trace a username or email across public sites and correlate the accounts
Project description
nymric
check a username (or an email) across a pile of public sites, follow the links on whatever profiles show up, and stitch it all into one picture of a single person with a confidence on each piece.
tiles, not a photograph. a match is a lead, not proof.
the idea
most tools here (sherlock, whatsmyname, enola) answer one question: does this handle exist on N sites. useful, but you get a flat wall of hits and you're the one left working out which are the same person and which are some stranger with the same name. nymric spends its effort on that second part.
what it does
- checks a username across a curated set of sites, all at once
- reads the outbound links on the profiles that expose them and pulls the person's other accounts out of the bio (their twitter, twitch, a linked github, whatever)
- ties it together. if dev.to and keybase both point at a github we found, that github is
confirmed. a lone hit with nothing backing it ispossible(might be a stranger), not dressed up as a sure thing - matches profile pictures too. two accounts with the same photo (perceptual hash, run on
your machine) is a
confirmedlink even when no bio connects them - takes an email as well. it hashes the email, finds the public gravatar profile, and pivots on the username that comes back. no password-reset probing, just what gravatar already hands out
- prints a short mosaic, or
--json/--md/--svgif you want it elsewhere
what it's for, and what it won't do
it's for checking your own exposure, brand and impersonation monitoring, and authorized research. it won't do logins, auth, anything behind a wall, bulk "find everyone", or dodging anti-bot. public data only. the ethics file is short and it's the actual point.
install
the easy way (once it's on pypi):
pipx install nymric
or from source:
git clone https://github.com/m1h/nymric
cd nymric
pip install .
python 3.11+, two deps (httpx, rich). want avatar matching too? pip install "nymric[avatars]"
pulls in pillow. everything else runs without it.
quickstart
point it at a handle:
nymric torvalds
you get back the accounts that handle shows up on, grouped by how sure it is they're the
same person, each with the reason why. add --json or --md report.md to save it. the
picture at the top of this readme is a real run.
usage
nymric <username|email> [options]
-s, --sites NAME... only these sites (e.g. -s github lichess)
-c, --concurrency N parallel requests (default 10)
-t, --timeout SECS per-request timeout (default 10)
--no-follow don't follow bio links, existence only
--no-avatars don't hash profile pictures
--ua STRING user-agent override
--json json to stdout
--md FILE also write a markdown report
--svg FILE also save an svg screenshot
-V, --version
give it an email instead and it goes through gravatar first:
nymric someone@example.com
how it compares
| tool | what you get back |
|---|---|
| sherlock / enola | whether the handle exists on ~400 sites (flat list, verify it yourself) |
| whatsmyname | a curated existence dataset and a browser app |
| maigret | existence plus a recursive search of the same handle, big dump |
| nymric | follows bio links to the person's other accounts and ties them into one mosaic, each piece with a confidence and the reason it's there |
how it works
every site is a row of data, not code, in nymric/data/sites.json:
{"name": "github", "url": "https://github.com/{}", "method": "status", "links": true}
status sites are judged on 200 vs 404. text sites carry a found marker (a string
only real profiles contain) or an absent marker (the "not found" string, for sites like
steam that return 200 either way). a {} in a marker gets the handle.
the rule that matters most: 403 / 429 / 5xx never count as "missing", they count as inconclusive. a bot-block is not proof the account isn't there. that is the biggest source of junk results in tools that skip it, and it's why reddit isn't on the list (its edge serves identical 403s for real and fake users when you aren't logged in).
adding a site is a json edit. the rest is a handful of small files: probe, links,
stitch, faces, mailto. there's a longer writeup in DESIGN.md.
honest about the limits
- usernames aren't unique. a
possiblehit really might be someone else. that's why it's flagged instead of hidden. - the list is small on purpose (21 sites). big lists rot. these are ones that behave without an anti-bot wall. reddit, instagram, tiktok, x need auth or block you, so they're left out instead of faked.
- markers break when a site redesigns. it's data, so the fix is one line.
prior art
built on the shoulders of sherlock, maigret, and the whatsmyname dataset. the angle here is the correlation layer they leave to you.
license
MIT. lawful research only, no warranty.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nymric-0.1.0.tar.gz.
File metadata
- Download URL: nymric-0.1.0.tar.gz
- Upload date:
- Size: 22.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
41a6d5a9b94e591af276d40657e22559573eae23e2b0fa031e3f47e5b870b8b6
|
|
| MD5 |
afa7acd3bbdacc298b5ab48739170b4f
|
|
| BLAKE2b-256 |
fc3054a39b27cecc15045f0d227d37e68c95033d3107bf35a23c7cd6b2eb69f7
|
Provenance
The following attestation bundles were made for nymric-0.1.0.tar.gz:
Publisher:
publish.yml on m1h/nymric
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
nymric-0.1.0.tar.gz -
Subject digest:
41a6d5a9b94e591af276d40657e22559573eae23e2b0fa031e3f47e5b870b8b6 - Sigstore transparency entry: 2084260137
- Sigstore integration time:
-
Permalink:
m1h/nymric@d05c042a5b3e4f02bf9fe5a90bd488dc5525b87d -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/m1h
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@d05c042a5b3e4f02bf9fe5a90bd488dc5525b87d -
Trigger Event:
release
-
Statement type:
File details
Details for the file nymric-0.1.0-py3-none-any.whl.
File metadata
- Download URL: nymric-0.1.0-py3-none-any.whl
- Upload date:
- Size: 13.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4299c8278b13578f07f8e99f038d129f7892cae97909f1b52fe4efabc7a7823a
|
|
| MD5 |
3ad32dc75a938b4c5fd309caad607668
|
|
| BLAKE2b-256 |
c2abd29542cc9ba84af2ffa017b42cbc3a7f553bf345c924fb6c26d89dd06e57
|
Provenance
The following attestation bundles were made for nymric-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on m1h/nymric
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
nymric-0.1.0-py3-none-any.whl -
Subject digest:
4299c8278b13578f07f8e99f038d129f7892cae97909f1b52fe4efabc7a7823a - Sigstore transparency entry: 2084260146
- Sigstore integration time:
-
Permalink:
m1h/nymric@d05c042a5b3e4f02bf9fe5a90bd488dc5525b87d -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/m1h
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@d05c042a5b3e4f02bf9fe5a90bd488dc5525b87d -
Trigger Event:
release
-
Statement type: