Free Tool
Free OSINT Preview
What's already public, leaked, or for sale about your organisation. Certificate transparency history, breach exposure, and typosquat detection - the reconnaissance attackers do for free, before they decide whether to come at you.
Check your domain
What's already out there about your domain?
Enter your work email below. We'll use the domain to run public-record OSINT lookups and return a snapshot in under a minute. Free, no obligation, one domain per session.
Your work email
Your email is solely to identify your domain. We won't add you to a mailing list without your consent. The free OSINT preview runs once per browser session - for additional domains, talk to Pentiq. Privacy policy.
What we check
What's in the OSINT preview?
Three public-record sources, each surfacing a different angle on what attackers can find for free.
Breach exposure
We cross-reference your domain against publicly disclosed breaches in the HaveIBeenPwned index. If your domain is implicated in a known data breach, you'll see it.
Certificate transparency history
Public certificate logs reveal every subdomain that has ever had an SSL/TLS certificate issued - including dev, staging, and forgotten environments. Often a richer view than current DNS.
Typosquat detection
Common variations of your domain (missing letters, character swaps, .co/.io/.net swaps, homoglyphs) checked against live DNS. Surfaces lookalike domains that resolve - a strong signal for active impersonation.
Why this matters
Public-record exposure is the homework attackers do before the attack.
Reconnaissance is free
Before any attacker buys an exploit, they Google. Certificate transparency, breach databases, GitHub mentions, and lookalike domains are all public, automated, and constant. If something's exposed, it's already been seen.
Historical exposure outlives current state
An old subdomain from 2019, a leaked certificate from a sunset product, a forgotten dev environment - these stay in public records long after they're decommissioned. Your current attack surface scan won't catch them.
Brand impersonation is cheap
Buying a typosquat domain costs £10. Sending phishing from it costs nothing. Knowing which lookalikes are live is the cheapest defensive control there is - and most clients have never checked.
Want the deep version?
The free preview is the first 5%. Threat Landscape Discovery is the rest.
The free tool runs three lookups on one domain. Our paid Threat Landscape Discovery service runs full manual reconnaissance across your domain estate, dark-web sources, brand mentions on paste sites, lookalike domain registrations, and underground forum chatter - then writes it up with priority remediation actions.
About this tool
What the OSINT Preview is - and isn't
The OSINT Preview runs three lookups against free, public data sources: HaveIBeenPwned for breach metadata, crt.sh for certificate transparency, and live DNS for typosquat detection. It's a snapshot, not a manual review.
For a deeper view of leaked credentials, dark-web mentions, and brand protection recommendations, see Threat Landscape Discovery.
Any leads generated through this tool are stored by Pentiq in accordance with our Data Processing Agreement.
Common questions
Frequently asked questions.
How is this different from Attack Surface Preview?
Attack Surface Preview probes your live external estate - DNS, current subdomains, web metadata, email-security records. OSINT Preview looks at historical and leaked data - certificate logs, breach indices, typosquats. The two tools are complementary, not duplicates.
Why is this gated to one domain?
The free tool is intentionally a teaser - one domain per browser session. For multiple domains, deeper review of leaked credentials and brand exposure, or ongoing OSINT monitoring, see our paid Threat Landscape Discovery service or talk to a Pentiq tester.
What data sources does this use?
Three free, public sources: HaveIBeenPwned for breach metadata, crt.sh for certificate transparency logs, and live DNS for typosquat resolution. We don't use any paid intelligence feeds in the free tool - those go into the paid service.
Will this find leaked credentials specifically?
The free preview reports breach metadata at the domain level (which breaches involve your domain). Per-account credential exposure requires authenticated lookups against breach data, which is part of our paid Threat Landscape Discovery engagement.
Get started
See what attackers see, before they see it.
When you're ready to know what's actually exploitable - not just what's public - book a 30-minute call and a Pentiq consultant will scope it honestly.