OSINT Tutorial

This tutorial walks you through a complete reconnaissance operation against a fictional company. You start with nothing but a domain name and work your way to identifying a specific CVE on an exposed database server.

The five modules cover subdomain enumeration using site operators, finding exposed admin panels with intitle and inurl, hunting for leaked config files with filetype searches, pivoting to Shodan for host analysis, and searching for known vulnerabilities.

Type your queries into the simulated browser and Shodan interfaces. The tutorial validates your syntax and shows you the correct approach if you get stuck. Shodan access unlocks after you find credentials in module three.

Use the field notes panel to compile findings as you work through the scenario. By the end, you will have documented a realistic attack surface.