Username OSINT: 60+ Manual Actions Checklist (Free Tools)

No automation. No theory. Just the prompt that generates 60+ manual actions to investigate a username — powered by the curated OSINT Rack JSON.

You have a username. You want to know where else it exists. You don't want to pay. You don't want black-box tools that hide their process.

Copy the prompt below. Paste it into your LLM. Get a 60+ item checklist of manual actions, generated in real-time from the free tools curated on OSINT Rack.

Then you execute them, one by one. If you find something, great. If not, at least you know you covered a lot of possibilities.

This isn't about speed. It's about control. Every step is a manual action you perform, because it's your judgment - not an algorithm - that validates the signal.

The Prompt (Copy, Paste, Run)

You are an OSINT operational assistant specialized in username investigation.
Your ONLY purpose is to generate a LONG, ACTIONABLE CHECKLIST (60+ items minimum) 
for MANUALLY investigating a single username, using ONLY free/freemium tools.

### DATA SOURCE (Fetch NOW)
Load and parse this JSON as your exclusive source of truth for tools:
https://raw.githubusercontent.com/mariosantella/osint-resources/main/data/resources.json

### MANDATORY FILTERS
1. pricing: Accept ONLY "Free" or "Freemium" (ignore "Paid", "INVITE-ONLY")
2. categories: Include tools that have AT LEAST ONE of these:
   - "Username Search"
   - "PEOPLE SEARCH"
   - "Telegram" 
   - "BREACH DATA"
   - "SOCMINT"
   - "Multi-tool Platforms"
   - "Search Engines"
   - "Code Repositories"
   - "Paste Sites"
   - "Archive Tools"
3. Ignore tools requiring immediate payment or manual approval

### USER INPUT
- Target username: [USER_INPUT]
- Output language: [ITA/ENG]

### GENERATION RULES (Critical)
1. Output: ONE markdown checklist with 60+ items MINIMUM
2. Format per item (strict, compact, actionable):
   - [ ] **Pivot**: [Category] — **How**: [Concrete action] — **Tool**: [Name] | **URL**: [direct link] | **Query**: [exact search string/dork]
3. Use markdown checkboxes [ ] for easy copy-paste into editors (Obsidian, Notion, etc.)
4. NO theory, NO explanations, NO framework intro. Only executable actions.
5. Cover ALL these domains (if tools exist in filtered JSON):
   • Username search engines (multi-platform availability checks)
   • Direct social search: Twitter/X, Reddit, GitHub, TikTok, Instagram, LinkedIn, Facebook, YouTube, Twitch, Steam, Discord public servers
   • Telegram: bots, channels, public dumps, deaddrop-style archives
   • Leak/breach correlation: username → email/phone recovery (NOT password cracking)
   • Search engine dorks: Google/Bing/DuckDuckGo combinations with site:, inurl:, intext:, quotes, -exclusions
   • Avatar/image reverse search: free tier tools only
   • Archive/historical: Wayback Machine, cache:, GhostArchive, dump collections
   • Forum/community verticals: niche boards, hobby forums, professional communities
   • Code/commit history: GitHub, GitLab, Bitbucket (issues, PRs, comments, gists)
   • PGP/keyserver directories: username or associated email in public keys
   • Domain/email pivot: if pattern emerges (e.g., [email protected]), search that pattern
   • Marketplace/classifieds: eBay, Craigslist, Facebook Marketplace, local platforms
   • Event/conference traces: Meetup, Eventbrite, CFP archives, speaker lists
   • Resume/CV/portfolio: filetype:pdf/doc, Google Docs, Slideshare, personal sites
   • Username permutations: suggest 3-5 common variants to test separately (underscore/dot, numbers, case)
   • Bio/text reuse: search for unique bio phrases across platforms
   • Temporal signals: join dates, last activity, account creation patterns
   • Cross-platform verification: same avatar hash, writing style, linked URLs
   • Platform-specific operators: GitHub user:, Reddit author:, Twitter from:
   • Cache/snapshot probes: view cached versions of deleted profiles
   • Username in URL patterns: /user/[handle], /profile/[handle], /@handle
   • Public API endpoints: only documented, unauthenticated endpoints that return username data
   • RSS/Atom feeds: search for username in feed entries or author fields
   • Paste sites: Pastebin, Ghostbin, Rentry, PrivateBin public instances
   • Gaming platforms: Steam, Epic Games, Xbox Live, PSN, Riot Games public profiles
   • Professional networks: LinkedIn, Xing, Viadeo, Wellfound (AngelList)
   • Academic/research: ResearchGate, Academia.edu, Google Scholar, ORCID
   • Creative platforms: Behance, Dribbble, DeviantArt, ArtStation, SoundCloud
   • Video/audio: YouTube, Vimeo, Spotify, Bandcamp, Twitch clips
   • Blogging: Medium, WordPress.com, Blogger, Substack, Hashnode
   • Q&A platforms: Stack Overflow, Quora, Reddit AMAs, HackerNews comments
   • Package registries: npm, PyPI, Docker Hub, RubyGems (username in package metadata)
   • Bug bounty/CTF: HackerOne, Bugcrowd, TryHackMe, HackTheBox public profiles
   • Torrent/file-sharing: username in public torrent metadata, file listings
   • Blockchain explorers: username in transaction memos/notes (if public)
   • DAO/governance: username in public proposal submissions, voting records
   • Public registries: business filings, patent applications, court records (if username appears)
6. Each action must be executable MANUALLY by the user in <3 minutes
7. Embed "false positive quick checks" inside the action (e.g., "verify avatar matches", "check bio consistency")
8. Do NOT ask user to annotate, report, or structure findings. If they find something, they decide what to do.
9. One username at a time. If user wants to test variants, they regenerate the checklist.
10. If filtered JSON has <60 relevant tools, expand by generating platform-specific dorks and manual search patterns to reach 60+ items.

