Welcome back, this will be the last post in the build process for the Xubuntu OSINT system. After I finish this post, I’m going back to Michael Bazzell’s video training courses, which is why I built the VM to begin with.

Having run back through all the parts in Part 5, I got back to the part about EyeWitness. Instead of re-writing the shell script, I decided to try the docker file instead. One batch of

later, I found that the directory cloned didn’t have the Dockerfile. Looking into that, I found that the proper path is now https://github.com/FortyNorthSecurity/EyeWitness.git. I’m not sure why it didn’t pull the Dockerfile this time. I remember that file being there last time. As for the link change, It appears that Chris Truncer has a redirect set up in the old repo. In fact other than a Ruby version, Eyewitness wasn’t in is repo list.

After following the build directions on the GitHub repository, actually had to run it twice; I had a working docker image for EyeWitness. Testing per the repo’s instructions worked too.

The rest of the install went without problems. I was able to swap out snap install for all commands but one. For some reason, OWASP is only making a snap for Amass, and not providing a Debian package.

There are a few other python scripts downloaded from GitHub. Bazzell doesn’t go through the setup.py step, but I don’t see why a reader couldn’t if they wanted to. It would break some of the easy to use scripts that Bazzell and his team came up with, but using Xubuntu breaks those anyway.

If you have any problems, copy and paste is our friend. The real trick to this series is to keep the different parts open, and swap the Xubuntu needs where the Ubuntu parts would fail when going through chapter 5 in the book. I’ve used this trick a few times.

Don’t forget, if you’re following my path, you’ll have to make changes to the scripts for the book, like changing Nautilus for Thunar.

There are two more chapters in the book for building an investigation environment. One is about setting up an Android emulator. The other is ties into his website. I don’t need an emulator right now, and it’s isn’t part of the Investigative VM; it’s a whole separate VM install. For the book and website stuff, you’ll have to buy the book to find out about that.

The whole reason for this exercise was to get me to a point where I could study his online course, which isn’t being offered anymore. The course designed around Buscador, but in July 2019 all that changed. Now Bazzell’s focus is on being self-sufficient, and to be honest; I think that is a better way to go. As I said at the beginning of this series, I would usually build my own environment anyway.