It is a bit reworked readme of my GitHub repository username-generation-guide for OSINT purposes. To get scripts and read actual state of the guide, check the repo!
Let’s talk a little about a beginning of an OSINT search process.
Often you have a small amount of initial information about people, and you want to get a list of usernames (nicknames), that’s may be used to search for those people in social media.
So, let’s figure out how to get clues for a new search, starting from the data you know, as well as how to automate this and what tools to use.
What do you have?
If you only have some information as a first name, a last name, a birthday (and, maybe some extra info), you should take a look at the section Combining primary info.
Do you need extra help to extend the number of likely usernames? For learning methods to get variants of first names and so on, check section Primary info mining.
If you have a username and want to guess similar usernames, jump to the Username transformations section.
Important! Clone that repository with
git or download it to use the Python scripts mentioned below.
Combining primary info
Usernames/logins commonly consist of a combination of a first name, a last name, and, a little less often, a middle name (patronymic). Only the first letters can be left, and parts can be separated by some characters as
. and so on.
Of course, there can be many such combinations, so automation tools are needed. A good example is a very useful interactive Google spreadsheet for email permutations from Rob Ousbey, from Distilled.net.
Here is an example of use for
Also, you can find it convenient to use Email Permutator from Metric Sparrow Toolkit.
For fans of a console there are some specialized tools:
- Script python-email-permutator based on spreadsheet mentioned above.
- Logins generator supporting flexible ways to combine first, last and middle names.
Looking ahead, I will tell you that from lists of names you can quickly make a list of emails.
If you have any other additional information, you can significantly expand the number of candidates for usernames. It can be a year of birth, city, country, profession, and… literally anything.
What can be used in this case?
- My own script based on ProtOSINT combination methods:
$ python3 generate_by_real_info.py
First name: john
Last name: smith
Year of birth: 1980
Zip code (optional):
- Great alias generator mode of OSRFramebork:
$ osrf alias_generator
Insert a name: john
Insert the first surname: smith
Insert the second surname:
Insert a year (e. g.: birthyear): 1980
Insert a city:
Insert a country:Additional transformations to be added
--------------------------------------Extra words to add (',' separated):Input data:
First Surname: smith
Year: 1980Generated nicks:[
Up to 41 nicks generated.Writing the results onto the file:
Primary info mining
It is can be very important to check all the variants of non-English usernames. For example, a person with the common name Aleksandr may have a passport with the name
x) and a working login starting with
xs) because of the different transliteration rules.
This is a source of variability for us, so let’s use it.
- BehindTheName — excellent site about names. There are common name variants, diminutives (very useful for personal logins), and other languages alternatives.
You can use a simple script to scrape such data:
$ python3 behind_the_names.py john diminutives
- WeRelate — Variant names project, a comprehensive database of name variants with the ability to search. Gives much more results than BehindTheNames, but there are also many irrelevant results. Also, see GitHub repo with project data.
When you sign up on the site it may turn out that your username is taken. Then you use a variant of a name — with characters replacement or additions.
Thus, making assumptions about the transformations and knowing the original name, you can check “neighboring” accounts (for example, with maigret).
I propose for this my own simple tool that allows you to make transformations by rules.
$ python3 transform_username.py --username soxoj rules/printable-leetspeak.rule
Rules for transformation are located in the directory
rules and consist of the following:
printable-leetspeak.rule- common leetspeak transformations such as
e => 3,
a => 4, etc.
printable-leetspeak-two-ways.rule- the same conversions from letters to numbers, but also vice versa
impersonation.rule- common mutations used by scammers-impersonators such as
l => I,
O => 0, etc.
additions.rule- common additions to the username: underscores and numbers
toggle-letter-case.rule- changing case of letters, what is needed not so often, but maybe useful
add_email.rule- custom rule to add mail domain after usernames
You can use a file with a list of usernames:
$ cat usernames.txt
jack$ python3 transform_username.py rules/impersonation.rule --username-list soxoj
And even use a pipe to use the output of other tools and itself, combining transformations:
$ python3 transform_username.py rules/printable-leetspeak.rule --username soxoj | python3 transform_username.py rules/impersonation.rule -I
Addition of mail domain
You can use
add_email.rule and easily edit it to add needed mail domains to check emails in tools such as mailcat, holehe, or GHunt.
$ python3 transform_username.py rules/printable-leetspeak.rule --username soxoj | python3 transform_username.py rules/add_email.rule --remove-known -I
So, it’s all that I use and what I can tell you about now. Do you have anything to add? Feel free to write me on Telegram, Discord or to make an issue or pull request to the GitHub repository. Bye!