Ju1y's Blog - Linkook - Finding Hidden Treasures

Linkook — Social Account Mining Tool

0x00 Introduction

During OSINT information collection, I used Sherlock, a tool that allows searching for social accounts on various platforms by username. Sherlock is a great tool, but during use, I noticed some shortcomings:

  • It only searches for the same username across platforms.
  • If a user uses different usernames on different platforms, some accounts might be missed.
  • If multiple unrelated users share the same username, it may incorrectly include these accounts.

Considering that many social platforms allow users to link other social accounts, many of which are also publicly displayed on user profiles, I decided to develop my own tool for enumerating accounts, focusing on searching for these interconnected social accounts through deep searches for linked accounts to uncover more potential information. This approach offers the following advantages:

  • The associated accounts found have a high degree of certainty of being linked to the user, reducing the risk of errors.
  • By recursively searching for linked accounts, we can find more hidden account information.

So I developed — Linkook: https://github.com/JackJuly/linkook

avatars
JackJuly / Linkook
🔍 An OSINT tool for discovering linked social accounts and associated emails across multiple platforms using a single username.

0x01 Tool Introduction

Linkook is an OSINT tool that can discover interconnected social accounts and their associated emails across multiple social platforms by searching with a single username. It also supports exporting the collected associated information in a format compatible with Neo4j for visual analysis.

Screenshot

Main Features

  • Search for social accounts across multiple platforms by a given username.
  • Further search for related social accounts, usernames, emails, etc.
  • Query the associated emails using HudsonRock’s Cybercrime Intelligence Database to check if they are affected by cybercrime or information theft.
  • Supports exporting the scan results in a JSON format compatible with neo4j for visualizing the results in neo4j, helping to better filter relevant accounts and remove unrelated information.
Screenshot

0x02 Installation and Usage

Can be installed directly via pip or pipx

Shell 
pipx install linkook

Run with the following command:

Shell 
linkook {username}

Usage

--show-summary

  • Option to show a summary of the scan results.
Screenshot

--concise

  • Option to display output in a concise format.
Screenshot

--check-breach

  • Uses HudsonRock’s Database to check whether the fetched emails have been affected by cybercrime or information theft. If a breach is detected, the email will be marked in red and (breach detected) will be shown, and the breached emails will be listed in the Scan Summary.
Shell 
...
Found Emails: notbreached@mail.com, breached@mail.com(breach detected)
...
...
========================= Scan Summary =========================
...
Breached Emails: breached@mail.com

--neo4j

  • Export the query results as a JSON format compatible with neo4j database import. The output file will be neo4j_export.json.
  • In neo4j, use the APOC plugin to import the JSON data. The following is the Cypher code to import data, which will return the number of imported nodes and relationships.
  • Use MATCH (n) RETURN n to view all results and their relationships.
Cypher 
CALL apoc.load.json("file:///neo4j_export.json") YIELD value
CALL {
  WITH value
  UNWIND value.nodes AS node
  CALL apoc.create.node(
    node.labels,
    apoc.map.merge({ id: node.id }, node.properties)
  ) YIELD node AS createdNode
  RETURN count(createdNode) AS nodesCreated
}
CALL {
  WITH value
  UNWIND value.relationships AS rel
  MATCH (startNode {id: rel.startNode})
  MATCH (endNode {id: rel.endNode})
  CALL apoc.create.relationship(startNode, rel.type, {}, endNode) YIELD rel AS createdRel
  RETURN count(createdRel) AS relsCreated
}
RETURN nodesCreated, relsCreated;

Other usage options can be found in the GitHub.

Video Demo

You can watch the video demo on YouTube: https://www.youtube.com/@Ju1y0x0

Contribution

How it works?

Linkook scans social platforms based on the preset scan configuration file provider.json, performing the following checks:

  • Checks whether the account exists on the social platform based on the username.
  • If the account exists and the platform allows linking other accounts, it searches for other linked social accounts.
  • If the account exists, it checks whether the user’s profile contains email information, and if found, queries HudsonRock’s Database.
  • If linked accounts are found, and the platform supports further linking, it adds the newly discovered accounts to the scan queue.

Linkook relies on the provider.json file, which contains the list of websites to search. New websites can be added to extend the tool's search capabilities, and this is the most important area for contribution. The basic format of the site is as follows:

JSON 
"Website Name": {
    "mainUrl": "https://www.website.com",
    "profileUrl": "https://www.website.com/profile/^USER^",
    "queryUrl": "https://www.website.com/api/user",
    "regexUrl": "https://(?:www.|m.)?website.com/(?:user/|profile/|@)^USER^",
    "keyword": {
        "Match": ["followers", "following"],
        "notMatch": ["User does not exist"]
    },
    "isUserId": true,
    "isConnected": true,
    "hasEmail": false
}

Contribution guidelines can be found on the GitHub CONTRIBUTING page.

Participate in Research

You can participate in our feedback survey on GitHub Discussions, or leave your suggestions and comments in the Discussion section.

I will continue to optimize and update Linkook. I hope this tool will become more useful and popular, and I welcome more contributors to join in. ☀️