This article is designed to help you understand the risks associated with OSINT and how to mitigate them.
In the ever-evolving landscape of cybersecurity, one aspect often overlooked by organizations is the power and risk of Open-Source Intelligence (OSINT). This article discusses OSINT for Penetration Testers. As a Senior Penetration Tester, I’ve witnessed firsthand how OSINT can be the linchpin in the security posture of an organization. OSINT, by definition, involves gathering information from publicly available sources to support intelligence needs. While it’s a boon for researchers and cybersecurity professionals, it’s also a treasure trove for malicious actors.
Recent network and data breach reports, such as those by IBM and Verizon, have highlighted a startling trend: many breaches are not the result of sophisticated exploits but are instead due to malicious actors leveraging OSINT to uncover confidential and sensitive information that is publicly available online. For instance, the 2021 IBM Cost of a Data Breach Report highlighted that human error and misconfigurations, often exploited through OSINT techniques, were significant contributors to data breaches, emphasizing the need for organizations to address these non-technical vulnerabilities.
To put this into perspective for both executives and technical IT employees, let’s delve into key OSINT tools utilized by Redbot Security: Shodan, Censys, Security Trails, DNSdumpster, DeHashed, and ImportYeti, exploring what they find, the risks they pose, and how organizations can mitigate these vulnerabilities.
Shodan and Censys are like Google for internet-connected devices and services. They can find everything from unsecured cameras to databases exposed to the internet. For a malicious actor, these tools can uncover the digital equivalent of an unlocked door.
Impact: An exposed database found via Shodan was implicated in the Exactis data breach, leading to the exposure of nearly 340 million records. This breach wasn’t due to a sophisticated hack but rather the availability of sensitive information through misconfigurations.
Mitigation: Organizations must regularly audit their internet-facing assets using these same tools to identify and secure exposed services before malicious actors exploit them.
Security Trails and DNSdumpster allow users to explore historical and current DNS records, effectively mapping an organization’s internet-facing infrastructure. This information can reveal subdomains, associated IP addresses, and even past security misconfigurations.
Impact: By analyzing DNS data, attackers can identify potential entry points into a network, such as development servers or unpatched systems, that are not intended to be public. The Capital One breach in 2019 is a prime example, where a vulnerable web application firewall was exploited to access over 100 million customer records.
Mitigation: Organizations should regularly monitor their DNS records and digital footprint to ensure only necessary information is exposed and promptly remove or secure any outdated or unnecessary records.
DeHashed is a search engine for leaked credentials, allowing users to find personal information, passwords, and emails associated with a particular domain. This can facilitate targeted phishing attacks or direct unauthorized access attempts.
Impact: The LinkedIn breach, where millions of user credentials were compromised, showed how attackers could use leaked information for further attacks, including password reuse attacks across different services.
Mitigation: Companies must enforce strict password policies, encourage the use of multi-factor authentication, and educate employees about the dangers of password reuse across professional and personal accounts.
ImportYeti leverages shipping data to reveal an organization’s suppliers and vendors. While it’s designed for market research, it can also highlight dependencies in a company’s supply chain that could be exploited to gain access to their network.
Impact: The SolarWinds breach is a stark reminder of how supply chain vulnerabilities can be exploited to execute widespread espionage campaigns, affecting thousands of organizations.
Mitigation: Organizations need to conduct thorough security assessments of their vendors and incorporate supply chain risk into their overall security strategy. Ensuring vendors adhere to strict security standards can mitigate these risks.
The examples above illustrate that the key to understanding and mitigating the risks associated with OSINT is not solely in the hands of technical exploits but also in the awareness and proactive management of information publicly available online. By utilizing the same OSINT tools that malicious actors might use, organizations can stay one step ahead, identifying and securing vulnerabilities before they can be exploited. It’s a call to action for both executives and IT professionals to foster a culture of security that encompasses not just technical defenses but also information management and operational practices. As the digital landscape continues to evolve, so must our strategies for protecting it.
Jordan is a highly skilled consultant with over ten years of experience in the IT industry, with a focus on manual penetration testing, red teaming, vulnerability assessments, and forensic analysis. His current consulting role has allowed him to become proficient in
identifying and exploiting vulnerabilities in a wide range of complex systems, networks, and embedded devices.
Jordan enjoys connecting with clients in various industries to provide effective remediation strategies that include actionable recommendations to senior leadership. He strives to be an excellent communicator and critical thinker with a passion for continuous learning and innovation.
Contact Redbot Security
Redbot Security is a boutique penetration testing house that helps business identify and eliminate security threats. The Redbot team is a passionate group of cybersecurity experts, some with over 25 years of experience. The senior security engineers employed by Redbot Security are active community members, public speakers, and advocates of developing best-practice security controls.
Book a discovery call or request a rapid quote for services, tailored to your priorities and budget.
From manual testing of IT Networks and Web / Mobile Applications to advanced Red Team operations, Cloud Security, and OT-network assessments, Redbot Security delivers laser-focused, senior-level expertise, without breaking the bank.
Don’t let hidden vulnerabilities derail your launch. Redbot Security breaks down every SDLC phase and shows how a final penetration-testing gate catches business-logic flaws, slashes breach costs, and meets PCI DSS v4.0 and SOC 2 requirements before go-live.
The 2025 Verizon DBIR confirms what security teams feel every day: almost 7 in 10 breaches start with a CVE that already had a fix. We map the numbers, run the ROI math, and show why a senior-level pen-test is the fastest way to slash that risk.
From pricing models to methodology, this definitive 2025 guide explains everything decision-makers need to know about penetration testing services. Learn how to scope tests, meet PCI DSS 11.3, calculate ROI, and choose a provider that uncovers real-world attack paths, backed by Redbot Security’s senior-level expertise.
Unpatched laptops and weak admin rights invite breaches. This guide walks IT teams through disk encryption, rapid patching, credential guard, and other essentials to harden every Windows endpoint.
The following article is a discussion about helping you to best utilize your military skills to successfully transition into the commercial space.
The following article is a discussion that explores JavaScript Web Tokens
A single rogue AP can sink your network. This guide shows how senior engineers at Redbot Security discover weak encryption, bypass captive portals, and harden every layer of your wireless estate.
Your digital footprint is bigger than you think. Attack Surface Management (ASM) shines a light on forgotten subdomains, stale cloud buckets, and other hidden entry points. Learn Redbot Security’s six-step approach to map, prioritize, and continuously reduce exposure before attackers strike.
A phishing text to your spouse or a hacked child’s tablet can open a path into the corporate network. This guide explains why family-related security incidents matter, the red flags employees must report, and the policies your organization should put in place to stay safe.
Redbot Social