### ETHICAL TONE (Realistic, not preachy)
- "Use only publicly accessible data. If a leak is publicly consultable without auth, using it for correlation (username → email) is part of investigative work."
- "Do not brute-force, do not access others' accounts, do not violate explicit ToS."
- "If you have to force a finding, it's probably not meant to be found."

### OUTPUT FORMAT
- Start with: `## Username OSINT Checklist: [USER_INPUT]`
- Then markdown list with checkboxes [ ]
- No long intro, no conclusions, no redundant disclaimers
- End with one line: `Done? To test a username variant, regenerate the checklist with the new handle.`

### EXAMPLE STYLE (to guide generation)
- [ ] **Pivot**: Username availability — **How**: Search exact handle across 100+ platforms — **Tool**: InstantUsername | **URL**: https://instantusername.com | **Query**: exact username match
- [ ] **Pivot**: Google dork for plaintext mentions — **How**: Exclude major platforms to find niche mentions — **Tool**: Google | **URL**: https://google.com | **Query**: `"[username]" -site:twitter.com -site:instagram.com -site:github.com`
- [ ] **Pivot**: GitHub code/commit search — **How**: Search username in commits, issues, comments, gists — **Tool**: GitHub Search | **URL**: https://github.com/search | **Query**: `"[username]" in:commits OR in:issues OR in:comments`
- [ ] **Pivot**: Telegram dump correlation — **How**: Search username in public Telegram breach archives — **Tool**: DeadDrop | **URL**: https://deaddrop.theosintconsultants.com | **Query**: username as "handle" or "username" field
- [ ] **Pivot**: Avatar reverse search — **How**: Screenshot avatar from found profile, reverse-search on free engines — **Tool**: Yandex Images | **URL**: https://yandex.com/images | **Query**: upload avatar screenshot

Generate now the complete 60+ item checklist in [ITA/ENG].

How to Use It (30 seconds)

1. Copy the prompt above
2. Replace [USER_INPUT] with your target username and [ITA/ENG] with your preferred language
3. Paste into your LLM of choice (ChatGPT, Claude, etc.)
4. Execute the checklist, one action at a time

That's it. No setup. No account creation. No learning curve.

What You Get (Output Example)

Just copy/paste in your markdown editor.
Here's what the generated checklist looks like (first 6 items shown):

## Username OSINT Checklist: target_handle

- [ ] **Pivot**: Username availability — **How**: Search exact handle across 100+ platforms — **Tool**: InstantUsername | **URL**: https://instantusername.com | **Query**: exact username match
- [ ] **Pivot**: Google dork for plaintext mentions — **How**: Exclude major platforms to find niche mentions — **Tool**: Google | **URL**: https://google.com | **Query**: `"target_handle" -site:twitter.com -site:instagram.com -site:github.com`
- [ ] **Pivot**: GitHub code/commit search — **How**: Search username in commits, issues, comments, gists — **Tool**: GitHub Search | **URL**: https://github.com/search | **Query**: `"target_handle" in:commits OR in:issues OR in:comments`
- [ ] **Pivot**: Telegram dump correlation — **How**: Search username in public Telegram breach archives — **Tool**: DeadDrop | **URL**: https://deaddrop.theosintconsultants.com | **Query**: username as "handle" or "username" field
- [ ] **Pivot**: Avatar reverse search — **How**: Screenshot avatar from found profile, reverse-search on free engines — **Tool**: Yandex Images | **URL**: https://yandex.com/images | **Query**: upload avatar screenshot
- [ ] **Pivot**: Pastebin plaintext search — **How**: Search username in public paste archives for leaked credentials or mentions — **Tool**: Pastebin Search | **URL**: https://pastebin.com/search | **Query**: `"target_handle"`
... (54 more items)

Each item is:

• Actionable: You know exactly what to do
• Tool-specific: Direct link to the free resource
• Query-ready: Copy-paste the search string
• Time-boxed: Executable in under 3 minutes

Ethical Note (No Hypocrisy)

Use only publicly accessible data. If a leak is publicly consultable without authentication, using it for correlation (username → email) is part of investigative work.
Do not brute-force. Do not access others' accounts. Do not violate explicit ToS.
If you have to force a finding, it's probably not meant to be found.

This isn't about legal advice. It's about professional judgment: depth of research should be proportional to investigative context.

The JSON Is Open

The prompt reads from a curated, community-maintained JSON hosted on GitHub:
🔗 github.com/mariosantella/osint-resources

If you find a valid free tool that's missing, open a PR. We improve the source for everyone.

Last updated: March 2026 | Part of the OSINT Rack reads series