Open Source Intelligence (OSINT) & Passive Recon

Open Source Intelligence (OSINT) & Passive Recon

Learn open source intelligence (OSINT) and passive reconnaissance, the stage of security work where you map a target without directly touching its systems. Before defenders investigate an exposed surface or testers scan a network, they need a clean picture of domains, DNS records, public infrastructure, and externally visible identities. This course teaches you how to gather that information with Whois, DNS utilities, and passive collection tools.

Why It Matters

Passive recon is often the safest and most efficient way to understand an organization's external footprint. It helps defenders see what they are exposing to the internet, and it helps testers build a more complete assessment plan before active probing begins.

This course emphasizes information quality over noise. You will learn how to gather domain ownership data, inspect DNS records, harvest public artifacts, and turn scattered clues into a usable view of a target's external attack surface.

What You Will Learn

• Perform Whois and domain enumeration to identify ownership and registrar details.
• Query DNS records to map infrastructure, mail routing, and exposed subdomains.
• Use passive collection tools to gather emails, hostnames, and public-facing services.
• Build an external footprint without sending intrusive traffic to the target.
• Organize passive findings into a reconnaissance workflow that supports later assessment work.

Course Roadmap

• Domain and Whois Enumeration: Gather core ownership, contact, and nameserver information for a target domain.
• DNS Intelligence Gathering: Use dig and host to inspect records and expand your view of exposed infrastructure.
• Harvesting Public Information: Use tools such as theHarvester to collect publicly available emails, hosts, and other target clues.
• Passive Reconnaissance Mission: Apply passive discovery techniques in a challenge where you map a target's external footprint without triggering direct interaction.

Who This Course Is For

• Learners starting the reconnaissance and vulnerability assessment phase.
• Penetration testers who want stronger passive discovery habits.
• Defenders who need to understand their publicly exposed attack surface.

Outcomes

By the end of this course, you will be able to perform disciplined passive reconnaissance, identify key external assets, and prepare a clearer target profile for later scanning, testing, or defensive review.