Similar usernames generation guide

Soxoj
5 min readDec 8, 2021

--

It is a bit reworked readme of my GitHub repository username-generation-guide for OSINT purposes. To get scripts and read actual state of the guide, check the repo!

Names transform in (not) mysterious ways

Start

Let’s talk a little about a beginning of an OSINT search process.

Often you have a small amount of initial information about people, and you want to get a list of usernames (nicknames), that’s may be used to search for those people in social media.

So, let’s figure out how to get clues for a new search, starting from the data you know, as well as how to automate this and what tools to use.

What do you have?

If you only have some information as a first name, a last name, a birthday (and, maybe some extra info), you should take a look at the section Combining primary info.

Do you need extra help to extend the number of likely usernames? For learning methods to get variants of first names and so on, check section Primary info mining.

If you have a username and want to guess similar usernames, jump to the Username transformations section.

Important! Clone that repository with git or download it to use the Python scripts mentioned below.

Combining primary info

Usernames/logins commonly consist of a combination of a first name, a last name, and, a little less often, a middle name (patronymic). Only the first letters can be left, and parts can be separated by some characters as _, . and so on.

Of course, there can be many such combinations, so automation tools are needed. A good example is a very useful interactive Google spreadsheet for email permutations from Rob Ousbey, from Distilled.net.

Here is an example of use for rob ousbey:

rob@distilled.net
ousbey@distilled.net
robousbey@distilled.net
rob.ousbey@distilled.net
rousbey@distilled.net
...

Also, you can find it convenient to use Email Permutator from Metric Sparrow Toolkit.

For fans of a console there are some specialized tools:

Looking ahead, I will tell you that from lists of names you can quickly make a list of emails.

If you have any other additional information, you can significantly expand the number of candidates for usernames. It can be a year of birth, city, country, profession, and… literally anything.

What can be used in this case?

  • My own script based on ProtOSINT combination methods:
$ python3 generate_by_real_info.py
First name: john
Last name: smith
Year of birth: 1980
Username (optional):
Zip code (optional):
johnsmith1980
smith
johnsmith80
jsmith1980
smithjohn
...
$ osrf alias_generator
Insert a name: john
Insert the first surname: smith
Insert the second surname:
Insert a year (e. g.: birthyear): 1980
Insert a city:
Insert a country:
Additional transformations to be added
--------------------------------------
Extra words to add (',' separated):Input data:
-----------
Name: john
First Surname: smith
Year: 1980
Generated nicks:[
"j.smith",
"j.smith.1980",
"j.smith.80",
"j_smith",
...
Up to 41 nicks generated.
Writing the results onto the file:
./output.txt

Primary info mining

It is can be very important to check all the variants of non-English usernames. For example, a person with the common name Aleksandr may have a passport with the name Alexandr (letter x) and a working login starting with alexsandr (letters xs) because of the different transliteration rules.

This is a source of variability for us, so let’s use it.

  • BehindTheName — excellent site about names. There are common name variants, diminutives (very useful for personal logins), and other languages alternatives.
BehindTheName ‘alexandr’ check results

You can use a simple script to scrape such data:

$ python3 behind_the_names.py john diminutives
Johnie
Johnnie
Johnny
  • WeRelate — Variant names project, a comprehensive database of name variants with the ability to search. Gives much more results than BehindTheNames, but there are also many irrelevant results. Also, see GitHub repo with project data.
WeRelate ‘aleksandr’ check results

Username transformations

When you sign up on the site it may turn out that your username is taken. Then you use a variant of a name — with characters replacement or additions.

Thus, making assumptions about the transformations and knowing the original name, you can check “neighboring” accounts (for example, with maigret).

I propose for this my own simple tool that allows you to make transformations by rules.

$ python3 transform_username.py --username soxoj rules/printable-leetspeak.rule
soxoj
s0xoj
5ox0j
50xoj
...

Rules for transformation are located in the directory rules and consist of the following:

  • printable-leetspeak.rule - common leetspeak transformations such as e => 3, a => 4, etc.
  • printable-leetspeak-two-ways.rule - the same conversions from letters to numbers, but also vice versa
  • impersonation.rule - common mutations used by scammers-impersonators such as l => I, O => 0, etc.
  • additions.rule - common additions to the username: underscores and numbers
  • toggle-letter-case.rule - changing case of letters, what is needed not so often, but maybe useful
  • add_email.rule - custom rule to add mail domain after usernames

You can use a file with a list of usernames:

$ cat usernames.txt
john
jack
$ python3 transform_username.py rules/impersonation.rule --username-list soxoj
jack
iack
john
iohn

And even use a pipe to use the output of other tools and itself, combining transformations:

$ python3 transform_username.py rules/printable-leetspeak.rule --username soxoj | python3 transform_username.py rules/impersonation.rule  -I
s0xOj
sOx0j
5OxOi
soxOj
sox0i
...

Addition of mail domain

You can use add_email.rule and easily edit it to add needed mail domains to check emails in tools such as mailcat, holehe, or GHunt.

$ python3 transform_username.py rules/printable-leetspeak.rule --username soxoj | python3 transform_username.py rules/add_email.rule --remove-known -I
soxoj@protonmail.com
sox0j@protonmail.com
s0x0j@protonmail.com
50x0j@protonmail.com
...

Conclusion

So, it’s all that I use and what I can tell you about now. Do you have anything to add? Feel free to write me on Telegram, Discord or to make an issue or pull request to the GitHub repository. Bye!

--

--

No responses yet