WMN-Docker - Kodama the Chameleon

Introduction

Overview

WhatsMyName (WMN) by Micah “WebBreacher” Hoffman was created in 2015 with the goal of discovering usernames on a given website. WMN-Docker creates an API wrapper in a containerized Docker environment around WMN for integration, modularity, and scalability with other open-source intelligence (OSINT) tooling.

Purpose and Key Features

The project offers straightforward functionality to compliment the original intent of WMN while ensuring a basic level of security and bonus features.

JWT Authentication
Username Lookup
Batch Username Lookup
Job Results
Built-in Documentation

Audience

Anyone who conducts OSINT investigations with the need to identify potentially related accounts for a given username. This might include but is not limited to:

Cyber Threat Intelligence
Law Enforcement
Investigative Journalism

Getting Started

Dependencies and Prerequisites

Python
It’s not the most popular coding language for nothing. WMN-Docker requires python 3.10 or greater; however, that should not be much of an issue if all you need is the container. Speaking of containers…

Docker
Docker provides scalability and portability (not to mention it’s in the name). WMN-Docker currently supports docker-compose and docker-compose-v2 during installation; the practical difference being docker-compose up -d versus docker compose up -d when launching the API.

Git (recommended)
If you intend to utilize the GitHub docker compose files and other utilities, the simplest way is to make sure you have git installed.

Installation

There is more then one way to install and utilize WMN-Docker. More advanced users may wish to pull the container image, kodamachameleon/whatsmyname:latest, directly from DockerHub. For the purposes of this documentation we will stick with utilizing the docker compose file in the GitHub repo. Start by cloning the repository.

git clone https://github.com/kodamaChameleon/wmn-docker.git
cd wmn-docker

(Recommended) Use a python virtual environment. Not necessary if all you wish to launch is the Docker API.

python3 -m venv .venv
source .venv/bin/activate

Quick Setup
The quick setup is designed to get you up and running fast. To initialize the local .env and pulls container images from DockerHub use:

python3 client.py --setup

Development
If you are interested in contributing, tweaking, or just closer examination of the code, initialize the local .env and build container from source code with:

python3 client.py --setup dev

User Initialization
By default, authentication is required. If you wish to disble this requirement (not recommended for production environments), set AUTH_REQUIRED=False in your .env file. To initialize the user database and retrieve credentials:

Run docker exec -it wmn-api python3 users.py initialize
Save the initial credentials in a safe location.

💡 Additional user management features are available from the users.py command line utility inside the container. Just run docker exec -it wmn-api python3 users.py -h

Usage

Basic Functions

The client.py sub-library, utils/api.py, already contains an example python wrapper for API usage. Here are a few more examples to get you started using curl.

Authentication

curl -X POST "http://localhost:8000/api/v1/token" \
     -H "Content-Type: application/json" \
     -d '{"user_id": "your_user_id", "secret": "your_secret"}'

Returns a JSON Web Token (JWT) for use in subsequent calls.

Submit a Username for Lookup

curl -X POST "http://localhost:8000/api/v1/lookup" \
     -H "Authorization: Bearer your_jwt_token" \
     -H "Content-Type: application/json" \
     -d '{"username": "kodamachameleon"}'

Returns a Job ID to lookup results.

Submit Multiple Usernames at Once

curl -X POST "http://localhost:8000/api/v1/batch" \
     -H "Authorization: Bearer your_jwt_token" \
     -H "Content-Type: application/json" \
     -d '{
           "usernames": ["kodamachameleon", "webbreacher"]
         }'

Check Job Status

curl -X GET "http://localhost:8000/api/v1/status/your_job_id" \
     -H "Authorization: Bearer your_jwt_token"

Returns JSON results of username lookup.

Configuration Options

Environment
The .env file creating at setup contains several configuration options for customization to your specific needs. Default values are annotated in parenthesis.

