Generally, the first step in a penetration test or an attack is the collection of OSINT. This is the art of collecting information from public sources, particularly the internet. The amount of available information is considerable—most intelligence and military organizations are actively engaged in OSINT activities to collect information about their targets, and to guard against data leakage about them.

OSINT can be divided into two types: offensive and defensive. Offensive deals with harvesting all the data that are required to prepare an attack on the target, while defensive is art of collecting the data of previous breaches and any other security incidents relevant to the target that can be utilized to defend or protect themselves. The following diagram depicts a basic mind map for OSINT: