FIND-20260323-027 · 2026-03-23 · Innovation Veille
Snoop — OSINT Username Intelligence Tool (snooppr/snoop)
adhoc
LOW
Snoop is a Python-based OSINT tool that searches for a target username across 5,300+ websites simultaneously, returning public profile URLs and supporting geo-IP analysis, CSV/HTML export, and batch processing. Maintained by a single Russian developer (snooppr), it targets investigators, security researchers, and law enforcement. The project has ~3,800 GitHub stars and was last committed on 2026-03-11. Its license is non-standard (NOASSERTION — a custom multi-license blend of MIT, BSD, Apache 2.0, Mozilla 2.0 and PSF), raising legal uncertainty. From an ODS platform perspective, this tool has no architectural overlap with ODS services (Rust/Go microservices, Redpanda, PostgreSQL). Its sole tangential relevance is as a threat-intelligence reference: understanding OSINT enumeration techniques informs how ODS should design its public API surface and user profile exposure policies to resist username harvesting attacks.
Source
https://github.com/snooppr/snoop
ODS Impact
No direct integration value for ODS platform microservices or infrastructure. Indirect defensive relevance: the tool demonstrates how public APIs can be scraped for user identity correlation across services, which is a threat model ODS should consider when designing public-facing endpoints in OID (identity service) and Notification Hub. Specifically, ODS should ensure that public-facing endpoints do not leak username existence (timing attacks, differential error messages) and that the API Gateway rate-limits unauthenticated probing. No adoption recommended.
Security Review
License: NOASSERTION (custom multi-license blend — legal uncertainty, FLAG for production use) | Maintenance: ACTIVE | Risk: HIGH | Recommendation: DO_NOT_USE
Tags
osint
python
security
username-enumeration
threat-model
single-maintainer
red-team