## 5. Findings ### 5.1 Digital Footprint Overview | Asset Type | Identifier | Owner/Contact (if known) | Public Exposure | Comments | |------------|------------|--------------------------|-----------------|----------| | Domain | `example.com` | Registrant: John Doe (privacy‑protected) | Public website, SSL, subdomains | … | | Sub‑domain | `api.example.com` | Same as above | Exposes REST API (no auth) | Potential data leak | | IP Range | `192.0.2.0/24` | ISP: ExampleNet | Visible on Shodan (open ports 22, 80, 443) | … | | Social Account | `@example` (Twitter) | Owner: Jane Smith | 12k followers, 300 tweets | Recent tweet mentions partnership with X | | GitHub Repo | `example/example‑app` | Owner: example | 5 public repos, 1 contains `.env` file | **Sensitive** – contains API keys | | Document | `annual_report_2023.pdf` (found via Google) | Public | Contains executive emails | **PII** exposure |
### Appendix B – Raw Data Samples - `whois_example.txt` – WHOIS dump for `example.com`. - `shodan_api_example.json` – Shodan JSON output for `api.example.com`. - `tweets_@example_2024.csv` – Exported tweet list (date, text, retweets). OSINT Report.zip
---
---
## 9. Appendices ### Appendix A – Screenshots | # | Description | File | |---|-------------|------| | 1 | Unauthenticated admin panel login page | `admin_panel.png` | | 2 | Exposed `.env` file (redacted) | `env_file.png` | | 3 | EXIF GPS coordinates from Instagram photo | `photo_exif.png` | - `tweets_@example_2024
---
*This report is intended solely for the recipients listed above. Redistribution, publishing, or any use outside the authorized scope is prohibited without prior written consent from the authorizing party.* OSINT Report.zip