RATE_LIMIT (20): prevents a user from exceeding a specified number of requests per a minute
CHECK_SITE_TIMEOUT (30): specifies how long WMN should wait for a website to respond while checking username status
JOB_TIMEOUT (90): the upper limit in seconds before a job is cancelled
CACHE_EXPIRATION (900): how long wmn-docker stores username lookup results before conducting a new scan
SSL_WEBSITE_ENUMERATION (True): determines whether to ignore SSL verification issues such as valid certificates
API_BASE_URL (http://localhost:8000): the hostname and port of the exposed API interface
REDIS_URL (redis://redis:6379/0): informs the API where to locate the Redis server
AUTH_REQUIRED (True): determines whether JWT authentication is required using user ID and secret or not
ACCESS_TOKEN_EXPIRATION (7): sets number of days a JWT is valid
SECRET_KEY (your_secret_key_here): must be a 32 bit, base 64 encoded key
USER_ID and SECRET: optional values for storing credentials from the user database for use with the built-in client.py utility

Docker-Compose
WMN-Docker currently requires three separate containers.

api: The API endpoint to which calls are made
celery-worker: A background task processor
redis: data store and cache of results

You may wish to alter these configurations if integrating into another existing environment.

Examples and Use Cases

If you are conducting username OSINT and need an API, you likely are enumerating high volumes of usernames, looking to integrate with another service, and/or simply trying to automate your investigative workflow.

Project Structure

Layout

WMN-Docker can be divided into four main categories.

app: These are the python files which make up the WMN docker container. If using the docker-compose-dev.yml file for launching the containers, app in the container is mapped to the local app folder for development, testing, and integration.
utils: Supporting scripts to client.py. This includes setup and a simple API wrapper to get you started using the API in python.
configuration: The majority of the files in the root directory (excluding client.py) are docker compose, container, or git config files
documentation: Anything written in markdown (.md file extension).

Key Files

app

app/main.py: launches the API and contains all the necessary routes
app/users.py: performs administrative user management. See docker exec -it wmn-api python3 users.py -h for more usage information.

utils

client.py: command line utility for performing setup and basic usage
utils/setup.py: setup environment in production or development mode
utils/api.py: basic python API wrapper for username look ups

configuration

.env_sample: the environment file copied to .env containing the docker environment variables
.gitignore: git config file for ignoring changes to specific files
requirements.txt: python requirements if using the client.py utility or installing in development mode
docker-compose-dev.yml: docker compose file for development environment, key difference being the mapping of the app directory
docker-compose.yml: docker compose file for production environments

documentation

README.md: Repo introductory information and basic usage
LICENSE.md: Terms of use
CONTRIBUTING.md: Instructions for individuals interested in contributing to the project

Versioning

WMN-Docker follows the standard major.minor.patch format, also known as Semantic Versioning. Here’s the breakdown:

MAJOR: introduces breaking changes incompatible with previous versions
MINOR: increased when new features or improvements are added but remain backward compatible
PATCH: incremented for small fixes, performance improvements, or minor adjustments

For pre-release versions, beta tags like 1.2.0-beta or 2.0.0-beta.1 are used to signal that the version is still in testing and may contain some unexpected behavior. Beta releases allow users to test upcoming changes and provide feedback before the final version rolls out. The GitHub main branch will always contain the latest, non-beta release.

Version	Supported
1.1.1-beta	✅
1.1.0	✅
1.0.0	✅

Contributing

Report an Issue

If you encounter a bug, performance issue, or security vulnerability, we encourage you to report it.

Steps to report:

Search the issue tracker to see if the issue has already been reported.
If not, create a new issue, and provide as much detail as possible (e.g., steps to reproduce, expected behavior, logs, etc.).

Feature Request and Suggestions

We welcome ideas for improving the project! If you have a feature request or general suggestion:

First, open an issue to discuss your idea.
We value feedback, so feel free to engage in conversations regarding any proposed features.

Submitting Pull Requests

Fork the repository: Click the Fork button at the top-right corner of the project page on GitHub.

Clone your fork:

git clone https://github.com/your-username/wmn-docker.git
cd wmn-docker

Create a Branch
Create a new branch for your changes:

git checkout -b feature/your-feature-name

Make Your Changes
Ensure your changes adhere to the project’s coding style and pass existing tests. Consider adding new tests for any added functionality. Please make sure your code is well-documented. To ensure consistency and code quality, please follow these rules:

Pull Requests: Make sure your pull request addresses one issue at a time.
Coding Style: Follow PEP 8 for Python code, and ensure other code adheres to relevant conventions.
Tests: Run existing tests and add new ones for any added features.
Commit Messages: Use clear and meaningful commit messages.

Commit Your Changes
Use clear and descriptive commit messages:

git commit -m "Add detailed description of your changes"

Push Your Branch
Push the changes to your forked repository:

git push origin feature/your-feature-name

Create a Pull Request
Once your code is ready for review:

Navigate to your fork on GitHub.
Open a pull request (PR) to the main branch of the original repository.
Ensure you describe your changes and link any related issue(s).

