Wen this specific article I am going to explain to you just how to create your very own custom OSINT username search tool employing a python script that We call SULTAN.
Usernames are one of many major points of exploitation for almost any cyber research. Many internet sites use usernames in order to recognize specific records and users frequently maintain the exact exact same, or comparable, usernames across lots of the internet sites and apps for which they hold records. This makes it quite simple to connect users across platforms. It comes down as not surprising then that lots of OSINT internet sites provide techniques to do username queries across numerous platforms. Nevertheless, an issue that is major developing such a website is that it really is impractical to collect a summary of all presently active platforms. Furthermore, a few of the internet sites might alter their URL framework or exactly how they show pages. This may frequently вЂњbreakвЂќ the search that is username and often calls for users to attend regarding the programmer to correct the broken questions.
Users may also like to run a customized listing of web sites which do not now have username search tools to guide them or just would you like to run a few niche websites for an even more search that is targeted. Many of these reasons are why we attempt to build SULTAN (Sin’s Username Lookup Tool advertisement Nauseam), a simple (bare-bones) Python script to run username queries for a list that is expandable of curated because of the individual or via crowdsourcing. SULTAN is made to supply the end-user the capacity to produce their very own custom username search device using only the platforms they desire, without the need to wait in the owner of a website or platform in order to make updates.
Establishing up the Spreadsheet
To prepare our internet sites when it comes to Python script we have to make a note of four variables that are major each site we desire to check always against. For every single internet site you intend to search usernames on take note along the after right into a spreadsheet comparable to usually the one above (or utilize the spreadsheet we supplied within my Github below):
UrlA: This is the part that is first of Address and certainly will add every thing up to, although not including, the username. Be aware not to ever forget your slashes or any symbols that are leading.
UrlB: here is the part that is second of Address and certainly will consist of everything after, yet not including, the username. Numerous web sites should be blank in this section. Tumblr is among the platforms which use a structure when the username comes prior to the other countries in the Address in place of following it.
Error: here is the little bit of text that appears on a site whenever you navigate up to a profile (username) that will not occur. Some commonly use вЂњ404вЂќ, other people redirect to your page that is main some have actually their own, often witty, text. Here is the variable you may against be checking whenever operating the Python script. Usually do not depend on just exactly what seems when you look at the browser for the text. We personally use a small demands script to come back the HTML so I can sort through it and then make yes the error text will there be and you will be just like if I prefer demands in SULTAN.
Understood performing: that’s where you are going to keep an eye on a known working username to help you run validation evaluation later on. If you look for this username and SULTAN struggles to get the account listed here regarding the platform it is important to return back to check out other unique mistake text and attempt once more or see if there are various other difficulties with why the script is certainly not picking right up the understood working account. Some internet web web sites will likely not work because they load the mistake text dynamically, plus some usage numerous versions of mistake text for various circumstances which makes it impractical to choose only 1.
Inspecting the Python Code
I’m not gonna get too much to the weeds right right here nevertheless We feel its essential to describe the coding logic which was utilized for the tool for people who want to understand a little more behind just just how it really works but do not have a back ground in development.
The thing that is first have to do import the required modules for the code to work (needs and xlrd). You may want to set up demands and xlrd before running SULTAN when it comes to very first time if you may not regularly make use of Python on your own device. Next, we shall prompt the consumer for his or her username and conserve that input as being an adjustable. Utilizing xlrd we shall see the columns of y our succeed file then designate the variables we put up into the spreadsheet above to arrays we could pull from later on. Each one of these parts goes in their very very very own array so make certain all arrays have a similar quantity of products (cells within the columns) you will have errors later on in them otherwise.
Next, we’re going to set up a cycle to make the username and place it in between your two areas of the Address arrays (URLA and URLB). This (URLA + username URLB that is + will undoubtedly be our adjustable to pass through to demands as our Address in order to connect to. When it links to your site it will receive the HTML and parse it trying to find the mistake text which should be current whenever a profile will not occur. Then the account should not exist and it moves on to the next URL if the error text is found. Otherwise, in the event that HTML is missing the mistake text, the account should occur and it’ll print the entire URL out to your individual before you go to your platform that is next.
SULTAN stays work in progress and it is not even close to perfect; as some web web sites do choose to put it on its mind every once in awhile. That said the logic and rule supplied should really be plenty of to help you get ready to go on a number of the sites that are major. You’ll install the rule and my test Excel file (which from the field queries
100 platforms) to get going over on my Github web web page. If you’d like to add any sites or provide any recommendations, please go ahead and get in touch with me personally on Twitter.
The awesome GIDF utilized in this essay is named Space Invaders and is made by Levi Doherty.
Sin is a cyber intelligence analyst that focuses on OSINT-led cyber investigations.