Defenders use OSINT for: attack surface discovery (Shodan scans), exposed credential monitoring (HaveIBeenPwned), subdomain enumeration, GitHub secret scanning, dark web monitoring, brand impersonation detection.
Run Shodan searches on your own IP ranges regularly. Monitor for exposed credentials with HaveIBeenPwned Enterprise API. GitHub Dorks find accidentally committed secrets. See yourself as attackers see you — external attack surface management (EASM).