Unmask Any Digital Identity: The Ultimate OSINT Username Investigation Toolkit (Sherlock + Blackbird + WhatsMyName) + Video

Listen to this Post

Featured Image

Introduction:

Open Source Intelligence (OSINT) has become a critical discipline for cybersecurity professionals, threat hunters, and forensic investigators seeking to map an individual’s digital footprint across hundreds of platforms. The OSINTCabal Username Kit combines powerful tools like Sherlock, Blackbird, WhatsMyName, and SOCMINT dorking techniques to automate username enumeration, email lookup, and phone number reconnaissance—transforming hours of manual searching into minutes of targeted intelligence gathering.

Learning Objectives:

  • Master automated username enumeration across 300+ social media and web platforms using Sherlock and Blackbird
  • Integrate multiple OSINT tools with SOCMINT dorking to correlate digital identities from emails, usernames, and phone numbers
  • Deploy all-in-one solutions like Usersearch.ai ONESCAN to aggregate OSINT Industries, Epieos, and other engines for comprehensive footprint analysis

You Should Know:

  1. Setting Up the OSINTCabal Username Kit – Installation on Linux & Windows

The core tools (Sherlock, Blackbird, WhatsMyName) are Python-based and require Git and Python 3.8+. This step‑by‑step guide walks you through a complete environment setup.

Linux (Debian/Ubuntu):

sudo apt update && sudo apt install git python3 python3-pip -y
git clone https://github.com/sherlock-project/sherlock.git
cd sherlock && pip3 install -r requirements.txt
 Blackbird
git clone https://github.com/p1ngul1n0/blackbird.git
cd blackbird && pip3 install -r requirements.txt
 WhatsMyName
git clone https://github.com/WebBreacher/WhatsMyName.git
cd WhatsMyName && pip3 install -r requirements.txt

Windows (using WSL or native Python):

  • Install Python from python.org (add to PATH)
  • Open PowerShell as Administrator:
    git clone https://github.com/sherlock-project/sherlock.git
    cd sherlock
    pip install -r requirements.txt
    

    For WSL2: Follow Linux commands directly inside Ubuntu terminal.

Verification: Run `python sherlock.py –help` to confirm installation. Each tool creates a `results.txt` or CSV output by default.

  1. Deploying Sherlock for Mass Username Scanning – Command & Output Interpretation

Sherlock queries over 300 websites in parallel to check if a username exists. Use it for red-team reconnaissance, account takeover assessments, or missing person investigations.

Basic scan:

python sherlock.py johndoe

Save results to JSON:

python sherlock.py johndoe --output johndoe_results.json

Add Tor proxy for anonymity:

python sherlock.py johndoe --tor --timeout 5

Scan multiple usernames from a file:

python sherlock.py --list usernames.txt

Interpreting output:

Green = claimed account, Red = unavailable/error, Yellow = rate-limited. Focus on green entries—each provides a URL to the profile. Combine with `–print-found` to see only positive hits.

Rate limiting workaround: Use `–timeout 15` to slow down requests, or integrate with `pysocks` for rotating exit nodes.

  1. Enhancing Discovery with Blackbird and WhatsMyName – Parallel Usage Strategy

While Sherlock focuses on username existence, Blackbird adds email and phone number lookup, and WhatsMyName updates its platform list weekly. Run them sequentially to cross-validate findings.

Blackbird – email/phone to username:

cd blackbird
python3 blackbird.py -e [email protected]
python3 blackbird.py -p +1234567890

Output includes associated usernames from breached databases and social media.

WhatsMyName – web interface & bulk check:

cd WhatsMyName
python3 web_accounts_list_checker.py -u username

The tool uses an up-to-date JSON file (wmn-data.json). Update it weekly:

python3 update_web_accounts_list.py

Combination script (Linux/bash):

USER="targetuser"
python sherlock.py $USER --output sherlock_$USER.txt
python3 web_accounts_list_checker.py -u $USER >> wmn_$USER.txt
grep -i "found" sherlock_$USER.txt wmn_$USER.txt | cut -d: -f2 > all_hits.txt
  1. Advanced SOCMINT Dorking Techniques – Google Dorks for Usernames, Emails, Phone Numbers

SOCMINT (Social Media Intelligence) dorking uses Google search operators to uncover hidden profiles and leaked information that automated tools might miss. Combine dorks with usernames for deep reconnaissance.

Username dorks:

intitle:"username" "targetuser" site:twitter.com
inurl:user targetuser site:reddit.com
"targetuser" filetype:pdf (for leaked documents)

Email dorks:

"[email protected]" -site:linkedin.com
"[email protected]" intext:"password" filetype:log

Phone number dorks:

"+1234567890" site:facebook.com
"123-456-7890" intitle:"contact"

Automation tip: Use `googlesearch-python` library:

from googlesearch import search
for url in search('"johndoe" site:github.com', num_results=20):
print(url)

Caution: Google may block automated queries; use `time.sleep(5)` between requests.

  1. All-in-One Solution: Usersearch.ai ONESCAN – Aggregating OSINT Industries & Epieos

For the most comprehensive search, Usersearch.ai ONESCAN combines multiple OSINT engines (OSINT Industries, Epieos, WhatsMyName, Sherlock) into a single API/web interface. It accepts username, email, or phone number and returns cross-correlated profiles.

