Find what of your personal data is leaking online — via free, no-account public sources — then get one-click opt-out links to remove it.
Project description
exposed
Find what of your personal data is leaking online — then remove it.
exposed is a personal OSINT self-scan. Point it at your own name, emails, and
usernames, and it checks free, no-account, no-API-key public sources to show
where your information is exposed — then hands you one-click opt-out links for
the data brokers holding it.
It only ever looks you up. No targets, no accounts, no keys, no data leaves your machine except the lookups themselves.
Example scan of a fictional identity — real output is color-coded by severity.
What it checks
| Source | What it finds |
|---|---|
| Gravatar | Is your email tied to a public profile (photo, name, linked accounts)? |
| Hudson Rock | Does your email/username appear in infostealer-malware logs? |
| GitHub | Is your email leaking through public commits or linked to a user? |
| holehe (optional) | Which sites have an account registered to your email? |
| Sherlock (optional) | Which sites have an account under your username? |
| Data brokers | Ready-made search + opt-out links for 25 people-search sites |
| Search dorks | Pre-built Google / DuckDuckGo queries to eyeball the rest |
Install
pip install exposed # core scan
pip install "exposed[full]" # + holehe & Sherlock for the deeper account sweeps
Or from source:
git clone https://github.com/GreenHarvestDev/exposed.git
cd exposed
pip install -e ".[full]"
Usage
-
Copy the example config and fill in your own details:
cp exposed_identity.example.json exposed_identity.json # edit exposed_identity.json
-
Run the scan:
exposed # readable summary + saves exposed_report.json exposed --no-sherlock # skip the slow username sweep exposed --json # emit the full report as JSON (for your own UI)
Your exposed_identity.json and any *_report.json are git-ignored — they hold
your PII and should never be committed.
Identity file
{
"full_name": "Jane Q. Public",
"emails": ["jane@example.com"],
"usernames": ["janepublic"],
"phones": ["555-123-4567"],
"cities": ["Springfield"],
"state": "OR",
"aliases": ["Jane Doe"],
"relatives": ["John Public"]
}
Everything is optional — provide what you want scanned. More detail = more thorough dorks and broker links.
Ethics & scope
exposed is a defensive privacy tool. It is designed to scan your own
identity so you can reduce your attack surface and remove yourself from data
brokers. Don't use it to profile other people.
All sources are public and free; the tool sends no data to any server it doesn't have to query for a lookup, and stores results only in the local report file you control.
Development
git clone https://github.com/GreenHarvestDev/exposed.git
cd exposed
pip install -e ".[dev]"
ruff check . && ruff format --check . && pytest
Tests are fully offline (network and external tools are mocked), so pytest runs in
well under a second. See CONTRIBUTING.md — new source checks are
welcome as long as they're free, need no account, and ship with a test.
License
MIT © 2026 GreenHarvestDev
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file exposed-0.1.0.tar.gz.
File metadata
- Download URL: exposed-0.1.0.tar.gz
- Upload date:
- Size: 21.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ce7b84eeadbbab51bfbc1a1b1585cff80e282db220ce29d91fe067507924a252
|
|
| MD5 |
762d21cc6269caab416bc966e904899e
|
|
| BLAKE2b-256 |
cd7bb7e19ae44070f096432cb0e8623e3f4824e8c080e0fad80992cea5418eb4
|
Provenance
The following attestation bundles were made for exposed-0.1.0.tar.gz:
Publisher:
release.yml on GreenHarvestDev/exposed
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
exposed-0.1.0.tar.gz -
Subject digest:
ce7b84eeadbbab51bfbc1a1b1585cff80e282db220ce29d91fe067507924a252 - Sigstore transparency entry: 2194843629
- Sigstore integration time:
-
Permalink:
GreenHarvestDev/exposed@97450293f04d784e6b0bee8d1cab054b8bd34f77 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/GreenHarvestDev
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@97450293f04d784e6b0bee8d1cab054b8bd34f77 -
Trigger Event:
push
-
Statement type:
File details
Details for the file exposed-0.1.0-py3-none-any.whl.
File metadata
- Download URL: exposed-0.1.0-py3-none-any.whl
- Upload date:
- Size: 16.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3330dafd0cac4307d665b6650cf27e3787b8ef33d8007268d493e51200157c41
|
|
| MD5 |
a09a493ef6bc489e568f7a7af85fc306
|
|
| BLAKE2b-256 |
ced3a6c8961e91cec89d98e453b4f3e1bbbcbadbda82afc85ad2e082ba881a6c
|
Provenance
The following attestation bundles were made for exposed-0.1.0-py3-none-any.whl:
Publisher:
release.yml on GreenHarvestDev/exposed
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
exposed-0.1.0-py3-none-any.whl -
Subject digest:
3330dafd0cac4307d665b6650cf27e3787b8ef33d8007268d493e51200157c41 - Sigstore transparency entry: 2194843644
- Sigstore integration time:
-
Permalink:
GreenHarvestDev/exposed@97450293f04d784e6b0bee8d1cab054b8bd34f77 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/GreenHarvestDev
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@97450293f04d784e6b0bee8d1cab054b8bd34f77 -
Trigger Event:
push
-
Statement type: