Passive Information Gathering (also known as Open-source Intelligence or OSINT) is the process of collecting openly available information about a target, generally without any direct interaction with that target.

There are a variety of resources and tools we can use to gather this information and the process is cyclical rather than linear. In other words, the next step of any stage of the process depends on what we find during the previous steps, creating cycles of processes.

Since each tool or resource can generate any number of varied results, it can be hard to define a standardized process.

The ultimate goal of passive information gathering is to obtain information that clarifies or expands an attack surface, helps us conduct a successful phishing campaign, or supplements other penetration testing steps such as password guessing.