How to use:

  • Visit https://usersearch.ai (free tier limited, paid for bulk)
  • Enter target identifier – the system queries Epieos for email breach data, OSINT Industries for social media APIs, and Sherlock-like checks.
  • Review unified dashboard showing platform icons, profile URLs, and risk scores.

Command-line alternative (using `curl` with API key):

curl -X POST https://api.usersearch.ai/v1/search \
-H "Authorization: Bearer YOUR_API_KEY" \
-d '{"query":"targetuser","type":"username"}'

Limitations: Free tier caps at 10 searches/day. For offline use, stick with the OSINTCabal kit. However, ONESCAN excels at correlating disparate results (e.g., same email across a forum and a GitHub commit).

  1. Operational Security and Ethical Guidelines – Legal Use & Avoiding Detection

OSINT tools are powerful but must be used ethically. Unauthorized reconnaissance against systems or individuals may violate laws (CFAA in the US, GDPR in Europe, Computer Misuse Act in the UK). Always obtain written permission for penetration testing or limit use to public data.

To avoid rate‑limit blocks and IP bans:

Linux – rotate User‑Agent and proxy:

pip3 install fake-useragent
 In Sherlock: modify sherlock/sherlock.py to use random User-Agent

Windows – use VPN or TOR via PowerShell:

 Start TOR service (install via https://torproject.org)
Start-Process -FilePath "C:\tor\Tor\tor.exe" -WindowStyle Hidden
 Then run Sherlock with --proxy socks5://127.0.0.1:9050

Best practice: Never use OSINT tools on real targets without permission. Use your own test accounts (e.g., create dummy social media profiles) to practice.

  1. Automating OSINT Workflows with Bash/PowerShell – Full Pipeline Example

Create a production-ready script that takes a username, runs all three tools, performs dorking, and consolidates results.

Linux Bash script (`osint_kit.sh`):

!/bin/bash
USER=$1
OUTPUT_DIR="osint_$USER"
mkdir -p $OUTPUT_DIR
echo "[] Scanning $USER with Sherlock"
python3 sherlock/sherlock.py $USER --output $OUTPUT_DIR/sherlock.json
echo "[] Running Blackbird"
python3 blackbird/blackbird.py -u $USER > $OUTPUT_DIR/blackbird.txt
echo "[] WhatsMyName check"
python3 WhatsMyName/web_accounts_list_checker.py -u $USER > $OUTPUT_DIR/wmn.txt
echo "[] Google dorking (limited results)"
python3 -c "from googlesearch import search; [print(url) for url in search('\"$USER\" site:linkedin.com', num_results=5)]" > $OUTPUT_DIR/dorks.txt
echo "[] Results saved in $OUTPUT_DIR"

Windows PowerShell equivalent (`osint_kit.ps1`):

param($Username)
$OutputDir = "osint_$Username"
New-Item -ItemType Directory -Path $OutputDir -Force
Write-Host "[] Running Sherlock"
python sherlock/sherlock.py $Username --output "$OutputDir\sherlock.json"
Write-Host "[] Running Blackbird"
python blackbird/blackbird.py -u $Username > "$OutputDir\blackbird.txt"
Write-Host "[] Complete. Check $OutputDir"

Run with `bash osint_kit.sh targetuser` or `.\osint_kit.ps1 targetuser`.

What Undercode Say:

  • Efficiency leap: Combining Sherlock’s breadth, Blackbird’s email/phone coverage, and WhatsMyName’s fresh platform list covers 95% of public username registrations. No single tool is sufficient; layering is key.
  • Dorking as a force multiplier: Google dorks uncover profiles that APIs miss—especially forum posts, PDF metadata, and pastebin leaks. However, rate limiting and CAPTCHAs demand automation with caution.
  • Legal boundary awareness: OSINT is only as ethical as its application. Always operate on your own assets or with explicit consent. The same techniques used for threat hunting can violate privacy laws if misapplied.
  • The OSINTCabal Username Kit democratizes intelligence gathering but also raises the bar for digital hygiene—users must assume their usernames are cross‑correlatable. For defenders, regularly audit your own digital footprint using these tools. Future iterations will likely integrate LLMs to predict username variants and analyze sentiment from profile descriptions, making OSINT even more powerful and intrusive.

Prediction:

Within two years, AI-driven OSINT platforms will automatically correlate usernames, emails, and phone numbers using graph neural networks, uncovering shadow profiles with 90% accuracy. Simultaneously, privacy regulations like GDPR’s “right to be forgotten” will clash with the permanence of data harvested by tools like Sherlock. Cybersecurity teams will shift from reactive breach detection to proactive identity mapping—treating every public username as a potential attack surface. The arms race between OSINT tool developers and anti‑scraping defenses (e.g., Cloudflare Turnstile, login walls) will intensify, forcing hybrid approaches that combine automated scanning with manual, browser‑based reconnaissance. Professionals who master both OSINT kits and legal compliance will become indispensable in threat intelligence and fraud investigation roles.

▶️ Related Video (78% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Logan Woodward – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky