ZeroTrace OSINT
System
System-side tools — VPN detection, leak self-tests, and the local-machine context that shapes every other investigation.
The System discipline is small but important. Every other category in the toolkit assumes the network you are running on behaves a certain way. The system tools tell you whether that assumption is true.
What's in this section
| Tool | What it does |
|---|---|
| VPN detection | Detect installed and running VPN clients, active TUN/TAP/WireGuard interfaces, and run DNS / WebRTC leak self-tests |
Why one tool is a category of its own
The VPN-detection tool is the longest single tool in the toolkit because it has to handle every operating system's particular way of exposing network interfaces, every common VPN's particular way of installing itself, and every leak class that defeats VPN protection in practice.
It also serves as the toolkit's self-check — before running an investigation under a VPN, run this tool and confirm the VPN is actually doing what you expect.
Common workflow
- Install or start your VPN.
- Run the VPN detection tool.
- Confirm the active interface is what you expect.
- Run the DNS leak test.
- Run the WebRTC leak test (instructions for browser-based testing).
- Confirm your public IP shows the VPN exit, not your real IP.
- Proceed with the investigation under known-good network conditions.
What this section does not cover
- Configuring your VPN. The toolkit detects what you have running; it does not install or configure clients.
- OS-wide proxy configuration. Use ZeroTrace Proxy for that.
- Active leak prevention. The toolkit detects leaks; it does not patch them. Closing a leak is something you do in your VPN client, your OS network settings, or your browser.