Describe the bug
When a new VM is created from OVA a Kali package overwrites the bookmarks.

To Reproduce
Steps to reproduce the behavior:

1. Download OVA from Tracelabs
2. Update OVA
3. Bookmarks are removed

Expected behavior
Bookmarks shouldn't be removed

Is your feature request related to a problem? Please describe.

Describe the tool you'd like
WMN_screenshooter looks like it can help automate getting user profiles from whatmyname.

A link to the tool
https://github.com/swedishmike/WMN_screenshooter

Additional context
Add any other context or screenshots about the feature request here.

Facilitate packaging for sn0int https://github.com/kpcyrd/sn0int and modify build script when completed.

@kpcyrd FYI

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the tool you'd like
A clear and concise description of the tool you want added.

A link to the tool
A link to the tool code\repository.

Additional context
Add any other context or screenshots about the feature request here.

Please add FinalRecon to the arsenal

GitHub : https://github.com/thewhiteh4t/FinalRecon

Updater script appears to hang even though working correctly

As per Kali 2020.3 ensure we also have icons for each application.

Describe the bug
Build script is failing due to Chromium removal

To Reproduce
Steps to reproduce the behavior:

1. Run script

Expected behavior
A clear and concise description of what you expected to happen.

Iso should build

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

Describe the bug
Running 2021.2 OVA when attempting to execute /usr/bin/sherlock helper script results in file not found error

┌──(osint㉿osint)-[~]
└─$ sherlock -h                                                          
python3: can't open file '/usr/share/sherlock/sherlock.py': [Errno 2] No such file or directory

Reviewing /usr/bin/sherlock

!/bin/sh

exec python3 /usr/share/sherlock/sherlock.py "$@"

find that the sherlock.py file is in another directory.

$ sudo find / -name sherlock.py 2>/dev/null
/usr/share/sherlock/sherlock/sherlock.py
/usr/lib/python3/dist-packages/sherlock/sherlock.py

To Reproduce
Steps to reproduce the behavior:

1. open terminal and run sherlock -h
   -or-
2. launch from menu

Browser change to Chromium due to issues with the searchparty website and chromium is now providing better compatibility across the board.

Todo:

• Add the Chromium browser ;
• Add security policies ;
• Import default bookmarks (see https://github.com/5nacks/OSINTBookmarks) ;
• Setup hardening configuration.

Whenever I try to run shodan on the terminal, I get this:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 584, in _build_master
ws.require(requires)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 901, in require
needed = self.resolve(parse_requirements(requirements))
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 792, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.VersionConflict: (shodan 1.23.1 (/usr/lib/python3/dist-packages), Requirement.parse('shodan==1.23.0'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/bin/shodan", line 6, in
from pkg_resources import load_entry_point
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 3259, in
def _initialize_master_working_set():
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 3242, in _call_aside
f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 3271, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 586, in _build_master
return cls._build_from_requirements(requires)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 599, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 787, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'shodan==1.23.0' distribution was not found and is required by the application

How do I fix this?

Joplin, Mousepad, Screen Snipping, maybe others?

Add recon-ng to the ISO

Describe the bug
Bookmarks menu is not showing as expected

To Reproduce
Steps to reproduce the behavior:
Open Chromium, browser bookmarks show at top of screen incorrectly

Expected behavior
Bookmarks should be one menu rather than split up

Screenshots
If applicable, add screenshots to help explain your problem.

Once issue is succesfuly built, move it to releases

Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
A moderate security vulnerability has been identified in the GitHub Actions runner that can allow environment variable and path injection in workflows that log untrusted data to stdout. This can result in environment variables being introduced or modified without the intention of the workflow author. To address this issue we have introduced a new set of files to manage environment and path updates in workflows.
Starting today runner version 2.273.5 will begin to warn you if you use the add-path or set-env commands. We are monitoring telemetry for the usage of these commands and plan to fully disable them in the future.

Bug Description
Incorrect credentials contained in desktop PDF, needs updated to the current credentials used.

Trace-Labs-OSINT-Search-Party-CTF-Contestant-Guide_v1.pdf file on the desktop contains old credentials for the Trace Labs OSINT VM. It instructs users to downlad the VM and log in with the username of kali, password kali. This should be updated to reflect the credentials used in the current version of Trace Labs OSINT VM 2021.2, which are username osint, password osint.

To Reproduce
Steps to reproduce the behavior:

1. Open 'Trace-Labs-OSINT-Search-Party-CTF-Contestant-Guide_v1.pdf' on the desktop
2. Scroll down to 'Page 4'
3. See error:
   To log in use these default credentials:
   Username: Kali
   Password: Kali

Updater is failing on DNS Dumpster (bad URL)

Updater is failing to compile sn0int due to failed checksum of rayon v1.4.0

Ensure bookmarks are fresh and useful

Once Dockerfile is added (to create the iso) need to add\upload it to a public repo - e.g Docker Hub or Azure Docker registry

Hi
Could you add this tools?
https://github.com/kennbroorg/iKy https://github.com/CiKu370/OSIF https://github.com/Cignoraptor-ita/cignotrack…… https://github.com/sc1341/InstagramOSINT…… https://github.com/SilverPoision/Rock-ON…… https://github.com/ultrasecurity/webkiller…… https://github.com/i3visio/osrframework…… https://github.com/VainlyStrain/Vaile…… https://github.com/saeeddhqan/Maryam…… https://github.com/0xInfection/TIDoS-Framework…… https://github.com/haroonawanofficial/ReconCobra…… https://github.com/leebaird/discover
https://doc.tafferugli.io/
Is it possible that tools could be proposed in a form like here https://www.youtube.com/watch?v=gt_g05y2uB0 ? (edited)

Our menu is hard coded currently and we should look at either using the inbuilt kali menu or packaging up the menu changes to prevent breakage.

