Remember that failure is an event, not a person.

—ZIG ZIGLAR

OSINT stands for Open Source Intelligence, and it's the life blood of social engineering. Information is the starting and supporting point of every engagement. Because OSINT is so important to us as social engineers, it is vital that you understand all the different ways you can go about obtaining intel on your targets.

Regardless of how you obtain OSINT, you need to have a clear idea in mind of what you are looking for. That might seem easy to do, but it's not as easy as it sounds. You can't simply say, “I want all info on the target.” Every type of information has a different value, and what is valuable can change with the type of attack you are looking to launch.

A Real-World Example of Collecting OSINT

Let me try to give you some perspective. According to the site www.worldwidewebsize.com, there are more than 4.48 billion indexed websites. This doesn't count anything that's not indexed, sites on the dark web or deep web, and so on. Annual worldwide Internet traffic reached 1.3 zettabytes (that is 1,300,000,000,000,000,000,000 bytes). One source even tells us that the Internet can contain up to 10 yottabytes of total data. (Writing 10 yottabytes looks like this: 10,000,000,000,000,000,000,000,000 bytes.)