Trace Labs OSINT Virtual Machine: December 2025 Release Assessment

Trace Labs OSINT VM

Executive Summary

This report evaluates the December 2025 release of the Trace Labs OSINT Virtual Machine (VM). Originally designed to support “Search Party” CTFs for missing persons, the VM has developed into a comprehensive, Kali Linux-based environment tailored for both novice and experienced investigators.

The latest update introduces significant stability via ShellCheck integration and offers two distinct deployment paths: a lightweight standalone script and a comprehensive 5-6GB Full VM Build.

Key findings highlight the inclusion of advanced reconnaissance tools like Spiderfoot, an automated OSINT Updater, and a strategic dual-browser configuration.

Overview of OSINT Trace Labs December 2025 Release

The Trace Labs OSINT VM is a specialised operating system built to aggregate effective tools and scripts used in modern digital investigations.

Kali Linux forms the basis of the environment, inheriting its robust security architecture and layering on OSINT-specific customisations. This platform operates as a central resource, featuring pre-installed tools for online investigation, data visualisation, enabling immediate deployment.

The latest iteration (tl-osint-2025.12) represents a shift towards better code maintenance and modern browsing standards. The distribution has officially transferred its primary delivery mechanism to GitHub, increasing transparency and version control.

Users can choose between two primary acquisition methods depending on their technical requirements and bandwidth:

  1. Configured VM + Standalone Script: A modular approach for those wishing to apply Trace Labs customisations to an existing environment.
  2. Full VM Build (~5-6GB): A turnkey solution featuring an extensive suite of pre-installed tools and pre-configured dependencies.

Significant technical changes include:

  • Browser Diversification: The addition of Brave Browser support, offering a privacy-centric alternative to the standard Firefox installation.
  • Code Integrity: The implementation of ShellCheck during Continuous Integration (CI) and the fixing of shell script warnings, ensuring the underlying custom scripts are more stable.
  • Updated Dependencies: Inclusion of sn0int build dependencies and the adoption of apt.vulns.xyz for package management.
  • Artifact Accessibility: The tlosint-tools.sh script is now provided as a standalone release artifact, simplifying manual tool updates.

Technical Specifications

Feature Detail
Download Size (Full) Approximately 5–6 GB
Format / Hypervisor .ova / Oracle VirtualBox
Default Credentials user: osint / password: osint
Primary OS Kali Linux (with Undercover Windows 10 mode)
Trace Labs Mozilla Firefox_SpecialEurasia
Trace Labs OSINT VM: Bookmarks on Mozilla Firefox
OSINT TraceLabs Windows Mode
Trace Labs OSINT VM: Kali Linux Incognito Mode

The Trace Labs VM engineers the system specifically to lower the barrier to entry for investigators who may not be accustomed to the Linux terminal. The Full VM Build offers:

  • Mozilla Firefox: Serves as the Curated Intelligence Hub, containing the comprehensive library of OSINT bookmarks categorised by investigative purpose.
  • Brave Browser: Provided as a privacy-centric alternative for general research, though it lacks the pre-configured OSINT bookmark suite found in Firefox.
  • Reconnaissance Powerhouses: Pre-installation of Metagoofil (metadata extraction) and Spiderfoot (automated OSINT footprinting).
  • Kali Undercover Mode: A critical feature for operations in public or sensitive environments, this allows the user to switch the user interface (UI) appearance to resemble Windows 10, providing a layer of physical operational security (OPSEC).
  • Knowledge Management: Built-in support for Maltego (link analysis) and Obsidian (investigative note-taking).
  • Educational Resources: The VM includes internal guides on Open Source Intelligence and online investigation methodologies such as creating “sock puppets” (alias accounts) and conducting structured investigations.

Outlook

The December 2025 release of the Trace Labs OSINT VM remains the gold standard for investigators seeking a balance between power and ease of use. It efficiently addresses the divide between basic hacking tools and the functional needs of a digital private investigator.

Even though the virtual machine has numerous capabilities and tools, we recommend users set it up behind a virtual private network (VPN) or through a gateway dedicated for the purpose of maintaining anonymity.

For those looking to deepen their expertise, we will discuss the importance of virtual machine and different operating systems (i.e. Trace Labs OSINT VM) in SpecialEurasia online course in Open Source Intelligence scheduled for 24 January 2026, where participants will learn to further customise these environments for bespoke online investigations, due diligence tasks, and report writing.

*Cover image: The picture that announced the new release of Trace Labs OSINT VM (Credits: Trace Labs LinkedIn Page)

Written by

  • Giuliano Bifolchi

    SpecialEurasia Co-Founder & Research Manager. He has vast experience in Intelligence analysis, geopolitics, security, conflict management, and ethnic minorities. He holds a PhD in Islamic history from the University of Rome Tor Vergata, a master’s degree in Peacebuilding Management and International Relations from Pontifical University San Bonaventura, and a master’s degree in History from the University of Rome Tor Vergata. As an Intelligence analyst and political risk advisor, he has organised working visits and official missions in the Middle East, North Africa, Latin America, and the post-Soviet space and has supported the decision-making process of private and public institutions writing reports and risk assessments. Previously, he founded and directed ASRIE Analytica. He has written several academic papers on geopolitics, conflicts, and jihadist propaganda. He is the author of the books Geopolitical del Caucaso russo. Gli interessi del Cremlino e degli attori stranieri nelle dinamiche locali nordcaucasiche (Sandro Teti Editore 2020) and Storia del Caucaso del Nord tra presenza russa, Islam e terrorismo (Anteo Edizioni 2022). He was also the co-author of the book Conflitto in Ucraina: rischio geopolitico, propaganda jihadista e minaccia per l’Europa (Enigma Edizioni). He speaks Italian, English, Russian, Spanish and Arabic.

    Read the author's reports
Key words: , , , ,

Get Your Custom Insights

Need in-depth geopolitical, security, and risk analysis of Eurasian countries and regions?
Our custom reports and consulting services provide tailored insights.
Contact us at info@specialeurasia.com for more information!

OSINT Course January 2026_SpecialEuarsia

24 January 2026 – Online Course in Open Source Intelligence (OSINT)

This course equips participants with a secure investigative environment, specialised operating systems, and practical case-driven methodologies.

Read more

SpecialEurasia Training Courses 1-to-1 Formula

Terrorism Analysis Course_SpecialEurasia
Terrorism Analysis Course
Geopolitical Intelligence Analysis Course_SpecialEurasia
Geopolitical Intelligence
Analysis Course
Intelligence Analysis Fundamentals Course_SpecialEurasia
Intelligence Analysis
Fundamentals Course
Webint & Open Source Intelligence Course_SpecialEurasia
Webint & Open Source
Intelligence Course