This project heavily relies on contributors, please see Contributing for more details.
go install github.com/ibnaleem/gosearch@latest
You don't have time searching every profile with a username. Instead, you can leverage concurrency and a binary that does the work for you, and then some.
I initially wrote this project to learn Go, an upcoming programming language used for backend services. I decided to create a Sherlock clone, addressing some of its faults, limitations, and adding more features. This eventually led to a community driven OSINT tool that was praised in the OSINT letter.
GoSearch isn't limited to searching websites; it can search 900k leaked credentials from HudsonRock's Cybercrime Intelligence API, over 3.2 billion leaked credentials from ProxyNova's Combination Of Many Breaches API, and 18 billion leaked credentials from BreachDirectory.org with an API key (see Use Cases)
Warning
If you are on 32-bit architecture, please use this branch or GoSearch will fail to build. For an in-depth overview of this issue, please see #72
Warning
If you're using Windows Defender, it might mistakenly flag GoSearch as malware. Rest assured, GoSearch is not malicious; you can review the full source code yourself to verify this. For an in-depth overview of this issue, please see #90
$ go install github.com/ibnaleem/gosearch@latest
$ gosearch [username]
C:\Users\Bob> gosearch.exe [username]
Ideally, it is best practice to run GoSearch with the --no-false-positives flag:
$ gosearch -u [USERNAME] --no-false-positives
This will display profiles GoSearch is confident exist on a website. GoSearch also allows you to search BreachDirectory for compromised passwords associated with a specific username. For this, you must obtain an API key and provide it with the -b flag:
$ gosearch -u [USERNAME] -b [API-KEY] --no-false-positives
If GoSearch finds password hashes, it will attempt to crack them using Weakpass. The success rate is nearly 100%, as Weakpass uses a large wordlist of common data-wells, which align with the breaches reported by BreachDirectory. Every single password hash that's been found in BreachDirectory has been cracked by Weakpass.
If you're not using BreachDirectory, GoSearch will search for breaches on HudsonRock's Cybercrime Intelligence & ProxyNova's Databases, respectively. It will also search common TLDs for any domains associated with a given username. This is done whether BreachDirectory is searched or not.
If you're uncertain about a person's username, you could try generating some by using urbanadventurer/username-anarchy. Note that username-anarchy can only run in Unix terminals (Mac/Linux)
$ git clone https://github.com/urbanadventurer/username-anarchy
$ cd username-anarchy
$ (username-anarchy) ./username-anarchy firstname lastname
GoSearch is inspired by Sherlock, a popular username search tool. However, GoSearch improves upon Sherlock by addressing several of its key limitations:
- Sherlock is Python-based, which makes it slower compared to Go.
- Sherlock is outdated and lacks updates.
- Sherlock sometimes reports false positives as valid results.
- Sherlock frequently misses actual usernames, leading to false negatives.
- Sherlock does not search HudsonRock's Cybercrime Intelligence database
- Sherlock does not search ProxyNova's database
- Sherlock does not search BreachDirectory's database
The primary issue with Sherlock is false negativesβwhen a username exists on a platform but is not detected. The secondary issue is false positives, where a username is incorrectly flagged as available. GoSearch tackles these problems by colour-coding uncertain results as yellow which indicates potential false positives. This allows users to easily filter out irrelevant links.
Please see CONTRIBUTING.md.
 ibnaleem |  shelepuginivan |  arealibusadrealiora |
 vickychhetri |  olekukonko |  CptIdea |
 anotherhadi |  paulpogoda | ![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4) dependabot[bot] |
This project is licensed under the GNU General Public License - see the LICENSE file for details.
bc1qjrtyq8m7urapu7cvmvrrs6m7qkh2jpn5wqezfl
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
