Skip to content

Latest commit

 

History

History
242 lines (168 loc) · 9.21 KB

README.md

File metadata and controls

242 lines (168 loc) · 9.21 KB

OSINT Username generation guide

A definitive guide to generating usernames for OSINT/SOCMINT/Pentesting purposes.

Logo

Table of Contents

Start

Let's identify your goals.

If I understand correctly, you have some information about people, and you want to get a list of usernames (nicknames, just names), that may be used to search for those people.

Am I right? So, you're in the right place.

Below, you can find information on how to gather clues for a new search based on the data you already have, as well as how to automate the process and which tools to use.

What do you have?

If you only have some information as a first name, a last name, a birthday (and, maybe some extra info), you should take a look at the section “Combining primary info".

Do you need extra help to extend the number of likely usernames? For learning methods to get variants of first names and so on, check section “Primary info mining”.

If you have a username and want to guess similar usernames, jump to the “Username transformations” section.

Important! Clone this repository with git or download it to use the Python scripts mentioned below.

Combining primary info

Usernames/logins commonly consist of a combination of a first name, a last name, and, a little less often, a middle name (patronymic). Only the first letters can be left, and some characters can separate parts (_, . and so on).

Of course, there can be many such combinations, so automation tools are needed. A good example is a very useful interactive Google spreadsheet for email permutations from Rob Ousbey, from Distilled.net.

image

Here is an example of Email Permutator usage for rob ousbey:

rob@distilled.net
ousbey@distilled.net
robousbey@distilled.net
rob.ousbey@distilled.net
rousbey@distilled.net
...

A very useful service NAMINT offers various links for combinations of first, last and middle name (nickname):

  • search engines (including photo search with Yandex)
  • possible login patterns
  • most popular social platforms search and supposed profile links
  • Gravatars for logins at common email providers (great feature 🔥)

image

Also, you can find it convenient to use Email Permutator from Metric Sparrow Toolkit or analyzeid permutator with batch processing support.

For fans of a console, there are some specialized tools:

  • Script python-email-permutator based on spreadsheet mentioned above.

  • Logins generator supporting flexible ways to combine first, last and middle names.

  • emailGuesser is a customizable permutator with the support of checks if an address is valid in Skype and in breach databases.

Looking ahead, I will tell you that from lists of names you can quickly make a list of emails.

Addition of personal information

If you have any other additional information, you can significantly expand the number of candidates for usernames. It can be a year of birth, city, country, profession, and... literally anything.

What can be used in this case?

  • My own script based on ProtOSINT combination methods:
$ python3 generate_by_real_info.py
First name: john
Last name: smith
Year of birth: 1980
Username (optional):
Zip code (optional):
johnsmith1980
smith
johnsmith80
jsmith1980
smithjohn
...
$ osrf alias_generator
Insert a name:                     john
Insert the first surname:          smith
Insert the second surname:
Insert a year (e. g.: birthyear):  1980
Insert a city:
Insert a country:

Additional transformations to be added
--------------------------------------

Extra words to add (',' separated):

Input data:
-----------

Name:               john
First Surname:      smith
Year:               1980

Generated nicks:

[
  "j.smith",
  "j.smith.1980",
  "j.smith.80",
  "j_smith",
...
Up to 41 nicks generated.

Writing the results onto the file:
	./output.txt

↑ Back to the start

Primary info mining

It can be very important to check all the variants of non-English usernames. For example, a person with the common name Aleksandr may have a passport with the name Alexandr (letter x) and a working login starting with alexsandr (letters xs) because of the different transliteration rules.

This is a source of variability for us, so let's use it.

  • BabelStrike - a very powerful tool for normalization and generation of possible usernames out of a full names list. It supports romanization for Greek, Hindi, Spanish, French and Polish.

BabelStrike usage example

  • BehindTheName - excellent site about names. There are common name variants, diminutives (very useful for personal logins), and other languages alternatives.

'Aleksandr' name variants

You can use a simple script from this repo to scrape such data:

$ python3 behind_the_names.py john diminutives
Johnie
Johnnie
Johnny
  • WeRelate - Variant names project, a comprehensive database of name variants with the ability to search. Gives much more results than BehindTheNames, but there are also many irrelevant results. Also, see GitHub repo with project data.

↑ Back to the start

Username transformations

When you sign up on the site it may turn out that your username is taken. Then you use a variant of a name - with characters replacement or additions.

Thus, making assumptions about the transformations and knowing the original name, you can check "neighbouring" accounts (for example, with maigret).

I propose for this my own simple tool that allows you to make transformations by rules.

$ python3 transform_username.py --username soxoj rules/printable-leetspeak.rule
soxoj
s0xoj
5ox0j
50xoj
...

Rules for transformation are located in the directory rules and consist of the following:

  • printable-leetspeak.rule - common leetspeak transformations such as e => 3, a => 4, etc.
  • printable-leetspeak-two-ways.rule - the same conversions from letters to numbers, but also vice versa
  • impersonation.rule - common mutations used by scammers-impersonators such as l => I, O => 0, etc.
  • additions.rule - common additions to the username: underscores and numbers
  • toggle-letter-case.rule - changing case of letters, what is needed not so often, but maybe useful
  • add_email.rule - custom rule to add mail domain after usernames

You can use a file with a list of usernames:

$ cat usernames.txt
john
jack

$ python3 transform_username.py rules/impersonation.rule --username-list soxoj
jack
iack
john
iohn

And even use a pipe to use the output of other tools and itself, combining transformations:

$ python3 transform_username.py rules/printable-leetspeak.rule --username soxoj | python3 transform_username.py rules/impersonation.rule  -I
s0xOj
sOx0j
5OxOi
soxOj
sox0i
...

Addition of mail domain

You can use add_email.rule and easily edit it to add needed mail domains to check emails in tools such as mailcat, holehe, or GHunt.

$ python3 transform_username.py rules/printable-leetspeak.rule --username soxoj | python3 transform_username.py rules/add_email.rule --remove-known -I
soxoj@protonmail.com
sox0j@protonmail.com
s0x0j@protonmail.com
50x0j@protonmail.com
...

↑ Back to the start

Covered SOWEL techniques

↑ Back to the start

Other

↑ Back to the start