Open Source Intelligence: How to find anyone's username

Before you can find information about a target person, you must find his or her user name. Usually, it is a combination of first name plus last name, or a domain name derived from an email, a website that the person uses or owns. Start with the data you have and work backwards to find the data you need. Obviously, the easiest way to do this is to use Google to search for any relevant data you currently know and try to find any pages that contain that username. In addition, you can use special sites that do reverse username searches, such as socialcatfish.com, usersearch.org or peekyou.com.

Google Dorks

The same Google Dorks that I showed for the real name search will be useful when searching for a username. In addition, URL search might give you good results as usually URLs contain usernames.

· inurl: johndoe site:instagram.com—search for URLs on Instagram that contain “johndoe” in them.

· allinurl: john doe ny site:instagram.com — find pages with “john”, “doe”, and “ny” words in the Instagram URL. Similar to inurl but supports multiple words.

Username search

There are a lot of websites with a username search, I find these to be one of the best: instantusername.com and namechk.com. Usually, one service finds accounts that other one doesn’t so it’s better to use both websites.

Apart from online services you can use WhatsMyName — a Github project, included in more advanced tools: Spiderfoot and Recon-ng. However, you can use it as a standalone checker running the Python script.

While searching, you might get false positives as someone else can use the same username, be prepared for that.

Note: Running WhatsMyName, as well as any locally installed tool, could be an issue when you have certain websites blocked by the ISP. In that case, going through proxy or VPN will solve the issue. Moreover, to avoid exposure you should use anonymizers anyway.