Corporate usernames are beginning to be obnoxiously easy to guess and build. The standard of FIRSTNAME.LASTNAME@CORP.com is so common, it's ridiculous. Even more so when account management tools will simply take the first half of the email and reuse it as a username. We can use schemes like this to our advantage to search for a multitude of treasures like accounts on other services with the same username, credentials found in breaches, and associated sites or tools. When searching for usernames, you can uncover linked social media accounts and tons of relevant intelligence.
Username and Email Address Analysis Tools
Username.html and Email.html
These two tools often go hand in hand with results often overlapping. Still, it is good habit to run the searches for both the username and the email address in case there is a discrepancy between the two. These two tools check for two things: presence of the username/email on a given platform, and any public/leaked info connected to them.
Stalker - OSINT tool for automated scanning of social networks and other websites, using a single nickname.
finduser - Find usernames across over 75 social networks
socialscan - Python library and CLI for accurately querying username and email usage on online platforms.
https://analyzeid.com/username/ - Social media username checker. Gather information on the taken username and get a summary of who the person is.
https://www.idcrawl.com/ - A free people search engine that organizes social network information, deep web information, phone numbers, email addresses and more.
https://knowem.com/ - Allows you to check for a username or real name instantly on over 500 popular and emerging social media sites.
Email Address Search Tools
Public Mail Records - Search public email records for a given email address.
MXToolBox - Collection of online tools that can gather multiple points of data surrounding an email address or domain.
Some times it helps to perform a quick check to see if an email is even valid or registered.
Tru Mail - Prevent bounced emails and low-quality users with free professional grade email verification
Email Hippo - Email address verification technology from Email Hippo that connects to mailboxes and checks whether an email address exists.
Verify email - This email verification tool actually connects to the mail server and checks whether the mailbox exists or not.
Email Checker - Email Checker ensures that an email address is correct and active in real-time without ever needing to send a message.
CLI Email Intelligence Tools
TheHarvester - This tool is the defacto standard for email intelligence gathering. It checks a large array of sources to pull together information. It can leverage APIs of other services such as Spyse or Shodan to improve the search. Remember these will require an API key to use. I have found that between the above html tools and this, it will satisfy your email searching needs.
Infoga - Infoga is a tool gathering email accounts information (ip,hostname,country,...) from different public source (search engines, pgp key servers and shodan) and check if emails was leaked using haveibeenpwned.com API.
Match Email to Phone number - email2phonenumber is an OSINT tool that allows you to obtain a target's phone number just by having his email address.
