OSINT Reports for Builders & Startups

Simple, ethical surface scans. No drama. No risk. No shady code.

📂 Overview

• Public metadata scan (emails, GitHub, Google dorks)
• Subdomain visibility check
• Credential leak review (HaveIBeenPwned etc.)
• Basic security recommendations

🔍 Common Question

Q: “am I allowed to scan my own stuff?”
A:Yes. You absolutely are. You own the domain, the content, and you’re acting on your own behalf.
It doesn't matter if it’s hosted on GitHub Pages, GoDaddy, or powered by a hamster on a wheel — if you control it, you're in the clear.

Here’s what counts as a green light:

• You’re the domain owner (e.g. zerodumb.dev)
• You control the GitHub repo
• You’re scanning only public endpoints/content (no admin panels, no authenticated sessions)
• You’re not hammering your host like a DDoS — we keep scans polite and staggered

In fact, it’s smart to recon your own site. You’ll find:

• Overshared metadata (Git leaks, repo history)
• Mistyped robots.txt that accidentally lists sensitive paths
• Indexable files you didn’t mean to make public
• Framework debug endpoints still open

You’re basically being your own bug bounty hunter — minus the swag hoodie and million-dollar payout.

How to Order

Request a Report

Your request MUST include:

• Your name (or alias, no judgment)
• Your main domain or project URL
• Your email address that matches the domain (I will check, and I don’t do work for gmail, hotmail, or your mom’s mail, etc.)
• A sentence saying "Yes, I give permission for surface-level recon"

📂 Expanded Services

These aren’t ‘buy now’ buttons. These are ‘email me if you’re serious’ services.

• OSINT Surface Audit
• AI Agent Setup
• Automation Stack Review

Most of this, I don't do for the money. I do it to learn. If you want to support my caffeine habit, buy me coffee .