Social Analyzer

Find and analyze a person's digital footprint across 1000+ social media platforms using multi-layer detection, OCR, and metadata extraction.

23.4Kstars
2.2Kforks
GNU AGPLv3
JavaScript

Social Analyzer is an open-source OSINT tool that automates the discovery and analysis of user profiles across more than 1000 social media websites. Given a username, it searches each platform using HTTP requests and optionally Selenium-driven browser sessions, then applies a confidence-based detection rating system (0-100, expressed as No/Maybe/Yes) to minimize false positives and surface only credible matches.

The tool ships as a Node.js web application with a browser GUI, a Node.js CLI, and a Python package installable from PyPI — all three interfaces expose the same core capabilities. Detection combines pattern matching on page content, Tesseract OCR on captured screenshots, metadata extraction via the Qeeqbox OSINT engine, and optional Google and DuckDuckGo API lookups to cross-reference findings.

Designed for investigators, security researchers, journalists, and law enforcement agencies operating with limited resources, Social Analyzer can search multiple usernames simultaneously, filter results by confidence level or platform type, generate force-directed relationship graphs, and export full analysis results as structured JSON for integration with broader OSINT workflows.

What You Get

  • Multi-Platform Username Search - Queries 1000+ social media platforms concurrently using configurable worker pools, with automatic three-pass retry logic to recover from transient failures and maximize profile coverage.
  • Confidence-Based Detection Rating - Assigns each discovered profile a 0-100 score using a multi-technique detection pipeline (HTTP response analysis, regex matching, OCR, metadata patterns) to separate genuine matches from false positives.
  • OCR Profile Text Extraction - Uses Tesseract.js (Node.js) or Tesseract via Python bindings to extract readable text from profile screenshots, enabling detection of usernames embedded in images rather than HTML.
  • Metadata and Pattern Extraction - Pulls structured metadata from detected profiles using the Qeeqbox OSINT engine, surfacing embedded links, identifiers, and contextual patterns useful for cross-platform correlation.
  • Force-Directed Relationship Graphs - Generates interactive network graphs mapping relationships between extracted metadata entities and detected profiles, visualizing identity connections across platforms.
  • Multiple Access Modes - Exposes identical functionality via a browser-based web GUI (served locally on port 9005), a Node.js CLI, and a PyPI-installable Python package importable directly as a Python object for programmatic use.
  • Bulk and Multi-Username Search - Accepts comma-separated username lists to search and correlate profiles for multiple identities in a single run, useful for linking accounts across platforms.
  • Search Engine Augmentation - Optionally queries Google API and DuckDuckGo API with custom search expressions to supplement direct platform scanning with web-indexed findings.
  • Flexible Result Filtering - Filters results by detection confidence (good/maybe/bad), platform type (adult, music, etc.), country of origin, or Alexa top-site ranking to narrow investigations.
  • WAF and CAPTCHA Detection - Automatically identifies when a platform response triggers a WAF block or CAPTCHA challenge, marking those results as unreliable rather than silently returning false data.
  • Proxy and Header Customization - Supports custom HTTP headers, proxy configuration, per-request timeouts, and Selenium implicit wait tuning to adapt scans to network constraints or anti-bot countermeasures.
  • JSON Export and Logging - Saves complete analysis results as structured JSON files and supports prettified terminal output or silent mode for clean integration into automated pipelines.

Common Use Cases

  • Tracking threat actor infrastructure - A security analyst searching for a known malicious username runs Social Analyzer across all platforms to map the actor’s full social presence, using the confidence scores to prioritize leads and the metadata graphs to surface connected accounts.
  • Law enforcement suspect profiling - An investigator in a resource-limited jurisdiction uses the Docker Compose grid deployment to run parallel Selenium scans across 1000+ platforms simultaneously, exporting results as JSON for intake into their case management system.
  • Journalist source verification - A reporter verifying an anonymous tipster’s claimed online identity searches the tipster’s username and cross-references detected profiles against known biographical details, using screenshot capture to document the evidence.
  • Red team OSINT reconnaissance - A penetration tester maps a target organization’s employee digital footprints by running bulk username searches against a curated list of handles, filtering results to high-confidence matches for inclusion in the engagement report.
  • Cyberstalking and harassment investigations - A trust and safety team uses Social Analyzer via its Python API integration to automate username lookups as part of an abuse detection pipeline, correlating harasser accounts across multiple platforms from a single report.
  • Academic digital identity research - A researcher studying online pseudonymity runs Social Analyzer against a dataset of usernames to measure cross-platform account reuse rates, leveraging the JSON output for downstream statistical analysis.

Under The Hood

Architecture Social Analyzer is a monolithic application built around a single entry point that simultaneously handles CLI argument parsing and Express web server bootstrapping, with scan logic decomposed into separate module files for engine detection, fast scanning, slow scanning, special scanning, extraction, and string analysis. These modules communicate through a shared global helper singleton rather than explicit interfaces, meaning state like detection levels, site lists, and lock sets is mutated globally rather than passed through dependency injection. A parallel Python implementation (app.py) replicates the same detection and scan orchestration logic independently, resulting in duplicated business logic that evolves separately from the Node.js codebase. Data flows from CLI invocation or HTTP request through mode selection into an async worker pool, which issues concurrent HTTP requests or Selenium-driven browser sessions per platform, then feeds responses through the detection engine before aggregating into a scored result set. A three-pass retry mechanism for failed sites is embedded directly in the fast-scan module rather than being a configurable strategy, reflecting a pragmatic approach that prioritizes feature completeness over structural cleanness.

Tech Stack Node.js 20 runs the primary web application and CLI, with Express 4 serving both the REST API and the static web GUI. Browser automation leverages Selenium WebDriver 4 with GeckoDriver targeting Firefox ESR, orchestrated via Docker Compose against a Selenium Grid hub for distributed parallel scanning across multiple Firefox nodes. The JavaScript layer uses cheerio for server-side HTML parsing, tesseract.js 2 for in-process OCR without external dependencies, wink-tokenizer for NLP tokenization, franc for language identification, and the proprietary ixora package for metadata visualization. The Python implementation uses Requests, BeautifulSoup4, lxml, langdetect, and galeodes as its HTTP and parsing stack, and is distributed as a pip-installable package with an importable class interface. Platform detection rules for 1000+ sites are stored in a JSON configuration file, making site coverage extensible without code changes. ESLint with the standard config and Prettier enforce basic JavaScript code style consistency.

Code Quality Testing is minimal throughout the codebase — the test directory contains a single shell script that verifies the help output loads without crashing, with no unit tests, integration tests, or test framework dependencies present anywhere in either the Node.js or Python implementations. Core modules intermix business logic, logging side effects, and state initialization, making isolated testing structurally difficult without significant refactoring. Error handling in JavaScript modules relies predominantly on try/catch blocks that log to console under a verbose flag and swallow exceptions silently otherwise; the Python implementation uses contextlib.suppress extensively, discarding exceptions without recording them. Naming conventions are inconsistent between the JavaScript and Python codebases and within individual modules. There is no TypeScript, no runtime schema validation, no type annotations in Python, and no CI configuration present in the repository. The package.json test script is a placeholder that unconditionally exits with an error code, confirming no automated test pipeline exists.

What Makes It Unique Social Analyzer’s most distinctive contribution is its confidence-scored multi-layer detection pipeline that combines HTTP response pattern matching, OCR extraction from browser screenshots, metadata fingerprinting, and optional search engine augmentation into a single 0-100 rating per discovered profile — an approach that explicitly models result uncertainty rather than returning binary found/not-found results. The simultaneous distribution as a Node.js web application, a Node.js CLI, and a PyPI-installable Python class importable directly in scripts gives it unusually broad integration surface for an OSINT tool. The JSON-driven site definition format allows community contributors to add platform coverage without modifying application code, and the built-in WAF and CAPTCHA detection heuristics mark potentially unreliable results rather than silently inflating false positive rates — a design decision that reflects real investigative workflow requirements.

Self-Hosting

Social Analyzer is released under the GNU Affero General Public License v3.0 (AGPL-3.0). This is a strong copyleft license: you can use, modify, and self-host it freely, including for commercial investigations, but any modifications you deploy as a network service must be released under the same license. For internal use — running it within your organization without exposing it as a public service — the copyleft obligations are generally not triggered, making it usable by corporate security teams and law enforcement agencies without licensing complications. There is no commercial license or enterprise tier available.

Running Social Analyzer yourself requires meaningful infrastructure consideration beyond a simple binary deployment. The full-featured mode depends on Firefox ESR and GeckoDriver for Selenium-based browser automation, and the Docker Compose configuration expects a Selenium Grid hub with Firefox node containers to enable parallel scanning — this means managing a multi-container setup with shared memory volume mounts and inter-service networking. The Node.js web application does not include authentication or access control, which the project documentation explicitly flags: it is intended for local or network-isolated deployment only. You are responsible for all uptime, updates, dependency management, and securing access from unauthorized users, as well as keeping the sites.json detection database current as social media platforms evolve their HTML structure.

There is no hosted or managed version of Social Analyzer, no paid cloud tier, and no commercial support offering. What you gain from self-hosting is complete data privacy — no usernames or investigation targets leave your infrastructure — and full control over the detection configuration and scan parameters. What you give up is any form of vendor support, automatic database updates, SLA guarantees, or high-availability architecture. The detection site database in the public repository is also noted to differ from the version used by law enforcement agencies in production, meaning the community-available tool may have lower coverage or accuracy than deployments the author maintains privately.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search