nop_slide 3 years ago

You should also mention you are using Sherlock as the underlying backend which does that actual searching as you did in this post.

https://old.reddit.com/r/Python/comments/z1ts1n/i_built_an_a...

S̵h̵e̵r̵l̵o̵c̵k̵ ̵u̵s̵e̵s̵ ̵M̵I̵T̵ ̵l̵i̵c̵e̵n̵s̵e̵ ̵a̵n̵d̵ ̵y̵o̵u̵ ̵s̵t̵i̵l̵l̵ ̵h̵a̵v̵e̵n̵'̵t̵ ̵a̵d̵d̵e̵d̵ ̵M̵I̵T̵ ̵l̵i̵c̵e̵n̵s̵e̵ ̵t̵o̵ ̵y̵o̵u̵r̵ ̵r̵e̵p̵o̵.̵

https://github.com/sherlock-project/sherlock

https://github.com/bnkc/handlefinder

With that said, I like the look of the UI you put on top, great work!

Edit: As others have pointed out, the author doesn't need to make their creation MIT as well. I misunderstood the license agreement. They just have to include the notice of the dependencies somewhere. TIL.

  • echelon 3 years ago

    The MIT license isn't infectious! You might have just told the author to give up their rights.

    They're well within their rights to release their software as MIT or whatever, but they should make that decision on their own or as reflection upon the proper arguments from the community.

  • mtmail 3 years ago

    OP did right after posting: https://news.ycombinator.com/item?id=33722495 Almost the same text as on reddit.

    Second sentence in the README file on github is "This app is a wrapper around The Sherlock Project" (last edited 5h before posting) and second sentence in the UI is "This project is a wrapper around the Sherlock Project."

  • Kiro 3 years ago

    They don't need to add the MIT license. They only need to include the notice somewhere.

    • nop_slide 3 years ago

      Yep, my misunderstanding.

  • Ostatnigrosh 3 years ago

    Hey! Just added the MIT license.

    • bradknowles 3 years ago

      So, you should cache hits. If someone asks the same question again five minutes later, then you shouldn't need to look them up again.

      Also, it would be nice to show misses -- where the account name hasn't been used.

      I have found a few other people out there with the same name, and it would be nice to know what systems I can go to and grab the name I want to use.

    • nop_slide 3 years ago

      Apologies if I misread the license attribution, didn't want to take away from the work you did but also wanted to make sure credit was given.

      Cheers

  • ilyt 3 years ago

    It really is amazing how many people advertise or shun license without even knowing what it does...

Ostatnigrosh 3 years ago

I found myself scrolling through Github’s “trending” repos, looking for some coding inspiration. Within the next hour, I stumbled across something called The Sherlock Project. Interesting, It had over 35k stars, must be pretty popular.

I quickly cloned the repo and started toying around with it. It didn’t take me long to realize the power of this tool. All I had to do was insert a username, and voila! I was looking at every social media website that was associated with the username. Not only that but direct links to the accounts.

I immediately wanted to turn this into a web app so that everyone could use it. My first challenge was that this was a CLI tool, so I got to work. The Sherlock project makes about 400 requests to various site s to check if your username exists. This was going to be tough... I noticed they were using requests.FutureSession to multithread the result.

I decided to use a multithreaded Web-socket to continuously report out data to the frontend. After ALOT of trial and error I finally got something working. The Issue now though was that it wouldn't run in production due to a multiprocessing error: Daemonic processes are not allowed to have children.

Eventually I learned that you cant use the standard multiprocessing library for this kind of thing, you had to use billiard. Bam! It worked. I quickly hacked together a simple frontend, configured the web socket, and results were pouring in.

Turns out, the web-socket is considered a "long running request" as it makes 400 external requests. Maybe I could use celery to offload this process to a worker and queue it up. I started working on it and realized this was a little out of my skill range.

I then decided to take a look at the logs where I hosted the code and what do i find? CPU, Memory, and bandwidth all reaching a staggering 100% usage. I was using the free tier of Render that only allowed for one instance of my app...duh. I did some rework of my codebase and it started running a little faster.

Needless to say, I learned to take it slow, build tests for my code, and be patient with results.

What do you guys think? Any hard lessons learned in coding? What were your takeaways?

Here is also a link to the repo: https://github.com/bnkc/handlefinder

  • rkagerer 3 years ago

    You need a privacy policy (or at least a one-liner statement) that gives potential users some assurance you aren't harvesting their username / IP / etc or the results for some other purpose or piping it to advertisers.

    • A4ET8a8uTh0 3 years ago

      Yep. The wrap around the tool is neat and looks well done based on what I could see, but I hesitated based just that consideration.

      edit: I thought I should make my feedback less generic. In this case, by neat I mean: no fluff, no useless stuff on the landing page, straight to the point. I appreciate that.

    • Aeolun 3 years ago

      If they were going to harvest those usernames by posting it on hackernews, wouldn't it be easier to just scrape hackernews for usernames in the first place?

    • Ostatnigrosh 3 years ago

      Havent really thought of that. Ill take a look

  • mattl 3 years ago

    I think it would be useful to show the networks that the username cannot be found on.

    • Ostatnigrosh 3 years ago

      Thats a good thought. I was considering it but was worried about "cluttering" the site

      • TheTaytay 3 years ago

        I echo this request. It was my expectation actually!

        I searched for my username and was shocked it was used on literally every website you checked. Then I tried a less common variant and was similarly shocked, until I realized that you were showing me fewer websites the second time around. Only then did I realize you only showed me sites where it was already claimed…

      • bombcar 3 years ago

        Could be useful for people who like to “claim” their common handle.

        • veb 3 years ago

          what I find annoying is that (other than HN) most places won't let you claim your username if the person has signed up, yet never posted over years (or even logged in) and places where an account was deleted.

          when I signed up to HN, I had a different username. I reached out to admins and they looked at the other account that had been created but they let me have it because the person hadn't logged in since. Oh! I think GitHub did as well. (shit, I wonder if I have mixed up GitHub and HN... I'm pretty sure they're the two that did actually let me have my handle... :x)

          • mattl 3 years ago

            That sounds like a bad idea.

            Why would it be a good idea to recycle usernames like that?

            • williamscales 3 years ago

              Because some people sign up for a site early and then never use it. I can't get my desired handle on a particular social network because some dude registered 15 years ago, posted one item, and then never used it again.

              I mean, obviously I'll live but it's a silly situation.

            • xwdv 3 years ago

              Because overtime we can wear down the idea that a public facing username is some kind of unique identifier.

              • chillfox 3 years ago

                I really like how Discord handles it. Username + 4 digit number = unique handle, but if nobody else has the same username in a server then you can just use the username to refer to them

              • mattl 3 years ago

                Do you have any alternative solution in mind? ICQ numbers?

                • xwdv 3 years ago

                  Content

            • bombcar 3 years ago

              Same reason we recycle domains.

          • selcuka 3 years ago

            > I think GitHub did as well.

            I can confirm that GitHub definitely does that.

  • walderf 3 years ago

    this reply is really only quasi-related to your first sentence.

    since you mentioned the "trending" repositories on github, i wanted to give the https://github.com/nschloe/github-trends project a shout out.

    it's not the same thing at all but also kind of the same thing, although it's actually, at the same time, kinda also not. alright, i'll get real. the most important thing regarding the linked project is the fact that it's got graphs. with lines. in various colors. lines that generally rise upwards, towards the right-hand side of your screen(s). lines that, more often than not, have slopes which vary in intensity and length. lines that are part of, if i may take this chance to kindly reiterate, graphs.

    everybody loves graphs, right? i know i do. almost as much as i love search results linking to 37 minute youtube how-to videos for reminders/instructions on how to fix a 37 second problem with absolutely zero transcript in the video description's text area.

    anyways. here's a great example of a proper how-to video. https://www.youtube.com/watch?v=py3QKC_OTvI

    if you're having a bad day, ignore everything i've said, and just watch the 1st 6 seconds of the above how-to video. :)

s1mon 3 years ago

Some people are liking the UI here, but it wasn't clear to me at first that a [+] meant the username was used on that site. In my mind, it could just as easily mean that it's available on that site (that could be a positive result if you're looking for places to sign up with a name). This should be made more clear.

