DEV Community

Kyle Brennan
Kyle Brennan

Posted on

Company OSINT: How to Research Any Business

#security #tutorial #beginners #startup

Whether you're doing due diligence, competitive analysis, or investigating potential fraud — businesses leave massive digital footprints.

Here's how to map a company's structure, finances, technology, and vulnerabilities using public information.

Company Basics

Registration & Legal Structure

Where to look:

  • OpenCorporates.com: Global company database
  • State SOS websites: Secretary of State business filings
  • SEC EDGAR: Public company filings (10-K, 10-Q, 8-K)
  • Companies House (UK): Free company records
  • National registries: Most countries have searchable databases

What you'll find:

  • Registered address (often different from HQ)
  • Directors and officers
  • Filing history
  • Corporate structure
  • Registered agent

Domain Intelligence

Start with their website and expand:

WHOIS Lookup:

  • Registration date
  • Registrant info (often privacy-protected now)
  • Historical ownership

Tools:

  • DomainTools: Historical WHOIS, reverse lookups
  • SecurityTrails: DNS history, associated domains
  • Shodan: What's running on their servers
  • BuiltWith: Technology stack detection

Subdomain enumeration:

subfinder -d company.com
amass enum -d company.com
Enter fullscreen mode Exit fullscreen mode

Hidden subdomains often reveal:

  • Internal tools (staging, dev, admin)
  • Acquired companies
  • Forgotten infrastructure

Financial Intelligence

Public Companies

  • SEC EDGAR: All official filings
  • Yahoo Finance / Google Finance: Quick overviews
  • Annual reports: Often more detailed than required filings
  • Earnings call transcripts: Management commentary

Private Companies

Harder, but not impossible:

  • Crunchbase: Funding rounds, investors
  • PitchBook: Detailed financials (paid)
  • LinkedIn: Employee count over time
  • Job postings: Hiring = growth, layoffs = trouble
  • Glassdoor: Employee reviews reveal internal issues

Red Flags

Watch for:

  • Frequent address changes
  • Director churn
  • Late filings
  • Related-party transactions
  • Multiple shell companies

People Intelligence

Leadership

  • LinkedIn: Career history, connections
  • Board memberships: Often listed in filings
  • News archives: Past controversies
  • Social media: Public statements, opinions

Employees

  • LinkedIn: Map the org chart
  • GitHub: Developer contributions (code quality, security practices)
  • Conference talks: Technical capabilities
  • Patent filings: Innovation areas

Tip: Engineers and salespeople often share more than executives. Their LinkedIn profiles reveal products, clients, and tech stack.

Technology Stack

What They're Running

  • BuiltWith.com: Detect CMS, analytics, frameworks
  • Wappalyzer: Browser extension for tech detection
  • Shodan: Open ports, services, vulnerabilities
  • Censys: SSL certificates, infrastructure

Security Posture

  • SecurityHeaders.com: Check header configurations
  • SSL Labs: Certificate and TLS configuration
  • Have I Been Pwned (domain search): Employee breach exposure
  • Dehashed: Leaked credentials (for your own domains only)

Code & Development

  • GitHub: Public repositories, commit history
  • GitLeaks: Accidentally exposed secrets
  • Wayback Machine: Old versions of their site

Physical Presence

Locations

  • Google Maps: Satellite view, street view
  • OpenStreetMap: Community-contributed data
  • Commercial real estate sites: Lease information
  • Property records: Ownership details

Supply Chain

  • Import/export records: Panjiva, ImportGenius
  • Supplier directories: ThomasNet, Alibaba
  • LinkedIn: Procurement team connections

Legal & Regulatory

Lawsuits & Disputes

  • PACER: Federal court records (US)
  • State court websites: Local litigation
  • Google News: Media coverage of disputes
  • Justia: Free case law search

Regulatory Filings

  • FCC: Communications equipment
  • FDA: Medical/pharmaceutical
  • EPA: Environmental
  • OSHA: Workplace safety violations
  • Patent databases: USPTO, Google Patents

Reputation & Sentiment

Reviews & Complaints

  • BBB: Better Business Bureau
  • Trustpilot: Customer reviews
  • Glassdoor: Employee reviews
  • Reddit: Unfiltered opinions
  • Twitter/X: Real-time complaints

News & Media

  • Google News: Recent coverage
  • LexisNexis: Historical archives (paid)
  • Wayback Machine: Old press releases
  • PR Newswire: Official announcements

Putting It Together

Create a Profile

For any target company, build:

  1. Basic Info: Name, addresses, registration, directors
  2. Corporate Structure: Subsidiaries, parents, related entities
  3. Financial Health: Revenue, funding, cash position
  4. Key People: Leadership, board, key employees
  5. Technology: Stack, infrastructure, security posture
  6. Reputation: Reviews, news, legal issues
  7. Red Flags: Anything concerning

Tools for Organization

  • Maltego: Visual link analysis
  • Obsidian: Linked note-taking
  • Draw.io: Organizational charts
  • Hunchly: Automatic evidence capture

⚠️ Legal Considerations

  • All techniques here use public information
  • Don't access private systems
  • Don't impersonate employees
  • Be careful with data protection laws (GDPR, CCPA)
  • Document your methods

🏢 Learn More

Company research is a core skill for investigators, journalists, and security professionals.

Join CloudSINT Discord: https://discord.gg/8WP5VwSS

Get help with tricky investigations, share resources, and learn advanced techniques.

Part of the OSINT education series. Due diligence saves trouble.

Top comments (0)