Blackbird - An OSINT tool to search for accounts by username in social networks


The Lockheed SR-71 "Blackbird" is a long-range, high-altitude, Mach 3+ strategic reconnaissance aircraft developed and manufactured by the American aerospace company Lockheed Corporation.


This or previous program is for educational purposes ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that me (P1ngul1n0) is not liable for any damages caused by direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss, system crash, system compromise, etc.) caused by the use of these programs is not P1ngul1n0's responsibility.


Clone the repository

git clone
cd blackbird

Install requirements

pip install -r requirements.txt


Search by username

python -u username

Run WebServer

python --web

Access on the browser

Read results file

python -f username.json

List supportted sites

python --list-sites

Export Report

The results can be exported as a PDF Report.

Metadata Extraction

When possible Blackbird will extract the user's metadata, bringing data such as name, bio, location and profile picture.

Random UserAgent

Each time Blackbird does a username search it will use a random UserAgent from a list of 1000 UserAgents to prevent blocking.

Supersonic speed 🚀

Blackbird sends async HTTP requests, allowing a lot more speed when discovering user accounts.

JSON Template

Blackbird uses JSON as a template to store and read data.

The data.json file store all sites that blackbird verify.


  • app - Site name
  • url
  • valid - Python expression that returns True when user exists
  • id - Unique numeric ID
  • method - HTTP method
  • json - JSON body POST (needs to be escaped, use this 👉
  • {username} - Username place (URL or Body)
  • response.status - HTTP response status
  • responseContent - Raw response body
  • soup - Beautifulsoup parsed response body
  • jsonData - JSON response body
  • metadada - a list of objects to be scraped



      "app": "ExampleAPP1",
      "url": "{username}",
      "valid": "response.status == 200",
      "id": 1,
      "method": "GET"


      "app": "ExampleAPP2",
      "url": "",
      "valid": "jsonData['message']['found'] == True",
      "json": "{{\"type\": \"username\",\"input\": \"{username}\"}}",
      "id": 2,
      "method": "POST"

GET with Metadata extraction

      "app": "Twitter",
      "id": 3,
      "method": "GET",
      "url": "{username}",
      "valid": "response.status == 200",
      "metadata": [
          "type": "generic-data",
          "key": "Name",
          "value": "soup.find('a', class_='profile-card-fullname')['title']"
          "type": "generic-data",
          "key": "Bio",
          "value": "soup.find('div',class_='profile-bio').string"
          "type": "generic-data",
          "key": "Site",
          "value": "soup.find('div',class_='profile-website').text.strip('\\t\\r\\n')"
          "type": "generic-data",
          "key": "Member since",
          "value": "soup.find('div',class_='profile-joindate').find('span')['title']"
          "type": "image",
          "key": "picture",
          "value": "''+soup.find('a', class_='profile-card-avatar')['href']"
          "type": "location",
          "key": "location",
          "value": "soup.select_one('.profile-location:nth-of-type(2)').text.strip('\\t\\r\\n')"

If you have any suggestion of a site to be included in the search, make a pull request following the template.

Planned features

  • Implement Flask Web Server to optimize UX
  • Export results in PDF
  • Export results in CSV
  • Reach at least 300 sites until August 2022
  • Implement metadata extraction
  • Deploy on Cloud


Feel free to contact me on Twitter

July 12, 2022


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Oldest Most Voted
Inline Feedbacks
View all comments
10 months ago

Well, I tried to edit my comment but it wouldn’t allow me.

I very very very stupidly forgot to type python3

Ignore my previous comment.

10 months ago

Does not seem to be compatible with python 3.10

Last edited 10 months ago by Thrasher
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023