OSINT TOOLKIT: BLACKBIRD, A PYTHON-BASED TOOL THAT INVESTIGATES USERNAMES TO MAP A TARGET’S DIGITAL FOOTPRINT ACROSS SOCIAL MEDIA PLATFORMS

Priscilla Alves Pereira, Christian Collins, Mekhala Jambholkar, OSINT-RDT Team

James Raggio, Editor; Jennifer Loy, Chief Editor

December 12, 2025

Industry: Online Investigations, Threat and Social Media Intelligence

(The Open Source Intelligence [OSINT] Toolkit is a report to help teach about various OSINT tools that can be used by Threat, Security, Intelligence, and Investigative Professionals [TSIIPs])

Account Search Across Social Media Platforms^[1]

What is the BLUF about the OSINT Tool?

Blackbird is a free OSINT tool, available on GitHub, that helps TSIIPs assess a POI’s digital footprint and identify accounts across platforms. The tool generates results from analyzing over 600 websites to detect accounts associated with a specific handle. TSIIPs can gain further insight into POIs’ online behaviour and potential connections by using aggregated search results. Blackbird provides profiles’  URLs, account status, and available metadata from the different platforms to support POIs’ identity verification.

What is the name of the OSINT Tool?

Blackbird

URL:

https://github.com/p1ngul1n0/blackbird 

Who makes this tool?

Lucas Antoniaci is the project developer, while DigitalOcean is the sponsor.^[2]

What country is this tool based out of?

Brazil

What is the purpose of the OSINT Tool?

Blackbird is an OSINT tool that automates the identification of a POI’s online presence by scanning for usernames or email addresses across numerous platforms and publicly accessible sources. It is a digital footprint search tool that returns all publicly available matches in one place, including verified accounts, possible accounts, and signs of the POI’s online activity. TSIIPs should utilize Blackbird to cross-verify suspicious usernames, discover additional online accounts linked to relevant POIs, and identify unknown digital footprints that may support an investigation.

What is the reason TSIIPs should use this OSINT Tool?Blackbird allows  TSIIPs to map a POI's digital footprint and quickly identify its active accounts. TSIIPs should use the tool’s aggregate capacity to scan 600+ platforms and check the existence of a particular username or email that could evade a manual search while saving time.

How should TSIIPs use this OSINT Tool?

TSIIPs should use Blackbird during the initial phases of an investigation to build a list of all the websites where a target has an account. By entering a username, the tool provides a list of links to profiles that TSIIPs can click to view photos, read posts, or find location details. TSIIPS can use this information to verify if the digital persona matches the identity of the POI. CTG’s OSINT Team recommends using these results to triangulate whether the accounts actually belong to the POI. TSIIPs should use a VPN for privacy and operational security (OPSEC) while conducting social media searches on POI. The OSINT-RDT Team recommends running Blackbird in a virtual environment (VE), as is recommended for GitHub tools, to ensure proper safety precautions.

What results will TSIIPs receive from the use of this OSINT Tool? 

TSIIPs will likely save time on social media search using Blackbird, as it provides the following:

• Username: The search returns social media platforms that share the same username.

• Email: The results show where the provided email address was used as a login on social media platforms.

• Export to PDF: Users can export results from usernames or emails to a PDF file.

How will this OSINT Tool help TSIIPs protect a person or organization? 

Blackbird helps TSIIPs protect individuals or organizations by identifying and cross-verifying a POI’s online presence. By revealing publicly accessible data such as usernames, email addresses, and online activity, along with linked profiles and possible connections, TSIIPs can confirm a POI’s identity and evaluate risks. TSIIPs can monitor POIs, increase situational awareness, detect emerging threats, and potentially map networks through connected profiles, and track online activity across multiple platforms.

Instructions on using this OSINT Tool:

1. Users should access the tool by clicking the link above.

2. Users should go to the “setup section.”

3. Users should access https://shell.cloud.google.com/?hl=en_US&fromcloudshell=true&show=terminal and log in to their Google account to use the terminal.

4. Users should clone the repository using the provided code:  “git clone https://github.com/p1ngul1n0/blackbird.”

5. Users should input the code “cd blackbird” to access the Blackbird folder on the VE.

6. Users should install the requirements using the code: “pip install -r requirements.txt.”

7. Users can use the tool by searching by username, pasting the code: “python blackbird.py --username [your preferred username].” (example: python blackbird.py –username JohnDoe123.)

