Social Media Recon (SOCMINT)

Employees of an organization often leak too much information about themselves and their company. While many employees are very happy to be working in their organizations, sometimes, they share information that can be used during cyberattacks by a threat actor. As an aspiring penetration tester, this information can also be leveraged during a penetration test on the target organization. The following is some information that’s commonly leaked: Employee contact information, such as telephone numbers and email addresses, that can be used during social engineering and account takeover attacks. Sharing photos with their employee badges, which can be used by a threat actor to create a fake ID for impersonation. Pictures of an employee’s computing systems and desktop, which can inform a threat actor about the available device vendors and operating systems. Projects that have been completed by the employee may contain specific technical details, which can allow a threat actor to profile the internal network infrastructure. Gathering information from instagram: Using sherlock --timeout command ensures that sherlock doesn’t spend more than 5 seconds on a site. Gathering company’s infra data: we can use tools like wappalyzer to see what kind of tech a target website is using: We can also utilize a website called built-with for getting the technology profile of a target website. Shodan: Shodan is a search engine for Internet of Things (IoT), systems, and networks that are directly connected to the internet. Ethical hackers, penetration testers, and even threat actors use Shodan to identify their organization’s or target’s assets, and they check whether they have been publicly exposed on the internet. ...

November 24, 2025 · 5 min · 888 words · 0x-s0M3n4th