set up and ready to use!
Links To Some Awesome How To Guides
- Maltego – https://null-byte.wonderhowto.com/collection/maltego/
- Recon-Ng – https://null-byte.wonderhowto.com/how-to/hack-like-pro-reconnaissance-with-recon-ng-part-1-getting-started-0169854/
- Spiderfoot – https://null-byte.wonderhowto.com/how-to/use-spiderfoot-for-osint-gathering-0180063/
- TheHarvester – https://null-byte.wonderhowto.com/how-to/scrape-target-email-addresses-with-theharvester-0176307/
- Sublist3r – https://null-byte.wonderhowto.com/how-to/quickly-look-up-valid-subdomains-for-any-website-0184426/