Digital footprint
Before launching an attack, no one forces the door blindly: first they do their homework. They gather everything your organization leaves in plain sight on the internet, forgotten domains, employee emails, documents with metadata, credentials leaked in old breaches, and with that they prepare the blow. With OSINT techniques we do that same work, but for you: we show you your digital footprint exactly as an attacker sees it, so you can close doors before someone tries them.
Open sources only, without touching your systems. Across Spain.
Why
Your digital footprint is everything that can be known about your organization without entering any system. It is free for the attacker and, almost always, invisible to you. Seeing it in time is the cheapest way to reduce risk.
Before touching anything, the attacker gathers. The better their homework, the easier the blow. Taking that advantage away starts with seeing it yourself.
We work only with open sources: what is already published. Without entering your systems and without violating anyone's privacy.
A forgotten subdomain, a document with metadata, a credential in an old breach. You do not defend them because you do not even know they are there.
Emails, roles, your technology stack, secrets in repositories, mentions on the dark web. Together, they draw a very useful map for whoever wants to get in.
What we bring to light
We gather and cross-reference what is scattered across the internet until we compose the portrait of your exposure. These are the fronts where it tends to appear the most.
Domains, subdomains, IP addresses, certificates and exposed services: everything from your organization that shows up on the internet.
Old servers, access panels and test environments that are still alive without anyone watching them. The shadow IT that no one remembers.
Your organization's emails and passwords that appear in data breaches, forums and dark web markets.
The footprint of executives and employees: profiles, emails, roles and everything a targeted attack uses as bait.
Published files that hide, in their metadata, usernames, internal paths and the technology you use.
Keys, passwords and secrets forgotten in public repositories, one of the most tempting points of entry.
And where it makes sense, we also watch your brand: domains similar to yours registered to impersonate you, mentions in forums and leaks that affect you even if they do not come from your own house.
How
OSINT is not searching at random: it is answering a specific business question with method, and ending in something actionable, not a data dump.
We agree on what we want to answer: your general exposure, that of an executive, that of a supplier before hiring them. Without an objective, there is no good investigation.
This is the reconnaissance phase: we track the relevant open sources: search engines, records, breaches, repositories, networks and dark web, always without touching your systems.
We cross-reference the findings to separate the noise from what truly exposes you, and we order them by real risk.
We deliver the portrait of your exposure and, alongside each finding, what to do to reduce it and in what order.
What you take away
Not an endless list, but a clear picture of where you are seen and, above all, where to start covering yourself.
The map of everything from your organization that shows up on the internet, gathered in one place and understandable.
The servers, subdomains and live environments you no longer remembered and that should be closed or watched.
Your organization's accounts that appear in leaks, so you can change them before someone uses them.
What is known about your executives and whoever has sensitive access, and how to reduce that footprint.
The findings ordered by real risk, so you act first where you are most exposed.
The starting point against which to compare how your exposure evolves from now on.
A snapshot, or monitoring
You can look at yourself once or never stop looking. Both options are valid, but they answer different needs.
An investigation at a given moment, sharp and complete. It fits perfectly before an attack simulation, when launching a brand or a service, after detecting a leak or to assess a supplier before signing.
Because your footprint changes on its own: subdomains appear, documents are published, new leaks emerge. When you want to learn about changes as they happen and not at the next review, the snapshot becomes monitoring, which is already the territory of threat intelligence.
Fits with
What an OSINT engagement uncovers feeds the rest. It is the raw material of a good social engineering exercise, because a lure convinces when it knows its target. It marks the ground for an external pentest, which begins precisely with the surface we bring to light here. And when the one-off snapshot becomes constant monitoring of threats and leaks, threat intelligence comes into play, where Sondriva, our SOC, continuously watches what appears about your organization.
Questions
OSINT stands for open-source intelligence: gathering information about an organization using only what is already available on the internet, without touching its systems. Search engines, social networks, public records, data breaches, forums and the dark web. It is the same technique an attacker uses to do their homework before attacking, and we use it to show you what they would see.
Yes. All the work is done on open sources, information that is already published and accessible to anyone, without entering any system or violating anyone's privacy. What changes is the use: auditing your own exposure or that of your organization with your permission is a legitimate use, and it is exactly what this service exists for.
In the angle. OSINT looks outward: what is known about you without touching anything, your public exposure. A pentest, on the other hand, actively tests your systems to see whether they can be broken. They are complementary: what we find in OSINT is often the starting point from which an attacker, and a pentest, begin to work.
More than you imagine: forgotten domains and subdomains, exposed services and panels, your employees' emails and roles, the technology stack given away by your job postings, metadata hidden in published documents, keys and secrets in code repositories, and your credentials leaked in previous breaches. All of that makes up your digital footprint.
Yes. We track known data breaches, forums, markets and channels where stolen credentials circulate, to find out whether your organization's emails and passwords are exposed. Finding a leaked credential in time is the difference between changing it calmly and discovering that someone already got in with it.
When the scope includes it, yes. Executives and people with privileged access are a preferred target: their digital footprint, what they share and what appears about them in open sources becomes the raw material of a targeted attack. Seeing it first allows you to reduce that exposure before it is exploited.
Both, depending on what you need. A one-off investigation gives you a sharp picture of your exposure at a given moment, ideal before an attack simulation or after a leak. But your footprint changes on its own: subdomains appear, documents are published, new leaks emerge. That is why many organizations move from the snapshot to continuous monitoring.
To close doors before someone tries them. We deliver the map of your external exposure, the inventory of forgotten assets, the leaked credentials to change now, the exposure of your key people and, above all, what to close first. It is the cheapest way to reduce risk: often it is enough to remove what is unnecessary.
It helps with both. NIS2 expects you to know and manage your attack surface, and knowing it starts with seeing it from the outside. ISO 27001 insists on asset management, and it is hard to manage the ones you did not even know you had exposed. An OSINT engagement gives you evidence that you have looked and that you act on what appears.
Shall we talk?
Tell us what you want to look at, your entire organization, an executive or a supplier, and we show you your digital footprint exactly as an attacker sees it.
Get in touch