Username OSINT Scraper — 480+ Sites in One Scan

Find every website where a given username is registered. Drops a single handle (e.g. gvanrossum, khadinakbar) into 480+ social, dev, gaming, forum, media, and business platforms and returns a structured per-platform map of where the account exists.

Powered by the Sherlock site list (MIT) and a three-mode detector (status code, response text, redirect URL) — the same proven approach used by OSINT investigators, recruiters, and brand-protection teams worldwide. Rewritten in TypeScript for speed, packaged as an MCP-ready Apify actor so AI agents can call it directly with predictable per-username pricing.

What you get

Field	Description
username	The handle that was scanned
platformsChecked	How many sites were probed for this username
platformsFound	How many returned a CLAIMED (registered) result
platformsBlocked	How many returned a WAF / anti-bot response (status uncertain)
scanDurationMs	Wall-clock duration of the scan
platforms[]	Per-platform results: site, category, profile URL, status, detection method, HTTP status, NSFW flag
blocked[]	Sites blocked by Cloudflare/Akamai/PerimeterX/DataDome/AWS-WAF (surfaced honestly rather than guessed)
_note	Human-readable summary line

Pricing

• apify-actor-start — $0.00005 per run (Apify-standard start fee)
• username-scanned — $0.04 per username processed (covers the full 480+ site scan, regardless of how many platforms match)

A typical 1-username scan costs ~$0.04. A 10-username batch costs ~$0.40. Pay-Per-Usage is also enabled if you prefer compute-based billing for huge jobs.

Quick start

From Apify Console

1. Open the actor.
2. Paste one or more usernames into the usernames field.
3. (Optional) Toggle includeNSFW, pick categories, adjust concurrency.
4. Click Start.

From the Apify API

curl -X POST "https://api.apify.com/v2/acts/khadinakbar~username-osint-scraper/run-sync-get-dataset-items?token=YOUR_API_TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "usernames": ["khadinakbar", "gvanrossum"],
    "includeAvailable": false,
    "includeNSFW": false
  }'

From the Apify JS client

import { ApifyClient } from 'apify-client';

const client = new ApifyClient({ token: 'YOUR_API_TOKEN' });

const run = await client.actor('khadinakbar/username-osint-scraper').call({
  usernames: ['khadinakbar'],
  categories: ['social', 'dev'],
});

const { items } = await client.dataset(run.defaultDatasetId).listItems();
console.log(items[0].platforms.filter(p => p.status === 'CLAIMED'));

From an MCP client (Claude / GPT / Cursor)

Add Apify MCP to your client (https://mcp.apify.com). The tool surfaces as apify-actor-username-osint-scraper. Agents call it the same way they call any other tool — the input schema and 4-sentence field descriptions let the LLM choose parameters correctly.

Example output

{
  "username": "gvanrossum",
  "scanStartedAt": "2026-05-16T18:30:00.000Z",
  "platformsChecked": 481,
  "platformsFound": 23,
  "platformsBlocked": 4,
  "scanDurationMs": 27310,
  "platforms": [
    { "site": "GitHub", "category": "dev", "url": "https://www.github.com/gvanrossum", "status": "CLAIMED", "detectionMethod": "status_code", "httpStatus": 200, "isNSFW": false },
    { "site": "Hugging Face", "category": "dev", "url": "https://huggingface.co/gvanrossum", "status": "CLAIMED", "detectionMethod": "status_code", "httpStatus": 200, "isNSFW": false },
    { "site": "Replit.com", "category": "dev", "url": "https://replit.com/@gvanrossum", "status": "CLAIMED", "detectionMethod": "status_code", "httpStatus": 200, "isNSFW": false }
  ],
  "blocked": [
    { "site": "Instagram", "url": "https://instagram.com/gvanrossum", "reason": "WAF-Cloudflare" }
  ],
  "_note": "23 platforms found. 481 checked. 4 WAF/anti-bot blocked (status uncertain)."
}

Input parameters

Field	Type	Default	Description
usernames	string[]	required	Plain handles to look up. Max 100 per run. No @ symbol, no full URLs.
includeAvailable	boolean	false	If true, also returns platforms where the username is NOT registered. Useful when checking availability before registering on multiple platforms.
includeNSFW	boolean	false	If true, scans 19 adult/NSFW platforms. Off by default for general OSINT work.
categories	string[]	[] (all)	Restrict scan to: social, dev, gaming, forum, media, business, other. Empty array scans everything.
concurrency	int	40	Parallel HTTP requests per chunk. Raise to 80 with extra RAM, lower to 20 on slow networks.
requestTimeoutSecs	int	15	Per-request timeout.
proxyConfiguration	object	Apify Residential	Proxy settings. Default: Apify residential — best success rate against WAF-protected platforms.

