OSINT (Open Source Intelligence)
Attackers spend 70% of their time on reconnaissance before attacking. What do they know about you? Leaked credentials, documents in Google, employee profiles, vulnerable systems in Shodan. Find leaks before attackers exploit them.
What is OSINT (Open Source Intelligence)?
OSINT is a systematic reconnaissance service that analyzes your company's entire digital footprint — leaked credentials in 8B+ breach records, dark web mentions, exposed infrastructure in Shodan, GitHub code leaks, and employee data visible to attackers — before adversaries can exploit it. nFlo uses the same tools and techniques as real threat actors to deliver an actionable report with prioritized remediation steps and optional continuous monitoring, helping companies detect breaches they may not know occurred for months.
Your data leaked long ago - you just don't know it
Comprehensive exposure analysis in open sources
Digital Footprint
Mapping entire company digital footprint
Breach Monitoring
Detecting credential and data leaks
Risk Assessment
Real business risk evaluation
3 Million Customer Records in Dark Web - Company Didn’t Know
An electronics e-commerce discovered (thanks to a security researcher tip) that their 3 million customer database was being sold on dark web. The leak happened 8 months earlier through SQL injection. Company wasn’t monitoring dark web and didn’t know about the incident.
Cost: €2.5 million GDPR fine (no 72h notification) + €600K customer lawsuits + reputation loss. All leaked credentials were visible on public paste sites for months.
Without OSINT monitoring:
- Don’t know your data leaked (credentials, documents, databases)
- Attackers have 6-12 months to exploit leak before you find out
- No awareness of what’s visible about company externally (subdomains, IPs, technologies)
- Risk of targeted attacks based on OSINT (spear phishing, vishing)
We See What Attackers See - Before They Attack
We use the same sources and techniques as attackers. Google dorking, breach databases, dark web forums, Shodan, GitHub, Pastebin. We find leaks and vulnerabilities from external perspective.
What you get:
- Full company digital footprint (domains, subdomains, IPs, technologies)
- Leaked credentials search in all known breaches (8B+ records)
- Dark web monitoring (whether data is being sold/traded)
- Employee exposure analysis (email, phones, social media)
- Deep dive on key people (executives, admins, finance)
- Sensitive document search (Google dorking, Shodan)
- Externally visible vulnerability identification (Shodan, Censys)
- GitHub/GitLab analysis (whether code, credentials, API keys leaked)
- Brand monitoring (phishing domains, typosquatting)
- Report with threat assessment (what’s a real threat)
- Action plan (what to remove, change, monitor)
Who Is It For?
This service is for you if:
- You want to know if your data leaked and is on dark web
- You’re concerned about targeted attacks on key people (executives)
- You need threat intelligence before important event (IPO, M&A)
- You want to know how company looks through attacker’s eyes
OSINT Scope
1. Digital Footprint Mapping
Infrastructure:
- Domains and subdomains (DNS enumeration, certificate transparency)
- IP addresses and ASN (autonomous system numbers)
- Open ports and services (Shodan, Censys, Zoomeye)
- Cloud footprint (AWS, Azure, GCP buckets)
- Email servers (MX records, SPF, DMARC, DKIM)
Technologies:
- Technology stack (Wappalyzer, BuiltWith)
- CMS and frameworks (WordPress, Drupal, custom)
- Third-party integrations (analytics, CDN, payment)
- Job postings analysis (what tech you’re recruiting = what you use)
2. Leaked Credentials & Data Breaches
Breach Databases:
- HaveIBeenPwned (11B+ accounts)
- Dehashed, LeakCheck, Snusbase
- Historic breaches (LinkedIn, Adobe, Yahoo, etc.)
- Recent breaches (monitoring new dumps)
Credentials in format:
- Email:password pairs
- Email:hash pairs (we crack if possible)
- Password patterns (whether you use weak passwords)
- Reused passwords across services
Leaked data:
- Customer databases
- Employee PII
- Financial records
- Internal documents
3. Dark Web Monitoring
What we monitor:
- Ransomware leak sites (whether you’re listed)
- Hacker forums (whether someone’s selling access to your network)
- Marketplace (whether data/credentials are for sale)
- Telegram channels (threat actor discussions)
- Paste sites (Pastebin, Ghostbin, etc.)