8. Or users can search by email using the code: “python blackbird.py --email [your preferred email].” (example: python blackbird.py – email johndoe123@gmail.com)

9. Users can also export results to PDF using the code “python blackbird.py --email  --pdf” to download the email search, or “python blackbird.py --username  --pdf” for username search.”

Example of this OSINT Tool in use by a TSIIP?

Consider a scenario where TSIIPs are investigating a POI and receive the username “johnsmith123” that their target might use. This username is for Instagram, where TSIIPs can confirm that the profile picture belongs to the POI. Now they will deepen their research to find additional social media accounts for a more accurate investigation. TSIIPs will use Blackbird to confirm if the username provided on Instagram can be linked to any other social media accounts. The procedure would be as follows:

1. TSIIPs open Google Cloud Editor, follow the activation procedure, and paste the username "johnsmith123" into the appropriate box.

2. Blackbird results show which social media platforms use the same username, such as TikTok, Telegram, Kik, Snapchat, and others.

3. TSIIPs can now investigate each social media result, cross-check which ones belong to their target, and remove any accounts belonging to homonyms.

4. After a thorough search, TSIIPs can confirm that some of those social media accounts belong to their POI and that not all were private, allowing them to track the target’s last location using Snapchat.

5. TSIIPs send the findings to the authorities for the operational part of the investigation.

What other tools should be used with this OSINT Tool?

TSIIPs should use Blackbird with other username search tools to avoid missing important social media accounts. TSIIPs should use tools such as Sherlock and WhatsMyName.app to corroborate searches and ensure a comprehensive investigation. Users can find a comprehensive report on Sherlock on the CTG website.^[3] TSIIPs should use specific tools, such as GHunt for Google accounts, to broaden and deepen the search and identify location data. For email addresses, TSIIPs should use Identificator^[4] to link the email to other websites to understand the POIs’ habits. TSIIPs can also utilize Maltego to map connections between usernames to emails, phone numbers, and other entities to see the big picture of the target’s network. Users can access detailed reports on Maltego by the OSINT-RDT Team on the CTG website.^[5] TSIIPs can also use evidence preservation tools, such as Archive.today^[6] or Wayback Machine^[7], which create permanent copies of the webpage, to safeguard investigations if POIs delete their accounts or suspect monitoring.

Are there any concerns that TSIIPs should have about using this OSINT tool?

TSIIPs should be aware that Blackbird relies on publicly accessible data, which may be incomplete, outdated, or inaccurate. Username-based searches can generate false positives, especially when common or reused usernames appear across multiple platforms. Some results may link to inactive or broken profiles, requiring manual verification. Because Blackbird is not region-specific and draws on global sources, TSIIPs should review whether international findings are relevant. All results should be cross-verified with complementary OSINT tools to ensure accuracy and prevent misidentification. Additionally, setting up and managing a VE, as recommended for running GitHub tools like Blackbird, may present a technical challenge for some users, particularly those unfamiliar with Python environments and command-line tools.

[1] Accounts search in social networks, generated by a third party database

[2] “P1ngul1n0/blackbird,” Github, https://github.com/p1ngul1n0/blackbird 

[3] OSINT TOOLKIT: SHERLOCK, A PYTHON-BASED SOFTWARE THAT UNCOVERS MALICIOUS ACTORS ACROSS SOCIAL MEDIA PLATFORMS, by Martina Elena Nitti, Dominic Bianco, Yassin Belhaj, Dalton Riedlbauer,  OSINT-RDT Team

[4] Home, Identificator, https://identificator.space/

[5] OSINT TOOLKIT: MALTEGO, AN INTEGRATED PLATFORM  THAT STREAMLINES CYBER INVESTIGATIONS AND HELPS ANALYZE RELATIONSHIPS WITHIN COMPLEX DATASETS, by Dalton Riedlbauer, Martina Elena Nitti, Dominic Bianco, OSINT-RDT Team

[6] Home, Archive.today, https://archive.ph/

[7] Wayback Machine, Internet Archive, https://web.archive.org/