IronSights

Network & infrastructure

Open Source IntelligenceOSINT

The practice of collecting and analysing publicly available information — from websites, social media, job postings, public records, and technical data — to build intelligence about a target.

Also known asOSINTopen-source intelligencepassive reconnaissance

In plain English

OSINT is reconnaissance using only public sources. Attackers use it before launching an attack to map an organisation's technology stack, identify key personnel, find exposed credentials in data breach dumps, and discover forgotten subdomains or internet-facing systems. Penetration testers use the same techniques to show organisations their exposure before an attacker does.

Full definition

OSINT is using only public sources: company websites, LinkedIn profiles, job advertisements, domain registrar records, certificate transparency logs, GitHub repositories, and data breach dumps indexed on sites like Have I Been Pwned. Before an attacker writes a single line of exploit code, they spend time on this. A job ad seeking a "Cisco ASA administrator" tells them what firewall you run. A LinkedIn profile tells them who your IT manager is. A breach dump tells them what passwords your staff have reused.

Penetration testers run the same playbook before an engagement. The OSINT phase of a might surface a forgotten subdomain pointing to a test server running outdated software, or credentials from a 2019 data breach that still work on your VPN. Finding these before an attacker does is the point. It also changes the conversation with leadership: abstract risk becomes specific exposure with a name and a URL attached to it.

For Australian businesses, the practical implication is that your attack surface includes things you do not think of as assets. A former employee whose work email address appears in a breach dump is a credential risk. A developer who committed an API key to a public GitHub repository in 2021 may have already been exploited. Domain registrar records expose technical contacts. OSINT does not require hacking anything; it requires patience and knowing where to look. Controlling what your organisation exposes publicly and monitoring for leaked credentials are the two most direct defences.

Keep learning

More terms in the IronSights Glossary.