OSINT

OSINT, which stands for Open Source Intelligence, refers to the practice of collecting and analyzing information from publicly available sources for intelligence purposes. It is widely used in various fields such as national security, law enforcement, business intelligence, and cybersecurity.

OSINT gathers data from publicly accessible sources including the internet, mass media, publications, government records, professional and academic publications, and other data.

OSINT is is used for gathering intelligence about potential targets to identify vulnerabilities, security loopholes or for defense purposes.

OSINT is typically used in the reconnaissance phase, the first step in pentesting, where the goal is to collect detailed information about the target without directly interacting with the target systems. For web app pentesting, OSINT helps in collecting information about the domain, including domain registration, DNS records, and associated services.

By using OSINT, pentesters can identify an organization's external network infrastructure, such as IP Address|IP addresses, subdomains, DNS servers, mail servers, and the technology stack of the web application.

OSINT tools can help discover exposed services, open Port|ports, or outdated software versions running on servers. Information like this can highlight potential vulnerabilities that can be exploited in later stages.

Information gathered through OSINT can be used to craft social engineering attacks or phishing campaigns, which are often part of a comprehensive pentesting strategy.