EH-Net

I know even attempts at attacking a site is illegal, but what about simply doing recon like downloading publicly available documents from their site and looking at metadata, gathering email addresses, URLs, business partners etc., without the intentions of using that data.  To me, it seems like OSINT is similar to someone in physical security walking into a store and looking at its physical security without any intentions of robbing it.

There are probably no laws against it.  If you do not need to alter or exploit the code in the site to obtain the information then you are probably not doing anything illegal.  However you may be doing something unethical if you have not been given permission to browse the site.  If there is some monitoring of the site and it is noted that there are some strange directory traversals, they may take that as hostile and begin investingating.  Its a fine line I think, a gray area and is really based on your judgement.  If you find something that could be exploited and decide to tell them about it, you may get some negative responses.  Tread lightly sir.

The question then arises, what were you planning to do with the information?  You still gathered it so why?  That would be questions that I may ask if I came across your activity.  The otherside of the coin is "well they put it out there so its their fault" that's where you need to walk the ethical line I think.

I'd want to do it simply to try out some recon tools.

You raise a good point on ethics.  However, maybe it wouldn't be so unethical if someone were to do recon on a company who collects and sells information on us (e.g. Intelius).  If companies can collect information on me AND sell it, why shouldn't I be able to collect information on them?  Heck, I would just be collecting it, not profiting from it like they are.

Can't argue with the logic :D  Then again if the company collects the information because they are well defined as a "Partner" with a site that you gave your information to and agreed in one way or another that you allowed them to share your information with their "Partners" then they have the right do such data collection and you could still be found in the wrong, no matter your intentions or their business practices. 

Its the gray line similar to the idea of attacking back when defending your network.  One would like it would make sense but there are laws that protect the bad folks as well as the good folks and depending on where the originate, you may be crossing some international lines.  Best bet for testing tools is to try and build yourself a web app lab of such.  I'm sure you can get some sample sites that can quickly be thrown in for use, or you can test against sites like hackthissite.org.

hackthissite.org looks like fun.  Signing up now, thanks! :)