The year 2026 might finally be the year of the Linux desktop – especially for those who are unable / unwilling to dump their old Windows 10 machines and buy new hardware that is compatible with Windows 11.
Having used Ubuntu on desktop for nearly 3 years, I recently decided to return to Linux Mint (used it previously between 2017 and 2019) and give it another go. To its credit, it has a deserved reputation of being a stable and uncomplicated OS, with a relatively easy installation process.
This post will focus on listing and evaluating some native Linux applications (all tested on Linux Mint) that I found useful for OSINT research and that I tested out hands on, using the opportunity of this fresh OS installation. Some of those applications are just plain useful for other day to day things.
NOTE: All installations on Mint were done via Flathub, but you can also pull a lot of these from Github or similar direct sources.
GUI Applications
Bitwarden & KeePass2 – two very solid password managers with great reputation for security and reliability. Bitwarden can be used as a browser extension, while KeePass can be used fully offline for maximum privacy and control of the infomation (KeePassXC). Ideally, you should be using one as your main password manager, while the other will contain login credentials for all your OSINT accounts.
Wireshark – used to capture and inspect data packets traveling across a network. Its use case for OSINT is narrow enough, because Wireshark must have direct access to the network it will monitor. At the same time, it allows you to collect information captured from outbound connections that you can then probe further using WHOIS databases, VirusTotal, Shodan, or passive DNS records.
Tor Browser – essential for anybody involved in conducting darkweb investigations. Word of caution – don’t install add-ons or plugins into your Tor Browser, as doing so might affect your privacy!
FreeTube – a privacy oriented YouTube client that allows you to utilise the best features of YouTube while suppressing the worst ones – this means forced logins, tracking, advertising, etc. FreeTube will load the YouTube’s elements separately: videos, comments, likes and others can now be interacted with while not even logged in to YouTube (you don’t need a Google account anymore to log in). YouTube doesn’t like the above, this is why sometimes you might encounter IP blocking when playing multiple videos in sequence – so switch your IPs using a VPN to overcome this.
ytDownloader – does exactly what it says on the tin – this tool downloads YouTube videos. Not only videos by the way, you can download soundtrack from YT videos and save them as MP4 or MP3. The GUI app will take input directly from your clipboard.
Frog – a handy tool for extracting text from documents, images, videos, QR codes, websites and other sources. Decoding QR codes is particularly useful if you are investigating suspected malicious links and don’t want to use your smart phone.
Upscayl – this is an open-source AI-powered image upscaling tool that is meant to both enlarge & enhance images – while preserving (or improving) the details. At least in theory. It can have practical applications in online visual investigations, but the key issue that arises is the question of how much of the upscaled details are generated (made up) by AI to “fill the gaps”. I have tested it on three types of images – landscapes, animals and close up blurry photos of human faces. My results were mixed – basically, don’t expect this to be an AI wonder tool with groundbreaking capabilities. However, it does work sometimes on images that have decent lighting and aren’t overloaded with details. It can sharpen some of the contours and highlight certain elements with extra exposure; see example below:
GIMP – GNU Image Manipulation Program, another one for helping visual investigations. I used it in the past successfully for cleaning up screenshots and images, removing blur, highlighting details, etc. Important thing to remember – this is not a specific investigations or image forensics tool, its utility lies in the versatility it offers as a general purpose graphics tool.
Lenspect – one of my new favourites from this entire list. Lenspect is a native GUI VirusTotal client, and the first of its kind for Linux (but frankly speaking, I have never seen anything like it on any other OS). This tool’s release is timely and follows in the footsteps of a VirusTotal blog post from the 8th of October, announcing free API access for individual researchers, academics, educators – basically, the wider VirusTotal community of unpaid users.
All you need to do is get your free API key from your VirusTotal account (anonymous registration from non-corporate email accounts is allowed!), plug it into Lenspect and you can now freely scan URLs and upload files for analysis from the GUI client, without ever having to go to the VirusTotal website. Bear in mind, the free API has certain limitations: you are allowed 4 lookups / min and your daily quota is 500 lookups / day. That is still plenty for an individual OSINT researcher.
Zenmap – this is the user friendly GUI for the classic command line tool nmap, useful for port scanning, host discovery, network mapping, OS fingerprinting and more. One thing that might be problematic when running Zenmap via GUI is the fact that some features will require sudo permissions.
Notesnook – a cross-platform note taking app that offers end-to-end encryption – this one is a great choice for taking investigative notes, collecting links, etc. Offers handy features like the ability to link notes (or even just paragraphs) to other notes, making it suitable for more complex tasks, project management and so on.