Describe the tool you'd like
Toutatis is a tool that can retrieve information such as phone number and email address (both public and obfuscated) from an instagram account

A link to the tool
https://github.com/megadose/toutatis

Additional context
This may be personal preference as i have not used many instagram tools, but i like the ability to see obfuscated email addresses and phone numbers. It is useful for cross referencing and potentially validating if the account belongs to the correct person.

Is your feature request related to a problem? Please describe.
We don't have many darkweb tools

Describe the tool you'd like
automate searching the dark web

A link to the tool
https://github.com/megadose/OnionSearch

Additional context
Add any other context or screenshots about the feature request here.

Todo:

• update osint-packages.chroot, add OnionSearch
• add OnionSearch launch helper script
• add OnionSearch desktop file
• update update.sh script for OnionSearch
• update README.md

Describe the bug
When running update script on desktop a number of update steps are failing related to pulling git repos. Found this is because the ORIG_HEAD file in the repo is zero bytes.

sudo git pull https://github.com/kpcyrd/sn0int.git --rebase
From https://github.com/kpcyrd/sn0int
 * branch            HEAD       -> FETCH_HEAD
fatal: update_ref failed for ref 'ORIG_HEAD': cannot lock ref 'ORIG_HEAD': unable to resolve reference 'ORIG_HEAD': reference broken

Identified additional repos with the ORIG_HEAD reference errors.

$ sudo find / -name ORIG_HEAD -size -1b
find: ‘/run/user/1000/gvfs’: Permission denied
/usr/share/LittleBrother/.git/ORIG_HEAD
/usr/share/sn0int/.git/ORIG_HEAD
/usr/share/WhatsMyName/.git/ORIG_HEAD
/usr/share/DumpsterDiver/.git/ORIG_HEAD
/usr/share/WikiLeaker/.git/ORIG_HEAD
/usr/share/OnionSearch/.git/ORIG_HEAD
/usr/share/Infoga/.git/ORIG_HEAD
/usr/share/Spiderpig/.git/ORIG_HEAD

To Reproduce
Steps to reproduce the behavior:
Double-click Update icon on desktop

Expected behavior
Update script to perform git pull --rebase on repos

Spidefoot is a powerful tool
https://github.com/smicallef/spiderfoot

Is your feature request related to a problem? Please describe.
I'd like to request a Github/Slack bot.

Describe the solution you'd like
Maybe use the integration described here: https://github.com/integrations/slack

Additional context
xFreedom suggested the use of a Github/Slack bot and 5nacks responded that it will be awesome. 😄

Hey, I found this great tool for scraping information from TikTok which is very popular these days, but it's very hard to extract data by normal means so I think it should be added to the VM

github.com/drawrowfly/tiktok-scraper

Todo:

• update kali.list.chroot, add nodejs and npm packages in pre-reqs
• update osint-packages.chroot add tiktok-scraper
• add tiktok-scraper launcher helper script in `/usr/bin/ folder
• add .desktop file for tiktop-scraper tool
• update the update.sh script: update npm to latest version as well as all npm package globally
• update README.md file

Cherry Tree or some other way to organize notes.

Is your feature request related to a problem? Please describe.
Linkedin Enumeration

Describe the tool you'd like
Inspy

https://github.com/leapsecurity/InSpy

can you add?

https://github.com/megadose?tab=repositories

Will there be such tools like DaProfiler GHunt iKy Osintgram Profil3r?

Firefox ESR Policies

The current policies for Firefox ESR are good, but we could consider shielding them a little more.

Here are the suggestions:

hi, can you add such modules to recon-ng https://github.com/Dec0ne/Recon-ng-Modules

Originally posted by @shanow7 in #4 (comment)

you can close I found answer :)

Is your feature request related to a problem? Please describe.
Make VPN access easier for non Linux users and potentially notification when VPN is active.

Describe the solution you'd like
A method to add VPN access to distro

Describe alternatives you've considered
Use the default method which is network manager

Additional context
enhance VPN support

Update the Desktop Icons to fix any broken links

Simple issue:
Check if the directories
/opt/live-build-config and /opt/tlosint-live exist. If not create the directories.
Also, confirm overwrite if the path exists and has files/content in them

The android image for anbox is currently being manually placed into the correct location for the build. the android.img file is too large to be hosted in this repository.

Android image will have GApps and ARM support preloaded.

Facilitate packaging of PhoneInfoGA https://github.com/sundowndev/PhoneInfoga and update build script.

Is your feature request related to a problem? Please describe.
We have no way to update the distribution after release except for Kali updates

Describe the solution you'd like
Have the updater script have this capability

Describe alternatives you've considered
We could also package up the updates in apt

Additional context
See whether the updates can come from github

Hi!

This had me stumped for a while, as I built my own ISO using the shell script then realised my network connection was being oddly flaky. It turns out this line:

grep -qxF "http_proxy=http://localhost:3128/" /etc/environment || echo "http_proxy=http://localhost:3128/" >> /etc/environment

Added the proxy to my /etc/environment - but it wasn't removed once the ISO had been built (and squid was no longer running). Should the environment file be restored (or backed up)?

Cheers,
Mike

Need to automade the ISO build to test each push to master

Currently there is a space limit on the free tier 14GB /dev/sdb and 20GB /dev/sda ubuntu OS github runners. (This is causing builds to fail)
A few options and avenues to research to address the issue

1. Make smaller builds.
2. Use a self-hosted runner.
3. Slimming out the current runner, but I don't know how much we'll get out of that.

Under cover mode (Windows skin) fails with a d-bus error

Kali is missing a number of OSINT packages which are used in this distro

We are tracking this feature:
https://bugs.kali.org/view.php?id=5777#c12930