In OSINT method, the information is basically found publicly and that information can be used to further analysis.
For information gathering on people, the attackers try to gather information like email addresses, their public profiles, files publicly uploaded, etc. In infrastructure recon, the attackers generally try to find the information about the host i. Information gathering is generally done on infrastructure and on people. There are basically two types of information gathering: active and passive. The more information, the higher the success rate. The first phase in security assessment is to focus on collecting as much information as possible about a target application.