Introduction to OSINT: open source intelligence
Much of the information used in an audit or investigation is public. OSINT is knowing how to find it.
OSINT (Open Source Intelligence) is the collection and analysis of publicly available information: websites, registries, social media, metadata, DNS, leaks…
What it's for
- Offensive security (authorized): mapping an organization's attack surface before a pentest.
- Defensive security: discovering what's visible about you from the outside and reducing your exposure.
- Investigation: verifying identities, domains, or leaks.
Some common sources
- DNS and WHOIS: what domains and subdomains exist, where they point.
- Headers and certificates: what technology runs and since when.
- Metadata: public documents that reveal users, paths, or software.
- Leaks: emails or credentials exposed in known breaches.
What matters: ethics
OSINT uses public information, but that doesn't make it "anything goes". Always do it with authorization and within the law. The line between investigating and harassing is purpose and consent.
#osint#cybersecurity#investigation