Open-Source Intelligence (OSINT)

Your organisation's and your people's exposure online — from data leaks and credential breaches to investment due diligence and counter-disinformation.

What we investigate

We map the organisation's digital presence across open sources.

Infrastructure exposure

Detection of publicly accessible services, open ports, misconfigured servers and IoT devices. Analysis via Shodan, Censys, Fofa — mapping the external attack surface. We also use this in pre-investment due diligence — reviewing the target's asset surface.

INFRASTRUCTURE

Employee exposure

Personal data, email addresses, phone numbers, social media profiles, credential leaks (Have I Been Pwned, breach databases). Potential social engineering attack vectors. We work with civil-protection NGOs on counter-disinformation efforts and with boards of regulated companies on reducing executive exposure.

PEOPLE

Data leaks and dark web

Monitoring of corporate data leaks on forums, pastebins and dark web platforms. Stolen credentials, internal documents, source code in public repositories.

LEAKS

Domain and subdomain analysis

Subdomain enumeration, TLS certificate analysis (Certificate Transparency), DNS entries, MX and SPF/DKIM/DMARC records. Detection of forgotten infrastructure and subdomains vulnerable to takeover.

DNS / DOMAINS

Repositories and source code

Scanning GitHub, GitLab and Bitbucket for accidentally published API keys, credentials, configuration files and sensitive corporate data in public repositories. A standard element of pre-investment due diligence for fintech and SaaS.

CODE LEAKS

Brand reputation and phishing

Detection of fraudulent domains (typosquatting, homoglyph attacks), brand impersonation, malicious TLS certificates and phishing campaigns targeting your organisation.

BRAND PROTECTION

Tools and methodology

We use industry-standard tools and our own passive reconnaissance techniques.

No contact with the target

All reconnaissance is conducted passively — we generate no traffic to the client's infrastructure. Minimal detection risk, fully lawful.

Connecting the dots

Maltego for visualising relationships between entities, domains, IPs and individuals. Identification of non-obvious connections and attack vectors.

Exposure map

Report with a prioritised list of findings: critical data leaks, infrastructure exposure, reputational threats and remediation recommendations.

ShodanSpiderFootMaltegoCensysHave I Been Pwned APICertificate TransparencySubfinderAmasstheHarvesterRecon-ngSherlockGitLeaksBuscador

Discover your digital footprint

Free consultation — we'll show you an example analysis scope for your domain.

Schedule a consultation