The project maintainers will review your PR and provide feedback as necessary.

Code of Conduct

Our Pledge

We as members, contributors, and leaders pledge to make participation in the project and community a harassment-free experience for everyone, regardless of age, body size, abilities, ethnicity, experience, education, socioeconomic status, nationality, personal appearance, race, or religion.

We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.

Our Standards

Examples of behavior that contributes to a positive environment for our community include:

Demonstrating empathy and kindness toward other people
Being respectful of differing opinions, viewpoints, and experiences
Giving and gracefully accepting constructive feedback
Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
Focusing on what is best not just for us as individuals, but for the overall community
Praise others in public and correct in private

Examples of unacceptable behavior include:

Sexual attention or advances of any kind
Trolling, insulting or derogatory comments, and personal or political attacks
Public or private harassment including but not limited to doxing
Other conduct which could reasonably be considered inappropriate in a professional setting

Enforcement Responsibilities

Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.

Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned with this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.

Scope

This Code of Conduct applies within all community spaces, and it also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official project email address, posting via an official social media account, or acting as an appointed representative at an online or offline event.

Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at contact@kodamachameleon.com. All complaints will be reviewed and investigated promptly and fairly.

All community leaders are obligated to respect the privacy and security of the reporter of any incident.

Enforcement Guidelines

Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:

Correction

Community Impact: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
Consequence: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.

Warning

Community Impact: A violation through a single incident or series of actions.
Consequence: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.

Temporary Ban

Community Impact: A serious violation of community standards, including sustained inappropriate behavior.
Consequence: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.

Permanent Ban

Community Impact: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
Consequence: A permanent ban from any sort of public interaction within the project community.

Attribution

This Code of Conduct is adapted from the Contributor Covenant, version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.

For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.

Advanced Topics

Customization and Extending the Project

Here are a few ideas to get you started with how to customize or extend the project.

Website Username OSINT Enumeration
Using WMN-Docker as an API back end, you could design a custom website in which users enter usernames for lookup. The API retrieves the results and returns them to the web service for display to users.

Personal Discord Bot
Create a Discord (or other messaging service) bot which can query usernames directly from the messaging terminal.

There are many more possibilities then this, and I would love to hear from you! How are you using WMN-Docker?

Performance

It is recommended to allow memory over commit for Redis servers in production. Try sysctl vm.overcommit_memory=1

Troubleshooting & FAQs

Common Issues

A known limitation in WMN-Docker is false positives. WMN primarily relies on common HTTP/HTTPS error codes for determining whether an account exists on a specified website. Some website behaviors treat URI’s differently causing variable results. Future work may attempt to solve this issue; however, the difficulty lies in planning for all the potential edge case scenarios.

Debugging

By default, WMN-Docker saves it’s logs to /var/log/wmn-docker/wmn.log. Note that this location is not mapped to any data volume and will therefore disappear if the container is destroyed or rebuilt. You can also use docker logs to view logs from the containers themselves.

FAQ

Why username OSINT?
Username enumeration exploits a common trait in human psychology, the need for coherency and the desire to be known. Many people use the same username across multiple platforms to avoid having to remember multiple usernames and/or to be recognized as belonging to the same person. This is not a guarantee that the same usernames are in fact the same person. No, I’m not actually on Bandcamp🎺🥁

Why do my results always seem to have errors?
Some of the website configurations stored in WMN may be down or unavailable from your location. You can try using a VPN to change location, but some websites may be gone permanently. If you find this to be the case, you are encouraged to report it to the WMN issues tracker.

License & Credits

License

WMN-Docker inherits the same license from it’s parent project WMN, the Creative Commons Attribution-ShareAlike 4.0 International License. The summary is as follows:

You are free to:

Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
Adapt — remix, transform, and build upon the material for any purpose, even commercially.
The licensor cannot revoke these freedoms as long as you follow the license terms.

Under the following terms:

Attribution — You must give appropriate credit , provide a link to the license, and indicate if changes were made . You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.
No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.

Notices:

You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation .

No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.

Acknowledgements

Of course I would like to thank WebBreacher for enabling WMN-Docker through the creation and maintaining of WhatsMyName (WMN). This project was also inspired by work from OSINT Tactical and the now archived GitOSINT_bot.

If you like OSINT username enumeration, these other projects may be of interest to you.

Sherlock: Hunt down social media accounts by username across 400+ social networks
Maigret: A simple username OSINT tool built in go

Table of Contents