Listen to this Post
Introduction:
Open Source Intelligence (OSINT) transforms publicly available data into actionable threat intelligence. Tools like WhatsMyName automate username enumeration across hundreds of websites, enabling digital investigators to map a person’s online footprint within minutes. This article dissects the mechanics behind WhatsMyName, integrates email analysis, and provides hands-on tutorials for both offensive security professionals and defenders seeking to harden their own exposure.
Learning Objectives:
– Utilize WhatsMyName to discover username correlations across 500+ platforms via CLI and web interface.
– Perform email-to-username analysis using holehe and OSINTRack for comprehensive threat intelligence.
– Automate OSINT workflows with bash/PowerShell, apply cloud hardening techniques, and mitigate username enumeration attacks.
You Should Know:
1. Installing and Configuring WhatsMyName Locally
WhatsMyName aggregates known username patterns across social media, forums, and developer platforms. Running it locally ensures privacy and allows integration with other OSINT tools.
Step‑by‑step guide:
– Clone the repository: `git clone https://github.com/WebBreacher/WhatsMyName.git`
– Navigate into the directory: `cd WhatsMyName`
– Install Python dependencies: `pip install -r requirements.txt`
– Run the web interface: `python wmn.py` (Linux/macOS) or `python wmn.py` on Windows (ensure Python 3.7+ in PATH)
– Open browser to `http://127.0.0.1:5000` and enter a username (e.g., “johndoe”)
– Alternatively, use the command line: `python wmn_cli.py -u johndoe -o results.json`
What this does: It queries pre‑validated URLs from the `web_accounts_list.json` database, checking HTTP status codes and page content for the presence of the target username. Use it for CTF investigations, threat actor mapping, or auditing your own digital shadow.
2. Email Analysis for Digital Investigations
Email addresses often reveal usernames or link to multiple profiles. Combining email analysis with username discovery dramatically improves identification accuracy.
Step‑by‑step guide (Linux/Windows WSL):
– Install holehe: `pip install holehe`
– Run email enumeration: `holehe [email protected]` – this checks 120+ services (e.g., Adobe, GitHub, Twitter) for account existence.
– For deeper correlation, use OSINTRack’s email tool (all tools at https://osintrack.com): navigate to “Email Analysis”, input the email, and review associated usernames.
– Export usernames found via holehe (e.g., from Gravatar, ProtonMail) into a text file: `holehe [email protected] –only-used | grep ‘@’ | cut -d’@’ -f1 > usernames.txt`
– Feed that file into WhatsMyName: `while read user; do python wmn_cli.py -u $user; done < usernames.txt`
What this does: Email‑based reconnaissance reveals linked accounts that may not share the same raw username. Attackers use this for credential stuffing; defenders use it to discover unintended data leaks.
3. Automating OSINT with Bash and PowerShell Scripts
Manual queries are slow. Automate username enumeration across a list of targets.
Linux bash script (`mass_wmn.sh`):
!/bin/bash
INPUT_FILE="usernames.txt"
OUTPUT_DIR="wmn_results"
mkdir -p $OUTPUT_DIR
while IFS= read -r username; do
echo "Scanning: $username"
python wmn_cli.py -u "$username" -o "$OUTPUT_DIR/${username}.json"
sleep 2 Avoid rate‑limiting
done < "$INPUT_FILE"
Windows PowerShell script (`mass_wmn.ps1`):
$usernames = Get-Content "usernames.txt"
foreach ($user in $usernames) {
Write-Host "Scanning: $user"
python wmn_cli.py -u $user -o "results_$user.json"
Start-Sleep -Seconds 2
}
What this does: Loops through a list, saves JSON output, and respects polite delays. Integrate with cron/Task Scheduler for periodic monitoring of threat actor accounts.
4. Cloud Hardening for OSINT Operations
Running OSINT tools from your home IP exposes you to potential blocking or legal scrutiny. Use a cloud VPS with VPN/Tor to preserve anonymity.
Step‑by‑step guide:
– Provision a cheap VPS (e.g., DigitalOcean $5 droplet) with Ubuntu 22.04.
– SSH into the VPS: `ssh root@
– Install Tor and proxychains: `sudo apt update && sudo apt install tor proxychains4 -y`
– Edit `/etc/proxychains4.conf`: uncomment `dynamic_chain`, add `socks5 127.0.0.1 9050` at the end.
– Start Tor: `sudo systemctl start tor`
– Run WhatsMyName through Tor: `proxychains python wmn_cli.py -u targetuser`
– Alternatively, set up a WireGuard VPN on the VPS using `wg-quick` to route traffic through another exit node.
What this does: Obfuscates your origin IP, prevents rate‑limiting bans, and adds a layer of legal protection when performing authorized OSINT. For defenders, this same technique can be used to anonymously hunt for exposed credentials.
5. Mitigating OSINT Exposure for Defenders
Discovering your own usernames across 500+ sites is the first step to reducing your digital footprint.
Step‑by‑step guide:
– Generate a list of your own usernames and aliases. Use WhatsMyName in “reverse” mode: `python wmn_cli.py -u yourusername`
– For each positive match, visit the site and attempt account deletion or privacy settings modification.
– Automate monitoring with Google Alerts: `”yourusername”` – set to “as-it-happens”.
– Use a password manager to track where you have accounts; remove inactive ones via services like JustDeleteMe.
– For corporate defense, run `python wmn_cli.py -u company_employee_list.txt` to identify shadow IT accounts that violate policy.
What this does: Attackers use username aggregation for phishing pretexts and password spraying. Regular self‑scanning reduces attack surface. Enterprise threat hunters can detect rogue accounts set up by insiders or compromised employees.
6. API Security & Tool Configuration
Many platforms used by WhatsMyName have public APIs. You can extend the tool with API keys to bypass CAPTCHA or increase rate limits.
Step‑by‑step guide:
– Obtain API keys for services like GitHub, Reddit, or Twitter (X) developer portals.
– Store keys securely: On Linux `export GITHUB_TOKEN=”ghp_xxxx”`; on Windows `set GITHUB_TOKEN=ghp_xxxx` (use environment variables, never hardcode).
– Modify WhatsMyName’s `web_accounts_list.json` to include API endpoint authentication headers (requires JSON editing).
– For a ready‑made API‑enabled OSINT tool, use `sherlock` (`pip install sherlock-project`) which supports API authentication via `–api-key` flag.
– Example custom curl query for GitHub username check: `curl -H “Authorization: token $GITHUB_TOKEN” https://api.github.com/users/targetuser`
What this does: API calls return structured data (JSON) without parsing HTML, are faster, and less likely to be blocked. However, always respect `robots.txt` and rate limits – misuse can violate Terms of Service.
7. Vulnerability Exploitation via Username Harvesting (and Mitigation)
Attackers combine username enumeration with weak password policies. Understanding the attack helps you defend.
Step‑by‑step guide for ethical testing (on your own application):
– Identify a login page that reveals “user not found” vs “wrong password”.
– Use curl to enumerate usernames: `for user in $(cat usernames.txt); do curl -s -X POST https://target.com/login -d “username=$user&password=fake” | grep -q “Invalid username” || echo “$user exists”; done`
– With a list of valid usernames, launch a password spraying attack (low‑rate, common passwords like `Spring2026!`).
– Mitigation strategies:
– Implement generic error messages (“Invalid credentials”).
– Enforce rate limiting per IP and per username: `sudo iptables -A INPUT -p tcp –dport 443 -m hashlimit –hashlimit-upto 10/min –hashlimit-burst 5 –hashlimit-1ame login -j ACCEPT`
– Deploy MFA and monitor for unusual login attempts using tools like Fail2ban.
What this does: Demonstrates how a simple username discovery tool becomes the first step in a credential stuffing chain. Defenders must implement multi‑layered controls – not just strong passwords.
What Undercode Say:
– Key Takeaway 1: WhatsMyName and OSINTRack reduce cross‑platform identity investigation time from hours to seconds, but their power demands strict ethical boundaries.
– Key Takeaway 2: Combining email analysis, automation, and cloud anonymity transforms raw OSINT into a repeatable, scalable threat intelligence pipeline.
Analysis: The post by Mario Santella highlights a crucial reality – the line between open data and personal privacy is thinner than ever. While tools like WhatsMyName empower legitimate investigators (law enforcement, incident responders, background screeners), they equally arm malicious actors. The five hundred plus sites indexed include niche forums, old blog comments, and legacy platforms that users have long forgotten. Automated scripts can now reconstruct a person’s entire digital history, including dormant accounts that still contain leaked passwords. Defenders must adopt proactive “digital hygiene” – regular footprint scans, account deletion, and alias rotation. Moreover, platform owners should implement opaque identifiers instead of public usernames where possible. The cat‑and‑mouse game will continue, but knowledge of these tools shifts the advantage to those who understand both attack and defense.
Prediction:
-1 Increased privacy erosion will likely lead to stricter data protection laws (e.g., GDPR 17 expansions) that force platforms to delist username directories, but enforcement across 500+ jurisdictions remains nearly impossible.
+1 Proactive OSINT automation will become a standard component of corporate threat hunting and red teaming, driving demand for ethical OSINT certifications and integrated security dashboards that combine username discovery with dark web monitoring.
▶️ Related Video (82% Match):
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
[Join Undercode Academy for Verified Certifications](https://undercode.co.uk/certifications/)
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[[email protected]](mailto:[email protected])
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: [Mariosantella Osint](https://www.linkedin.com/posts/mariosantella_osint-namint-peoplesearch-share-7468920132560613376–leE/) – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
[💬 Whatsapp](https://undercode.help/whatsapp) | [💬 Telegram](https://t.me/UndercodeCommunity)
📢 Follow UndercodeTesting & Stay Tuned:
[𝕏 formerly Twitter 🐦](https://x.com/undercodeupdate) | [@ Threads](https://www.threads.net/@undercodetesting) | [🔗 Linkedin](https://www.linkedin.com/company/undercodetesting/) | [🦋BlueSky](https://bsky.app/profile/undercode.bsky.social)
