Open Source Intelligence
One of the key terms often associated with information gathering is Open Source Intelligence (OSINT). Military and intelligence organizations divide their intelligence sources into a variety of types. True espionage, involving interaction between spies, is often referred to as Human Intelligence (HUMINT). The capturing of radio signals with the intent of cracking the encryption is called Signals Intelligence (SIGINT). While the penetration tester is not likely to interface with either of these, the information gathering stage is OSINT. OSINT is information derived from sources that have no security controls preventing their disclosure. They are often public records or information that target organizations share as part of their daily operations.
For this information to be of use to the penetration tester, they need specific knowledge and tools to find this information. The information gathering stage relies heavily on this information. In addition, simply showing an organization what OSINT they are leaking may give them an idea of areas in which to increase security. As we will see in this chapter, there is a great deal of information that is visible to those who know where to look.