It would be interesting if you could toggle on the not-found list as part of the results. If you get a big positive list, but you'd like to find the sites where the username is not in use yet, there's no quick way to get that info. (Yes you could scrape both lists and use some simple command line scripts to get those results, but it's such a simple thing to add to this tool)

  • dtgriscom 3 years ago

    I read the "[ + ]" bullet symbols as indicating a topic that could be expanded.

avgDev 3 years ago

Great tool I used it to find all social accounts of my ex. Anyway, got to go as I am outside her house and don't want to miss her leaving for work.

/s if it wasn't obvious.

Cool tool.

  • culi 3 years ago

    good reminder for why you shouldn't use the same username everywhere unless you intend to have an online presence

    Personally I have a specific scheme I follow w my more private usernames. Basically the same username but depending on the website it has a predictable alteration to it so I get different usernames for different sites but don't have to remember them all

    Then I have a different username (well, a couple) I use for sites where I don't mind having a public presence that can be tied back together

jfk13 3 years ago

A bunch of the occurrences it "finds" appear to be false positives, as far as I can tell.

  • aitchnyu 3 years ago

    Wonder if some sites are seeding false positives to get your visit. Like ads saying "buy sarin gas attack in japan at the lowest price!".

  • MichaelZuo 3 years ago

    Yes, even for HN it returns false positives.

    • lamontcg 3 years ago

      Yeah I tried "dvmnasrtjkhqofjsenvign" and got false positives on Dribbble, Enjin, HackerNews, Instagram, Quizlet, Smule, and livelib.

      Also got the same false positives with a couple aliases of mine that seem to be actually unique so far. I was a bit annoyed someone had already stole them on HN for a second.

xeromal 3 years ago

Be warned people. You might find accounts you don't remember making. lmao

A trip down memory lane.

  • JacobThreeThree 3 years ago

    The only username you should use more than once is your real name.

    • timeon 3 years ago

      You shouldn't use your real name on the internet.

      • someweirdperson 3 years ago

        For most people it doesn't matter much because there is many dupes.

        Mine seems to be unique, which is a little scary.

        • chillfox 3 years ago

          There’s a few other people out there who use the same username as me, so I have had to come up with several other usernames.

      • bombcar 3 years ago

        Or use someone else’s real name. Like Abraham Lincoln’s.

        • Genghis_Khan 3 years ago

          Negative. Only use your real name.

    • xeromal 3 years ago

      I was 12-18 years old so I wasn't really thinking that way.

    • Jerrrry 3 years ago

      um, many people enjoy having a persistent online alter-ego, and some annoying people like to claim others when a service launches, just to be a dick.

dtgriscom 3 years ago

I tried this with my usual username (which is unusual; not many Griscoms out there), and found some false positives.

The following sites gave me errors with my username, and if I changed the username to something unlikely I got the same error. I take this to mean that there's no evidence that username exists on that system. (And, I'm dubious that I'd have signed up at these sites.) * quizlet.com * www.enjin.com * apps.runescape.com * smule.com * livelib.ru

And, fiverr.com's URL for my username just bounces to the homepage, as did any username. (Again, I wouldn't have signed up there.)

Other than that, very cool.

mcqueenjordan 3 years ago

I don't want to rain on anyone's parade, but I'll just add my unsolicited opinion...

Functionality like this, and more acutely, any kind of cross-service, cross-account stylometrics correlation or de-anonymizing service gives me great concerns for its abuse and the groups that it likely endangers (and the groups it likely empowers).

  • brobinson 3 years ago

    Bad actors have had the ability to do this for a long time. If anything, this raises awareness among normal people.

