Maigret: The OSINT Detective That Finds Every Account

TL;DR

What it solves: The brute-force problem of finding where a username lives across thousands of platforms - manually this takes days, Maigret takes minutes
Why it matters: Most people reuse handles; one username is often a skeleton key to a full digital identity
Best for: OSINT investigators, investigative journalists, security researchers doing reconnaissance, and individuals running a personal privacy audit
Main differentiator: Recursive search - when it scrapes a profile and finds a different linked username, it automatically queues a new sweep for that identifier too
Best use case: Mapping the full account graph of a pseudonymous actor from a single known forum handle

The terminal sat quiet for three seconds, then started scrolling. GitHub: found. YouTube: found. Reddit: found. Instagram: found. A DeviantArt account, created in 2015, mostly forgotten: found. And then, at the bottom of the pass:

[-] Extracted IDs: {'hoangyell': 'username', 'HoangYell': 'username'}

I hadn’t asked it to extract username variants. Maigret found them on its own, from profile metadata, and flagged them for the next sweep.

That is the difference between a username checker and a search engine.

What Maigret Actually Does

Maigret is a Python CLI that checks over 3,000 websites for a given username. For each site, it fires an async HTTP request, reads whether the profile exists via status codes, body patterns, or JSON field presence, and moves on to the next one.

One sentence: Maigret takes a username, searches 3,000+ platforms concurrently, and returns a structured list of found accounts with extracted profile data - no API keys, no paid tiers.

The name is not accidental. Georges Simenon’s fictional detective Jules Maigret solved cases not by rushing to conclusions but by sitting in cafés, watching, and waiting for the full picture to assemble itself. The tool works the same way. It doesn’t tell you what to think. It just keeps finding things until there is nothing left to find.

The Recursive Part Is the Clever Part

When Maigret fetches a profile page, it doesn’t just mark it “found” and move on. It runs socid-extractor on the page - a companion library that understands 200+ site-specific formats - and pulls structured fields: real name fragments, linked social accounts, email usernames, profile creation dates.

If any field contains a different username or variant, Maigret adds it to the search queue and runs a new pass.

Here’s real output from running it on my own username:

maigret hoangyell

Partial output:

[+] hoangyell on GitHub        https://github.com/hoangyell
       ├─uid: 7069077
       ├─fullname: HoangYell
       ├─location: Da Nang
       └─twitter_username: hoangyell
[+] hoangyell on YouTube       https://www.youtube.com/@hoangyell/about
[+] hoangyell on Reddit        https://www.reddit.com/user/hoangyell
[+] hoangyell on Instagram     https://www.instagram.com/hoangyell/
[+] hoangyell on Facebook      https://www.facebook.com/hoangyell
[+] hoangyell on SoundCloud    https://soundcloud.com/hoangyell
[+] hoangyell on LinkedIn      https://linkedin.com/in/hoangyell
[-] Extracted IDs: {'hoangyell': 'username', 'HoangYell': 'username'}
[*] Extended info from 15 accounts  -  countries: us, vn, cn, pk
...
[*] Found 40 accounts in 44.9s (509 sites checked)

The recursion runs until no new identifiers surface. Disable it with --no-recursion if you want scope control.

Usage / Key Commands

Command	Purpose
`maigret username`	Check top 500 sites by Majestic Million rank
`maigret username -a`	All 3,000+ sites - slower but exhaustive
`maigret username -HP`	Generate HTML + PDF report in one run
`maigret username --json ndjson`	Machine-readable newline-delimited JSON
`maigret username --graph`	Interactive D3 force-directed graph
`maigret username --tags us,jp`	Filter by country tag
`maigret username --tags coding`	Filter by category (photo, dating, finance…)
`maigret --parse https://steamcommunity.com/profiles/...`	Extract identifiers from a URL, then search
`maigret --permute hope dream`	Generate 12 username variants and search all
`maigret --web 5000`	Local web UI at http://127.0.0.1:5000

💡 Tip: The --parse flag is underused. Feed it any socid-extractor-supported profile URL - including Google Docs and most social profile pages - and it pulls every identifier on the page before running the search. It turns a URL into a starting point automatically.

Markdy animation

Maigret vs Sherlock

Sherlock is the other well-known username-search tool. Both are good. They solve different problems.

Feature	Maigret	Sherlock
Sites in database	3,000+ (default: top 500)	~400
Recursive search	Yes - auto-follows linked usernames	No
Profile data extraction	Yes - name, bio, dates, linked accounts	No
Tags / category filters	Yes - country + category	No
Web UI	Yes - local Flask server	No
Report formats	HTML, PDF, TXT, JSON, CSV, XMind, D3 graph	TXT, CSV, XMind
URL parse + search	Yes (`--parse`)	No
Username permutations	Yes (`--permute`)	No
Tor / I2P support	Yes	No
Database auto-update	Yes - pulls from GitHub daily	No
Python async API	Yes	Limited

Sherlock is faster and simpler for a quick answer. Use Maigret when the quick answer turned up something worth following.

