A definitive guide to generating usernames for OSINT/SOCMINT/Pentesting purposes.
- Start
- Combining Primary Info
- Primary Info Mining
- Username Transformations
- Covered SOWEL Techniques
- Other
Let's identify your goals.
If I understand correctly, you have some information about people, and you want to get a list of usernames (nicknames, just names), that may be used to search for those people.
Am I right? So, you're in the right place.
Below, you can find information on how to gather clues for a new search based on the data you already have, as well as how to automate the process and which tools to use.
If you only have some information as a first name, a last name, a birthday (and, maybe some extra info), you should take a look at the section “Combining primary info".
Do you need extra help to extend the number of likely usernames? For learning methods to get variants of first names and so on, check section “Primary info mining”.
If you have a username and want to guess similar usernames, jump to the “Username transformations” section.
Important! Clone this repository with git
or download it to use the Python scripts mentioned below.
Usernames/logins commonly consist of a combination of a first name, a last name, and, a little less often, a middle name (patronymic). Only the first letters can be left, and some characters can separate parts (_
, .
and so on).
Of course, there can be many such combinations, so automation tools are needed. A good example is a very useful interactive Google spreadsheet for email permutations from Rob Ousbey, from Distilled.net.
Here is an example of Email Permutator usage for rob ousbey
:
A very useful service NAMINT offers various links for combinations of first, last and middle name (nickname):
- search engines (including photo search with Yandex)
- possible login patterns
- most popular social platforms search and supposed profile links
- Gravatars for logins at common email providers (great feature 🔥)
Also, you can find it convenient to use Email Permutator from Metric Sparrow Toolkit or analyzeid permutator with batch processing support.
For fans of a console, there are some specialized tools:
-
Script python-email-permutator based on spreadsheet mentioned above.
-
Logins generator supporting flexible ways to combine first, last and middle names.
-
emailGuesser is a customizable permutator with the support of checks if an address is valid in Skype and in breach databases.
Looking ahead, I will tell you that from lists of names you can quickly make a list of emails.
If you have any other additional information, you can significantly expand the number of candidates for usernames. It can be a year of birth, city, country, profession, and... literally anything.
What can be used in this case?
- My own script based on ProtOSINT combination methods:
$ python3 generate_by_real_info.py
First name: john
Last name: smith
Year of birth: 1980
Username (optional):
Zip code (optional):
johnsmith1980
smith
johnsmith80
jsmith1980
smithjohn
...
- Great alias generator mode of OSRFramebork:
$ osrf alias_generator
Insert a name: john
Insert the first surname: smith
Insert the second surname:
Insert a year (e. g.: birthyear): 1980
Insert a city:
Insert a country:
Additional transformations to be added
--------------------------------------
Extra words to add (',' separated):
Input data:
-----------
Name: john
First Surname: smith
Year: 1980
Generated nicks:
[
"j.smith",
"j.smith.1980",
"j.smith.80",
"j_smith",
...
Up to 41 nicks generated.
Writing the results onto the file:
./output.txt
It can be very important to check all the variants of non-English usernames. For example, a person with the common name Aleksandr may have a passport with the name Alexandr
(letter x
) and a working login starting with alexsandr
(letters xs
) because of the different transliteration rules.
This is a source of variability for us, so let's use it.
- BabelStrike - a very powerful tool for normalization and generation of possible usernames out of a full names list. It supports romanization for Greek, Hindi, Spanish, French and Polish.
- BehindTheName - excellent site about names. There are common name variants, diminutives (very useful for personal logins), and other languages alternatives.
You can use a simple script from this repo to scrape such data:
$ python3 behind_the_names.py john diminutives
Johnie
Johnnie
Johnny
- WeRelate - Variant names project, a comprehensive database of name variants with the ability to search. Gives much more results than BehindTheNames, but there are also many irrelevant results. Also, see GitHub repo with project data.
When you sign up on the site it may turn out that your username is taken. Then you use a variant of a name - with characters replacement or additions.
Thus, making assumptions about the transformations and knowing the original name, you can check "neighbouring" accounts (for example, with maigret).
I propose for this my own simple tool that allows you to make transformations by rules.
$ python3 transform_username.py --username soxoj rules/printable-leetspeak.rule
soxoj
s0xoj
5ox0j
50xoj
...
Rules for transformation are located in the directory rules
and consist of the following:
printable-leetspeak.rule
- common leetspeak transformations such ase => 3
,a => 4
, etc.printable-leetspeak-two-ways.rule
- the same conversions from letters to numbers, but also vice versaimpersonation.rule
- common mutations used by scammers-impersonators such asl => I
,O => 0
, etc.additions.rule
- common additions to the username: underscores and numberstoggle-letter-case.rule
- changing case of letters, what is needed not so often, but maybe usefuladd_email.rule
- custom rule to add mail domain after usernames
You can use a file with a list of usernames:
$ cat usernames.txt
john
jack
$ python3 transform_username.py rules/impersonation.rule --username-list soxoj
jack
iack
john
iohn
And even use a pipe to use the output of other tools and itself, combining transformations:
$ python3 transform_username.py rules/printable-leetspeak.rule --username soxoj | python3 transform_username.py rules/impersonation.rule -I
s0xOj
sOx0j
5OxOi
soxOj
sox0i
...
You can use add_email.rule
and easily edit it to add needed mail domains to check emails in tools such as mailcat, holehe, or GHunt.
$ python3 transform_username.py rules/printable-leetspeak.rule --username soxoj | python3 transform_username.py rules/add_email.rule --remove-known -I
[email protected]
[email protected]
[email protected]
[email protected]
...