Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: Search by Email Address #2359

Open
1 task done
ruidazeng opened this issue Nov 7, 2024 · 5 comments
Open
1 task done

Feature Request: Search by Email Address #2359

ruidazeng opened this issue Nov 7, 2024 · 5 comments
Labels
enhancement New feature or request

Comments

@ruidazeng
Copy link

ruidazeng commented Nov 7, 2024

Description

I would like to suggest a feature enhancement: the ability to search for accounts using an email address instead of a username. This functionality could broaden Sherlock's utility, especially in scenarios where only an email address is available.

Code of Conduct

  • I agree to follow this project's Code of Conduct
@ruidazeng ruidazeng added the enhancement New feature or request label Nov 7, 2024
@bytexenon
Copy link
Contributor

bytexenon commented Nov 7, 2024

Hello,

This is a very interesting idea, but it would be really difficult to implement. Most web services do not expose users' email addresses, unlike (public) usernames. Sherlock works by checking sites' URL pattern with the username (e.g., https://reddit[.]com/users/<username_here>). You can't check for an email in the same way (e.g., https://reddit[.]com/user/<someones_email>), as sites like Reddit do not expose email addresses.

The only way to check emails would be through checking breached databases, which is out of scope of the project and potentially illegal.

If you have other ideas on how to achieve this, I'd love to hear them. However, at the moment, it seems unfeasible.

@ruidazeng
Copy link
Author

Hello,

This is a very interesting idea, but it would be really difficult to implement. Most web services do not expose users' email addresses, unlike (public) usernames. Sherlock works by checking sites using a username template (e.g., https://reddit[.]com/users/<username_here>). You can't check for an email in the same way (e.g., https://reddit[.]com/user/<someones_email>), as sites like Reddit do not expose email addresses.

The only way to check emails would be through checking breached databases, which is out of scope of the project and potentially illegal.

If you have other ideas on how to achieve this, I'd love to hear them. However, at the moment, it seems unfeasible.

Hmm I see. I remember reading that some sites do have emails linked to user profiles, though it might just be a smaller group compared to sites can be searched by username. I saw a Reddit thread mention tools like Spokeo, BeenVerified, and Lullar that supposedly do this. I’ll dig into it a bit more.

@bytexenon
Copy link
Contributor

Hmm I see. I remember reading that some sites do have emails linked to user profiles, though it might just be a smaller group compared to sites can be searched by username. I saw a Reddit thread mention tools like Spokeo, BeenVerified, and Lullar that supposedly do this. I’ll dig into it a bit more.

Those services typically use data from breached databases posted on hacking forums, and most are paywalled without an accessible API. The closest service we could use is https://haveibeenpwned[.]com, which has an API, but it only shows the sites where the email was breached without additional information, so it's not suitable.

Regarding sites that do expose emails, there are very few. GitHub is a notable example, as it exposes emails and timezones in commits. However, you can't search for an email directly in a search bar or by using the API; you need to find a user's commit first, which requires knowing the username. Additionally, organization profiles on GitHub expose email addresses, which is searchable in the search bar, but not many users create their own organizations.

And just implementing this feature for Github alone would require a lot of effort. The creators of this tool could consider it, but given the limited number of sites that expose email addresses and the difficulty involved, it may not be feasible.

@PhilMeyr
Copy link

Some libraries do this without relying on leaked databases. For example: https://github.com/megadose/holehe?tab=readme-ov-file.

There are several techniques, such as trying to create an account on the site with the email or using the "forgot password" feature. The site will indicate if the email is already in use.

Holehe does this very well, but unfortunately, it hasn't been maintained for many years.

This would be a really great feature for Sherlock.

@ruidazeng
Copy link
Author

Some libraries do this without relying on leaked databases. For example: https://github.com/megadose/holehe?tab=readme-ov-file.

There are several techniques, such as trying to create an account on the site with the email or using the "forgot password" feature. The site will indicate if the email is already in use.

Holehe does this very well, but unfortunately, it hasn't been maintained for many years.

This would be a really great feature for Sherlock.

this seems interesting wow. perhaps it is possible to have this in sherlock

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants