OSINT Collection
Understand what attackers can find about your organisation from publicly available sources. Our OSINT collection identifies exposed data, leaked credentials, and your digital footprint — before threat actors use it against you.
Included in every pentest. OSINT collection is a standard part of our $30 Penetration Test. Don't need it? Opt out and save $5 ($25 pentest without OSINT).
What's Included
Why OSINT Matters
Most attacks start with reconnaissance. Before exploiting a vulnerability, attackers gather intelligence — mapping your subdomains, finding employee email addresses, searching for leaked passwords, and identifying your technology stack. OSINT collection shows you exactly what they'd find.
Common finding: Many organisations are unaware of employee credentials exposed in third-party data breaches. Our leaked credential checks identify compromised email/password combinations associated with your domain, so you can force resets before they're used for account takeover.
How It Fits
OSINT collection runs alongside web scanning and penetration testing in a unified pipeline:
OSINT & Reconnaissance
OSINT tools gather intelligence — subdomains, emails, leaked credentials, and public exposure — feeding directly into the scan pipeline.
Informed Scanning
Discovered subdomains become scan targets, leaked credentials are tested against login pages, and identified technologies guide vulnerability checks.
Unified Report
OSINT findings are correlated with vulnerability scan and pentest results into a single report with prioritised remediation steps.
Tools & Sources
Best For
- Businesses wanting to understand their public exposure before a breach happens
- Organisations concerned about employee credential leaks
- Teams preparing for compliance audits that require threat intelligence
- Anyone wanting a complete picture of their attack surface