A mostly demo filled talk given at the 2015 OWASP Boston Application Security Conference (BASC). The general idea is that we can use OSINT tools to find known vulnerabilities in web applications that are exposed to the internet. This can be useful to identify sites that may be vulnerable to known vulnerabilities, as well as to find vulnerabilities in a specific target web site.