https://github.com/kaifcodec/user-scanner
π΅οΈββοΈ (2-in-1) Email & Username OSINT suite. Analyzes 195+ scan vectors (95+ email / 100+ username) for security research, investigations, and digital footprinting.
https://github.com/kaifcodec/user-scanner
cybersecurity cybersecurity-tools email-osint enumeration osint osint-email osint-tool osint-tools osint-username python threat-intelligence username-osint
Last synced: about 22 hours ago
JSON representation
π΅οΈββοΈ (2-in-1) Email & Username OSINT suite. Analyzes 195+ scan vectors (95+ email / 100+ username) for security research, investigations, and digital footprinting.
- Host: GitHub
- URL: https://github.com/kaifcodec/user-scanner
- Owner: kaifcodec
- License: mit
- Created: 2025-10-19T04:21:48.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2026-04-23T05:36:42.000Z (7 days ago)
- Last Synced: 2026-04-23T07:23:25.905Z (7 days ago)
- Topics: cybersecurity, cybersecurity-tools, email-osint, enumeration, osint, osint-email, osint-tool, osint-tools, osint-username, python, threat-intelligence, username-osint
- Language: Python
- Homepage:
- Size: 949 KB
- Stars: 1,464
- Watchers: 16
- Forks: 150
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- Awesome-OSINT-For-Everything - user-scanner - Check a username's presence across popular dev/social/creator sites and games (USERNAME)
README
# User Scanner
---
A powerful **2-in-1 OSINT suite** combining deep **Email OSINT** with comprehensive **Username Scanning**.
With **195+ total scan vectors**βincluding **95+ email-integrated sites** and **100+ username platforms**βyou can identify digital footprints or verify account registrations in seconds.
The ultimate tool for finding a **unique username** across GitHub, X, Reddit, Instagram, and more in a single command.
## Features
- β
Email & username OSINT: check email registrations and username availability across social, developer, creator, and other platforms
- β
Dual-mode usage: works as an email scanner, username scanner, or username-only tool
- β
Clear results: `Registered` / `Not Registered` for emails and `Not Found` / `Found` / `Error` for usernames with precise failure reasons
- β
Fully modular architecture for easy addition of new platform modules
- β
Bulk scanning support for usernames and emails via input files
- β
Wildcard-based username permutations with automatic variation generation
- β
Multiple output formats: console, **JSON**, and **CSV**, with file export support
- β
Proxy support with rotation and pre-scan proxy validation
- β
Smart auto-update system with interactive upgrade prompts via PyPI
## Virtual Environment (optional but recommended)
```bash
# create venv
python -m venv .venv
````
## Activate venv
```bash
# Linux / macOS
source .venv/bin/activate
# Windows (PowerShell)
.venv\Scripts\Activate.ps1
```
## Installation
```bash
# upgrade pip
python -m pip install --upgrade pip
# install
pip install user-scanner
```
---
### Important Flags
See [Important flags](docs/FLAGS.md) here and use the tool powerfully
## Usage
### Basic username/email scan
Scan a single email or username across **all** available modules/platforms:
```bash
user-scanner -e johndoe@gmail.com # single email scanning
user-scanner -u johndoe # single username scanning
```
### Verbose mode
Use `-v` flag to show the url of the sites being checked
```bash
user-scanner -v -e johndoe@gmail.com -c dev
```
Output:
```sh
...
[β] Huggingface [https://huggingface.co] (johndoe@gmail.com): Registered
[β] Envato [https://account.envato.com] (johndoe@gmail.com): Registered
[β] Replit [https://replit.com] (johndoe@gmail.com): Registered
[β] Xda [https://xda-developers.com] (johndoe@gmail.com): Registered
...
```
### Selective scanning
Scan only specific categories or single modules:
```bash
user-scanner -u johndoe -c dev # developer platforms only
user-scanner -e johndoe@gmail.com -m github # only GitHub
```
### Bulk email/username scanning
Scan multiple emails/usernames from a file (one email/username per line):
- Can also be combined with categories or modules using `-c` , `-m` and other flags
```bash
user-scanner -ef emails.txt # bulk email scan
user-scanner -uf usernames.txt # bulk username scan
```
### Pattern generation
See [Pattern Syntax](docs/PATTERNS.md) for more details
---
### Library mode for email_scan
Only available for `user-scanner>=1.2.0`
See full usage (eg. category checks, full scan) guide [library usage](docs/USAGE.md)
- Email scan example (single module):
```python
import asyncio
from user_scanner.core import engine
from user_scanner.email_scan.learning import vedantu
async def main():
# Engine detects 'email_scan' path -> returns "Registered" status
result = await engine.check(vedantu, "test@gmail.com")
json_data = result.to_json() # returns JSON output
csv_data = result.to_csv() # returns CSV output
print(json_data) # prints the json data
asyncio.run(main())
```
Output:
```json
{
"email": "test@gmail.com",
"category": "Learning",
"site_name": "Vedantu",
"status": "Registered",
"url": "https://www.vedantu.com",
"extra": "Phone: +9121****83",
"reason": ""
}
```
---
### Using Proxies
Validate proxies before scanning (tests each proxy against google.com):
```bash
user-scanner -u johndoe -P proxies.txt --validate-proxies # recommended
```
This will:
1. Filter out non-working proxies
2. Save working proxies to `validated_proxies.txt`
3. Use only validated proxies for scanning
### Screenshots:
**Note**: Screenshots might be outdated
---
---
---
- Use the `--hudson` flag to check if a **username** or **email** has been exposed in **infostealer malware logs**.
```bash
user-scanner -e johndoe@gmail.com --hudson # for email check
user-scanner -u johndoe --hudson # for username check
```
---
## β€οΈ Support the project
If this project helps you, consider supporting its development:
**BTC (SegWit):** `bc1q0dzkuav8lq9lwu7gc457vwlda4utfcr5hpv7ka`
---
## Contributing
See detailed [Contributing guidelines](CONTRIBUTING.md)
---
## β οΈ Disclaimer
This tool is provided for **educational purposes** and **authorized security research** only.
- **User Responsibility:** Users are solely responsible for ensuring their usage complies with all applicable laws and the Terms of Service (ToS) of any third-party providers.
- **Methodology:** The tool interacts only with **publicly accessible, unauthenticated web endpoints**. It does not bypass authentication, security controls, or access private user data.
- **No Profiling:** This software performs only basic **yes/no availability checks**. It does not collect, store, aggregate, or analyze user data, behavior, or identities.
- **Limitation of Liability:** The software is provided **βas isβ**, without warranty of any kind. The developers assume no liability for misuse or any resulting damage or legal consequences.
---
## π οΈ Troubleshooting
Some sites may return **403 Forbidden** or **connection timeout** errors, especially if they are blocked in your region (this is common with some adult sites).
- If a site is blocked in your region, use a VPN and select a region where you know the site is accessible.
- Then run the tool again.
These issues are caused by regional or network restrictions, not by the tool itself. If it still fails, report the error by opening an issue.