    • nokya 3 years ago

      Well, not sure I am a bad actor but reading the comment gave me the idea of typing my ex's nickname and I now discover she has an account on a quite unusual platform of which I am a member, too.

      For sure, I would never have the time to build such a tool. So, yes, some bad actors may have the "ability" as you mention, but I don't think that is the best justification to make querying this tool that easy.

someweirdperson 3 years ago

I am using an un-pronouncible combination of 4 characters in some games. Never could not get it anywhere I wanted it. Was surprised to see it found on 60 sites, none of them me.

My username here is found on only 50, the other 49 not me.

It might be a useful tool to pre-check names before creating accounts for someone who wants a consistent name everywhere.

serjester 3 years ago

Why use React for something this light? People wants to use a frontend frameworks for everything now, I miss 1998. Just kidding, great work! Way more accessibly to the average person than the Sherlock CLI.

Also you have two requiments.txt's FYI.

moneywoes 3 years ago

Seems the HN one doesn’t work

  • tomrod 3 years ago

    Indeed. On that and a lot of sites I get false positives. Old usernames that I used (and pretty sure no one else did) on sites I've never visited.

Normille 3 years ago

Hmmm... I searched a name and it found 9 results. But none of the profiles actually existed when I followed the links.

Mind you, I've never fond these kind of things to be very effective. Bellingcat has a selection of similar tools and the results are always pretty unreliable:

https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyh...

NaturalPhallacy 3 years ago

I got a false positive on runescape, fiverr, and tiktok for my username (not this one).

someweirdperson 3 years ago

False positive bug list. These always return a match even if there is none:

Archive of Our Own

Dribbble

Enjin

Fiverr

HackerNews

Instagram

Quizlet

Smule

We Heart It

livelib

  • s1mon 3 years ago

    I put in a <somewhat random mashing of the keyboard> userid. I got a shorter list, but clearly this is an issue.

    [ ! ] Checking username q349t8y on:

    [ + ] Enjin: Enjin

    [ + ] Fiverr: Fiverr

    [ + ] HackerNews: HackerNews

    [ + ] Instagram: Instagram

    [ + ] Quizlet: Quizlet

    [ + ] Smule: Smule

    [ + ] livelib: livelib

    [ X ] End Results: 7

    • someweirdperson 3 years ago

      Just retried with the same name as before, now I see it reduced to your list, plus a new entry:

      [ + ] TikTok: TikTok

DueDilligence 3 years ago

.. just ran the iOS MAIGRET tool report [massively granular-thus more false positives + a shit tonne of server errors] against your tool. Enlightening.

magicemoji 3 years ago

There is a similar iOS app implement in pure swift, run directly on your iPhone, open App Store and Search: Maigret to download this app.

  • DueDilligence 3 years ago

    .. which I am pleased to say also works in MacOS.

acqbu 3 years ago

This is amazing! My only fear is that it will benefit more stalkers than genuine users.

Dave3of5 3 years ago

Shows me on something called smule which I don't have an account on.

ilyt 3 years ago

Now auto-create that account and offer user to buy it for few bucks

oriettaxx 3 years ago

great, it works (with some false-positive, like Enjin for example).

A warning: an account could be suspended (since many still cannot let you remove it), and by logging in again you end up re-activating.

just be aware

rob 3 years ago

Lot of results! Thanks

DueDilligence 3 years ago

.. excellent tool .. TWO coffee's for you!

high_pathetic 3 years ago

And that's why I prefer making a username per site I use. No need to connect the dots, no need for this tool, except for spying on a person.

skc 3 years ago

Lots of false positives

dingdongdaddy 3 years ago

you made a web frontend for Sherlock LMAO

deadalus 3 years ago

This tool is very fast! I used it to find my crush's social profiles and it worked well.

  • Ostatnigrosh 3 years ago

    haha thats one way to use this thing

sph 3 years ago

Add "Show HN:" to the title to have more time in the spotlight, since you built this.