OSINT Tips for Penetration Testing

(Photo by Markus Winkler on Unsplash)

In this article, we will discuss some of my favorite OSINT techniques that can help during your penetration testing activities.

What is OSINT?

OSINT stands for “Open Source Intelligence”, and as the name suggests, it is a collection of techniques used to find security flaws in publicly-available information about an organization.

This can help us while doing a penetration test. How? We will find below, describing some of the OSINT methods that I am personally using during a pentest.

Finding “juicy” Things in Public Code Repositories

There is a possibility to find interesting information within our target organization’s public repositories. Let’s see some scenarios.

• Private Source Code: Let’s say we have a web application in-scope for our assessment, we can easily search pieces of front-end code of that application through GitHub, with the hope that we (maybe) discover the repository containing the its source code
• Credentials/Tokens: Andrew is a developer working for the target company. Andrew commit files containing configuration details, connection strings, credentials, private tokens to the project he is assigned on. It is a common situation (you would be surprised actually). You can scan…