OSINT Collection Report Template
Document Control
| Field |
Value |
| Target Organization |
[NAME] |
| Target Domain(s) |
[DOMAINS] |
| Engagement ID |
[ID] |
| Collector |
[NAME] |
| Date |
[DATE] |
| Classification |
CONFIDENTIAL |
1. Executive Summary
[Brief overview of OSINT findings and their impact on attack planning]
Key Findings:
- [Finding 1]
- [Finding 2]
- [Finding 3]
Recommended Attack Vectors:
- [Vector 1 based on OSINT]
- [Vector 2 based on OSINT]
2. External Attack Surface
2.1 Domain Inventory
| Domain |
Registrar |
Nameservers |
Expiry Date |
|
|
|
|
2.2 Subdomain Enumeration
| Subdomain |
IP Address |
Service |
Status |
|
|
|
Active/Inactive |
2.3 IP Range and ASN
| ASN |
Organization |
IP Range |
Country |
|
|
|
|
2.4 Cloud Assets
| Provider |
Asset Type |
Identifier |
Public Access |
| AWS |
S3 Bucket |
|
Yes/No |
| Azure |
Blob Storage |
|
Yes/No |
| GCP |
Storage |
|
Yes/No |
3. Personnel Intelligence
3.1 Key Personnel
| Name |
Title |
Department |
LinkedIn |
Email |
|
|
|
|
|
3.2 Email Format
3.3 Social Engineering Targets
| Target |
Role |
Justification |
Risk Level |
|
|
|
High/Medium/Low |
4. Technology Stack
4.1 Web Technologies
| Component |
Technology |
Version |
Notes |
| Web Server |
|
|
|
| Framework |
|
|
|
| CMS |
|
|
|
| CDN |
|
|
|
| WAF |
|
|
|
4.2 Security Posture
| Security Header |
Status |
Rating |
| HSTS |
Present/Missing |
|
| CSP |
Present/Missing |
|
| X-Frame-Options |
Present/Missing |
|
| X-Content-Type-Options |
Present/Missing |
|
4.3 Infrastructure
| Service |
Product |
Version |
Port |
| VPN |
|
|
|
| Email |
|
|
|
| Remote Access |
|
|
|
5. Credential Exposure
5.1 Breach Database Results
| Source |
Date |
Records |
Type |
|
|
|
Passwords/Hashes/Emails |
5.2 Code Repository Leaks
| Repository |
File |
Type of Secret |
Status |
|
|
API Key/Password/Token |
Active/Rotated |
5.3 Paste Site Findings
| Site |
Date |
Content Type |
Relevance |
|
|
|
High/Medium/Low |
6. Physical Intelligence
6.1 Office Locations
| Address |
Type |
Access Controls |
Notes |
|
HQ/Branch/DC |
|
|
6.2 Physical Security Observations
| Observation |
Location |
Photo Reference |
|
|
|
7. Attack Surface Summary
7.1 Priority Targets
| # |
Target |
Type |
Rationale |
Risk |
| 1 |
|
Technical/Human/Physical |
|
Critical/High/Medium |
7.2 Recommended Initial Access Methods
| Method |
MITRE ATT&CK |
Likelihood |
Required Resources |
| Spearphishing |
T1566.001 |
|
|
| Credential Stuffing |
T1078 |
|
|
| External Exploit |
T1190 |
|
|
Appendix A: Raw Data Files
| File |
Description |
Location |
| subdomains.txt |
Full subdomain list |
|
| emails.txt |
Discovered email addresses |
|
| dorks.txt |
Google dorking queries |
|
| tech_fingerprint.json |
Technology details |
|
Appendix B: Tools Used
Appendix C: MITRE ATT&CK Techniques Used
| Technique ID |
Name |
Result |
| T1593.002 |
Search Engines |
|
| T1596.005 |
Scan Databases |
|
| T1589.002 |
Email Addresses |
|
mukul975