Real-World Uses

Investigative journalism. A reporter receives a tip about a pseudonymous actor. One forum handle goes in. Twenty minutes later: accounts on gaming platforms, photo communities, regional forums, a personal blog. The extracted created_at fields from multiple sites corroborate or contradict claimed identities and timelines.

Security reconnaissance. During a penetration test, leaked credentials include a username. That username maps to a GitHub profile with a linked Twitter, a Stack Overflow account with a home city, and a photography site with full face photos. The attack surface expanded significantly from one string.

Incident response. After a breach, you need to know the scope of an exposed account’s online footprint. Secondary accounts, password-reuse vectors, reputational exposure - all of it starts with one search.

Personal privacy audit. You’re doing a legal name change, account consolidation, or just want to know what’s still out there from 2011. Here’s what the author’s own username returned:

maigret hoangyell -a -HP --graph

[*] Searching hoangyell on 3000+ sites...
[+] Found 40 accounts (15 with extended info)
[*] Countries: us, vn, cn, pk
[*] Interests: coding, social, photo, gaming, video, business, messaging, discussion
[*] Reports saved: report_hoangyell_plain.html, report_hoangyell.pdf
[-] Graph report on all usernames saved in report_hoangyell_graph.html

Roblox, Wowhead, Tripline - accounts registered a decade ago, completely forgotten. The report surfaces them. Then you decide which ones to remove.

The --graph flag generates an interactive HTML D3 node graph that helps visualize the connections, looking roughly like this:

       [GitHub] --- (hoangyell) --- [Reddit]
          |              |              |
     (Da Nang)     (HoangYell)    [DeviantART]
          |              |
      [Twitter]      [SoundCloud]

And the -HP flags give you a clean, shareable PDF dossier and an HTML report. You can hand these straight to a client or keep them for your own records, without needing to decipher terminal output.

Crypto and financial investigation. Tags like finance narrow the search to crypto exchanges, trading communities, and financial forums. Combined with recursive search, a single exchange username can surface a connected Reddit alias or forum profile with more identifying details - useful for both compliance work and fraud investigation.

The Honest Part

False positives exist. A small Belarusian forum probably has a different “john” than GitHub. The -a flag across all 3,000+ sites will produce noise. Maigret documents this. The --self-check --auto-disable workflow helps:

maigret -a --self-check --auto-disable

This validates every site’s test pair against live responses and disables failing sites in your local database. Fewer false positives on the next run.

Default covers only 500 of 3,000+ sites. The cap exists for speed and noise reduction. For serious investigations, always use -a and expect several minutes instead of under one.

Blocking is real. High-traffic platforms detect scrapers. Without a proxy, many requests will fail silently or hit CAPTCHAs. Maigret surfaces a warning when error rates exceed 3% of responses. That is useful, but it doesn’t get past the block.

⚠️ Warning: GDPR, CCPA, and their equivalents govern what you can collect and store about individuals. Using Maigret against a real person without lawful basis may be illegal in your jurisdiction. The authors disclaim responsibility for misuse. That disclaimer is not boilerplate.

Installation

pip3 install maigret
maigret username

For PDF output, install system dependencies first:

# Debian / Ubuntu / Kali
sudo apt install -y libfreetype6-dev libjpeg-dev libffi-dev

# macOS
brew install freetype

Other options:

Method	Command
Docker CLI	`docker run -v /mydir:/app/reports soxoj/maigret:latest username --html`
Docker Web UI	`docker run -p 5000:5000 soxoj/maigret:web`
Telegram bot	Message `@maigret_search_bot` - zero install
Windows EXE	Download from GitHub Releases
Google Colab	Notebook link in README

Python 3.10 minimum. 3.11 recommended.

If you have no interest in installing anything right now, the Telegram bot is a surprisingly complete interface. No Python, works from a phone.

Maigret is also importable as an async library if you want to wire it into a larger pipeline:

import asyncio
import maigret

async def main():
    session = await maigret.get_maigret_session()
    results = await maigret.search(
        username="machine42",
        sites_db=session.db,
    )
    return results

asyncio.run(main())

Commissaire Jules Maigret never rushed. He built the picture slowly, from whatever was available, until the subject had nowhere left to hide. The open-source tool named after him does the same - it just moves considerably faster, and doesn’t require a café.

→ soxoj/maigret