How detection works

The actor uses Sherlock's proven three-mode detector:

• status_code — Some platforms (GitHub, Reddit) return distinct HTTP codes for existing vs missing profiles. We check the code and apply the platform-specific rule.
• message — Some platforms (e.g. Reddit) return 200 for every profile URL but include a distinct error phrase in the body when the user does not exist. We string-match the response.
• response_url — Some platforms redirect missing usernames to a home/search page. We disable redirects and check whether the response stayed at the expected profile URL.

When a platform returns a Cloudflare / Akamai / PerimeterX / DataDome / AWS-WAF challenge, we mark the result as WAF rather than guess. This is the honest answer — false-positive WAF guesses cost OSINT investigators real time.

FAQ

Does it work for any username? Most. Some platforms enforce username format rules (length, allowed characters); the actor honours each platform's regexCheck and silently skips platforms where the input cannot be a valid handle.

Why not just use the open-source Sherlock CLI? Three reasons: (1) you get an Apify actor URL you can call from any agent, API, or Zap — no Python install. (2) Residential proxies on by default — Sherlock's defaults get blocked. (3) MCP-ready: AI agents see structured input/output schemas, predictable per-username pricing, and machine-readable WAF flags they can act on.

How accurate is it? Detection follows Sherlock's three-mode model exactly. Known false-positive sites (those that return 200 for every profile URL) use the message mode to validate against a real "user not found" string. Heavily WAF-protected sites are surfaced honestly as WAF rather than guessed.

Can I run it on a list of suspect handles for fraud / brand protection? Yes — pass up to 100 usernames per run. The _note field includes a one-line summary; cross-cluster repeat hits (same handle on Tinder + LinkedIn + GitHub + niche forums) is a strong identity signal.

What categories does it cover?

• social — Twitter, Instagram, TikTok, Reddit, Mastodon, Bluesky, LinkedIn, Threads, etc.
• dev — GitHub, GitLab, npm, PyPI, Hugging Face, Replit, Codepen, Stack Overflow, Kaggle, etc.
• gaming — Steam, Xbox, PlayStation, Twitch, Chess.com, Lichess, etc.
• forum — Quora, Discord public profile, 4chan, Hacker News, Stack Exchange, etc.
• media — Spotify, YouTube, Vimeo, Bandcamp, Behance, Dribbble, DeviantArt, Letterboxd, Goodreads, Medium, Substack, etc.
• business — Patreon, Fiverr, Upwork, Crunchbase, Product Hunt, Ko-fi, Kickstarter, etc.
• other — Everything else in the Sherlock catalogue.

What about NSFW sites? The Sherlock catalogue includes 19 adult platforms. They are excluded by default; toggle includeNSFW: true only for compliance, brand-protection, or fraud-investigation workflows.

How long does a scan take? Typical 1-username scan over all 480+ sites: 20–40 seconds with concurrency: 40. Single-category scans (e.g., categories: ['dev']) finish in 5–15 seconds.

Complementary actors

If you found a username on LinkedIn, GitHub, or Twitter via this scanner, enrich the result with:

• LinkedIn Profile Scraper & Email Finder — pull the full profile + verified email.
• Twitter/X Profile & Followers Scraper — extract tweets, followers, profile metadata.
• Bulk Website Contact Extractor — once you have a personal site, pull emails / phones / social links.

Legal / ethical notice

This actor only checks publicly available profile URLs — it does not bypass authentication, scrape private data, or access content gated behind a login. Use it for legitimate OSINT, brand protection, fraud detection, recruiting, and journalism. Do not use it to stalk, harass, dox, or target individuals.

Each platform's terms of service apply to how you use the data returned. You are responsible for ensuring your use complies with applicable privacy laws (GDPR, CCPA, etc.) and platform policies.

Site catalogue derived from the open-source Sherlock project (MIT License). Detection methodology described in the Sherlock README.

Changelog

• 0.1 (2026-05-16) — Initial release. 481 sites from Sherlock data.json. Three-mode detector. WAF detection for Cloudflare/Akamai/PerimeterX/DataDome/AWS-WAF. Category auto-tagging. NSFW filter. PPE: $0.04 per username scanned + Apify Pay-Per-Usage option.