Namechk is a great OSINT tool that allows you to find out if a username you are investigating is used elsewhere online. It includes various social media platforms as well as domain names and mobile apps. Typically an investigation starts with a name, phone number, or email address. If you don’t have any of the above, you can start with their username. People often use the same user name on multiple platforms and some platforms automatically import the username from your email by default. Having a username to start isn’t ideal, but Namechk allows you to explore the information you have to try to find other information. Here’s a quick guide on getting started with Namechk.
0. Go to the Namechk website
This is a no-brainer, but if you simply Google “name checker” or “username check” you will be led to a plethora of other options that, in my opinion, are not as user friendly or useful. A good investigator doesn’t limit their searches to one platform, however. At the end of this post I will mention a few other commonly used sources. Here’s a link to the Namechk website.
1. Getting to Know the Namechk Interface
Right off the bat you will see that Namechk is very user-friendly and straightforward. You type in a username and it returns domain name availability and different types of social media accounts. A lot of the social media profiles that are used aren’t very popular. This doesn’t mean you should ignore them. Often the most crucial content you will find will be on lesser known social media sites. Gab.ai comes to mind.
2. Combining Your Results with Other OSINT Tools
There’s much I can add to the explanation of the Namechk platform. What I can provide is a little bit of insight on how to use it for OSINT investigations. Conducting an OSINT investigation is like a puzzle. You may have a few pieces of the puzzle already in place (real name, phone number, etc.) but you may be missing a few pieces required to get the information you need–the big picture. By using Namechk to identify places where a user may have posted different content, you may stumble across some of that missing information. This could include older content or conversations that are more personal (peer to peer). Finding a new user account could also lead you to new photos you can reverse image search (or run through Imagga) to find even more access points. Sometimes, it can even lead you…. no where. You have to be prepared for your intel gaps to persist despite your efforts.
3. Streamlining Your Investigation
Namechk has a really cool feature not a lot of other similar platforms have. They have an API! This means that if you’re a developer or know one, you can streamline your OSINT collection and create custom tools or integrate username searches into tools you already have! It costs a little coin to get started ($15 for 10,000 requests), but that’s scheduled on a pay as you go model, meaning months you don’t use it all (or prefer to just use their web interface) you pay $0. If you’re like me, this is really interesting and potentially very useful. Check out their API here.
While namechk.com and knowem.com (and those sites) can be helpful in determining sites to look at to find your target’s usernames, I’ve found that they can have many false positives. It got so frustrating for me that I made my own project called WhatsMyName (https://webbreacher.com/2016/12/11/whatsmyname-project/). There are modules that use this project in both spiderfoot.net and reconng.com tools.
LikeLike
Thanks for the feedback! I use WhatsMyName through Recon_NG!
LikeLike
Thanks for sharing about Namechk. Thanks also for pointing out Imagga for reverse image lookups, that’s going to save a lot of time. 🙂
LikeLike