Open Source Intelligence (OSINT)

Discover what an attacker can see without touching your infrastructure

What we analyze

OSINT (Open Source Intelligence) involves gathering publicly available information that an attacker would use in the reconnaissance phase. This information can reveal secrets, internal users, software used and entry points, all without performing any intrusive action against your infrastructure.

Tools used

Wayback Machine

We recover historical URLs from Archive.org: deleted files, old vulnerable versions and forgotten pages.

Shodan InternetDB

We query open ports, known CVEs and your IP reputation without performing direct scans.

VirusTotal

We verify your domain reputation across 70+ antivirus engines and malware databases.

LinkFinder

We analyze public JavaScript files searching for hidden endpoints, hardcoded API keys and internal API routes.

ExifTool

We extract metadata from public documents (PDF, DOCX, images) revealing users, emails and software versions.

WAF Detector

We identify which web application firewall protects your site (Cloudflare, AWS WAF, Imperva, Akamai).

Why is it important?

Before launching an attack, adversaries perform passive reconnaissance. They search historical archives, analyze your public JavaScript code, and extract information from documents you've shared. This phase leaves no traces in your logs because they don't directly interact with your infrastructure. Knowing this information allows you to mitigate risks before they are exploited.

Information that may be exposed

  • API keys and access tokens hardcoded in JavaScript files
  • Internal usernames and emails in document metadata
  • Old versions of your website with known vulnerabilities
  • Internal API endpoints accidentally exposed
  • Software and versions used internally
  • Change history and deleted but indexed files

What does the report include?

You will receive a complete analysis of all public information found:

OSINT report contents

Category Reported Information
Wayback Machine Historical URLs, deleted pages, vulnerable previous versions
Sensitive files Backups (.sql, .zip), configs (.env, .config), exposed logs
JavaScript Analysis API endpoints, hardcoded tokens/keys, internal routes
Metadata Users, emails, software and versions in public documents
Reputation VirusTotal status (70+ engines) and Shodan records
WAF Detection WAF type, provider (Cloudflare, AWS, Akamai), configuration

Risk classification

Each finding includes severity level and immediate action recommendation.

Documented evidence

Screenshots, exact URLs and timestamps for each piece of information found.