### Appendix B – Raw Data Samples - `whois_example.txt` – WHOIS dump for `example.com`. - `shodan_api_example.json` – Shodan JSON output for `api.example.com`. - `tweets_@example_2024.csv` – Exported tweet list (date, text, retweets).
### How to Use This Template 1. **Replace all placeholder text** (`<...>`) with your actual target information. 2. **Populate the tables** in Sections 5‑7 with the data you collect. 3. **Add evidence files** (screenshots, raw outputs) to the `Appendices` folder before zipping. 4. **Run a final review** for accuracy, legal compliance, and proper redaction of any PII that should not be shared outside the intended audience.
### 5.2 Notable Indicators of Compromise / Risks | Indicator | Description | Evidence | Risk Level | |-----------|-------------|----------|------------| | **Hard‑coded API key** | `X-API-KEY: abc123…` found in public repo `config.js` | `https://github.com/example/example‑app/blob/main/config.js` | High | | **Exposed Admin Panel** | `https://admin.example.com` reachable without auth | Screenshot (see Appendix A) | Medium | | **Credential Leak** | Email‑password pairs from `data_leak_2024.txt` on Pastebin | `https://pastebin.com/abcd1234` | High | | **Phishing Campaign** | Same domain used in recent phishing emails targeting customers | Header analysis – `Received: from mail.example.com` | Medium | | **Geo‑Tagged Photos** | Instagram posts reveal office interior layout | EXIF GPS coordinates `40.7128, -74.0060` | Low‑Medium |
---
---
*--- End of Report ---*
---
---
## 6. Analysis & Impact Assessment | Threat Vector | Likelihood | Impact | Overall Rating | Mitigation Recommendations | |---------------|------------|--------|----------------|----------------------------| | Publicly exposed API keys | High | Data exfiltration, service abuse | Critical | Rotate keys, implement secret management, restrict IP ranges. | | Unauthenticated admin panel | Medium | System takeover, data manipulation | High | Add authentication, IP whitelist, enable MFA. | | Credential leak on Pastebin | High | Account takeover, credential stuffing | Critical | Force password reset, monitor for abuse, adopt password‑less auth. | | Phishing using brand domain | Medium | Reputation damage, credential theft | Medium | Deploy DMARC/DKIM/SPF, employee training, brand monitoring. | | Geo‑tagged interior photos | Low | Physical security reconnaissance | Low | Strip EXIF data from publicly posted images. |
---
*Tools commonly used:* Maltego, SpiderFoot, Recon‑NG, theHarvester, FOCA, Shodan CLI, Sublist3r, Amass, OSINT Framework, OSINT Combine, Metagoofil, ExifTool, Wayback Machine, Google Advanced Search Operators.
---
*This report is intended solely for the recipients listed above. Redistribution, publishing, or any use outside the authorized scope is prohibited without prior written consent from the authorizing party.* OSINT Report.zip
## 8. Limitations - All data collected is **publicly available** as of the report date; any private/internal information was not accessed. - The assessment **does not** include active exploitation (no network intrusion, no credential cracking). - Dark‑web findings are limited to indexed sources; deeper investigation may reveal additional data (subject to legal review).