Open Source Intelligence (OSINT) refers to the gathering and analysis of information that is freely and legally accessible from public sources. In a security context, it describes the process of building a detailed picture of a target organisation, individual, or system using only what is already publicly visible, without interacting with the target’s infrastructure in any intrusive way.
The range of sources available to an OSINT investigator is broad. Domain registration records, DNS history, and SSL certificate transparency logs can reveal the full scope of an organisation’s internet-facing infrastructure, which can include assets that internal teams may have forgotten about. Internet-wide scanning databases such as Shodan and Censys index exposed services and their banners by regularly scanning the internet and making it straightforward to identify what software and versions an organisation is running. LinkedIn and company websites expose employee names, roles, and reporting structures as part of its intended use-case. Job postings can frequently reveal internal technology stacks, whilst data breach repositories and “paste” sites may contain email addresses, password hashes, or credentials associated with the organisation’s domains.
Altogether this information can provide an attacker with which systems to target, employees that are worth phishing, the email format the organisation uses, and which credentials to try with credential stuffing .
OSINT is equally valuable as a defensive tool when an organisation understands what an attacker can learn about it through open sources. They can be better positioned to address those exposures proactively, whether by removing publicly indexed sensitive content, rotating leaked credentials, or hardening services that are unnecessarily exposed.
An OSINT and reconnaissance assessment replicates this attacker-side process against your own organisation, surfacing what is visible before it is found and used against you. The findings frequently include leaked credentials, exposed infrastructure, and personal data that organisations had no idea were publicly accessible.