---
name: pentest-osint-recon
description: Open Source Intelligence gathering and attack surface management for external reconnaissance.
---

# Pentest OSINT Recon

## Purpose
Gather publicly available information about a target organization to map its external attack surface, including subdomains, emails, and exposed assets.

## Core Workflow
1. **Domain Enumeration**: Discover subdomains and related assets using `amass` and `subfinder`.
2. **Tech Profiling**: Identify technologies used on discovered assets using `httpx` and `whatweb`.
3. **Information Gathering**: Search for emails, leaks, and social media presence using `theharvester` and search engines.
4. **Asset Correlation**: Correlate IP addresses, domains, and technologies to find weak spots.
5. **Vulnerability Intel**: Check discovered software versions against CVE databases.

## References
- `references/tools.md`
- `references/workflows.md`