Indicators:
- Company name mentions
- Leaked databases for sale
- Initial access brokers (VPN/RDP sale)
- Insider threats (disgruntled employees)
4. People Intelligence
Employee mapping:
- LinkedIn enumeration (structure, roles, technologies)
- Social media footprint (Facebook, Twitter, Instagram)
- Professional history (where worked, what skills)
- Public presentations/conferences (what they say about company)
Executive deep dive:
- Full personal OSINT (address, family, hobbies)
- Financial exposure (investments, property)
- Social media behavior patterns
- Potential blackmail/extortion vectors
Leaked PII:
- Phone numbers, personal emails
- Home addresses
- Family member information
5. Document & Code Leaks
Google Dorking:
- Indexed documents (PDF, DOCX, XLSX)
- Exposed configuration files
- Backup files (.bak, .old, ~)
- Error messages revealing info
- Admin panels, login pages
GitHub/GitLab:
- Public repositories (company or employees)
- Hardcoded credentials (API keys, passwords)
- Accidentally published internal tools
- Configuration files (database.yml, .env)
- Comments with sensitive info
Cloud storage:
- Open S3 buckets (AWS)
- Public Azure blobs
- Google Cloud Storage misconfigurations
- Dropbox/OneDrive public shares
6. Brand Monitoring
Phishing & Impersonation:
- Typosquatting domains (company-inc.com, cornpany.com)
- Recently registered similar domains
- Fake social media accounts
- Brand abuse in dark web
Reputation:
- Negative mentions
- Customer complaints (data breach mentions)
- Competitor intelligence
7. Technical Vulnerabilities (External)
From Shodan/Censys:
- Exposed services (RDP, VNC, SMB, databases)
- Outdated software versions (web servers, CMS)
- Default credentials (cameras, IoT, printers)
- Misconfigured services
From manual testing:
- Subdomain takeover possibilities
- Email spoofing potential (SPF/DMARC weaknesses)
- Certificate issues (expired, wildcard abuse)
Deliverables
OSINT Report
Executive Summary:
- Top 10 critical findings
- Overall risk score
- Business impact assessment
Technical Report:
- Full digital footprint (all findings)
- Leaked credentials list (to change)
- Dark web mentions (screenshots, links)
- Vulnerable systems (external exposure)
- Detailed findings per category
Action Plan:
- Immediate actions (change leaked passwords, remove docs)
- Short-term (1-3 months): remediation plan
- Long-term: continuous monitoring setup
Optional: Continuous Monitoring
We can set up continuous monitoring:
- Dark web mentions (weekly/monthly reports)
- New breach databases (alert when your data appears)
- Domain monitoring (new typosquatting domains)
- GitHub monitoring (new leaks)
Related Glossary Terms
Learn more about key concepts related to this service:
Contact your account manager
Discuss OSINT (Open Source Intelligence) with your dedicated account manager.
How we work
Our proven service delivery process.
Scope Definition
Define what we're looking for: domains, people, tech
Automated Collection
Data collection with OSINT tools
Manual Research
Deep dive by analysts
Threat Correlation
Real threat identification
Report with Action Plan
Prioritized remediation actions
Benefits for your business
What you gain by choosing this service.
Find Leaks Earlier
Detect leaked credentials before attack
Reduced Exposure
Remove sensitive information from internet
Executive Protection
Protect executives from targeted attacks
Threat Intelligence
Know what attackers know about you
Related Articles
Expand your knowledge with our resources.
Cyberattack Scenario on a Bank: How It Unfolds and How to Defend
A realistic multi-stage cyberattack scenario on a bank — from reconnaissance through initial access to data exfiltration. Learn attacker tactics and defense methods at every stage.
Read more →The use of AI by hackers: how is artificial intelligence changing the face of cyberattacks?
Tools such as ChatGPT have democratized access to advanced artificial intelligence. Unfortunately, hackers are also taking advantage of this. AI is becoming their personal assistant, helping to write malicious code, create perfectly personalized phishing campaigns and automate reconnaissance for vul
Read more →Cyberattack Scenario on a Foundation — A Step-by-Step Case Study
How does a typical cyberattack on a foundation unfold? A step-by-step analysis — from reconnaissance through breach to donor data exfiltration — and how to defend.
Read more →Frequently Asked Questions
Common questions about OSINT (Open Source Intelligence).
How much does OSINT analysis cost?
OSINT analysis for mid-sized company: from €3,500. Deep dive for large corporation: €7,000-14,000. Continuous monitoring: from €1,200/month. Price depends on scope (company, employees, executives, dark web).
Is OSINT legal?
Yes - we only collect publicly available information (Open Source Intelligence). We don't hack, crack passwords, or interfere with systems. This is the same data Google and attackers see.
How long does OSINT analysis take?
Typical analysis for mid-sized company is 5-7 business days. Automated collection 1-2 days, manual research 2-3 days, reporting 2 days. Deep dive for large corporation may take 2-3 weeks.
What if you find leaked passwords?
We deliver list of all found email:password pairs. We recommend immediate password change, MFA enablement, and log review to check if accounts were compromised.
How often should we do OSINT?
We recommend quarterly or continuous monitoring. New breaches are published daily - one-time analysis is a snapshot, not long-term protection. Dark web and new leak monitoring should be continuous.