DEV.co
Open-Source Security · qeeqbox

social-analyzer

Social Analyzer is an OSINT tool that searches for a person's profile across 1000+ social media websites using multiple detection techniques. It provides API, CLI, and web app interfaces with metadata extraction and correlation features for investigative purposes.

Source: GitHub — github.com/qeeqbox/social-analyzer
23.4k
GitHub stars
2.2k
Forks
JavaScript
Primary language
AGPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryqeeqbox/social-analyzer
Ownerqeeqbox
Primary languageJavaScript
LicenseAGPL-3.0 — OSI-approved
Stars23.4k
Forks2.2k
Open issues28
Latest releaseUnknown
Last updated2026-01-12
Sourcehttps://github.com/qeeqbox/social-analyzer

What social-analyzer is

Node.js/Python-based application using HTTPS libraries and WebDriver for profile detection across social platforms, with multi-layer detection (OCR, normal, advanced, special), metadata extraction, and force-directed graph visualization. Supports custom user-agents, proxies, and parallel workers.

Quickstart

Get the social-analyzer source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/qeeqbox/social-analyzer.gitcd social-analyzer# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Law Enforcement & Digital Investigations

README states tool is used by law enforcement agencies in resource-limited countries for investigating cyberbullying, grooming, stalking, and misinformation. Supports multi-profile correlation and screenshot capture for evidence.

OSINT & Reconnaissance Operations

Designed for security professionals conducting reconnaissance; includes name permutation analysis, metadata extraction, cross-metadata stats, and profile filtering by confidence levels (good/maybe/bad).

Local Investigative Workstation

Web app (localhost:9005) and CLI support for analysts who need batch processing, custom search queries, screenshot collection, and JSON export without cloud dependencies.

Implementation considerations

  • Dependencies on Firefox ESR, Tesseract OCR, and Selenium WebDriver add system complexity; containerization (Docker Compose) recommended but not mandatory.
  • Rate-limiting and timeout management critical to avoid IP bans; tool allows custom timeout and worker adjustment but no built-in backoff strategy documented.
  • Database of 1000+ websites requires maintenance; README notes private modules for law enforcement have different detection databases, suggesting public list may diverge from production accuracy.
  • Multi-profile correlation and metadata extraction rely on external APIs (Google, DuckDuckGo) which are optional; performance and coverage depend on availability and quota.
  • Logging, screenshot capture, and JSON export can consume significant disk space; no retention policies or cleanup documented.

When to avoid it — and what to weigh

  • Production SaaS / Multi-tenant Service — README explicitly states 'meant to be used locally, not as a service (It does not have any Access Control).' AGPL-3.0 license requires source disclosure if deployed over network, which complicates commercial hosting.
  • High-volume Commercial Deployment — No rate-limiting, request throttling, or commercial API integrations mentioned. Queries 1000+ sites per search; unclear scaling or cost model for production workloads.
  • Privacy-critical Contexts Without Legal Review — Tool performs surveillance-grade profile aggregation. Legal and ethical review required in jurisdictions with strict data protection (GDPR, CCPA). No built-in consent or privacy controls documented.
  • Turnkey Third-party Integration — No stable release (latestRelease: n/a), 28 open issues, and lastPushed 2026-01-12 suggest active but unpredictable development. Requires continuous integration effort.

License & commercial use

Licensed under AGPL-3.0 (GNU Affero General Public License v3.0). This is a strong copyleft license requiring source code disclosure and copyleft compliance if the software is made available over a network or as a service, even internally.

AGPL-3.0 permits commercial use locally; however, any deployment accessible over a network (including internal company networks or hosting) triggers source disclosure obligations. Proprietary deployment or resale requires explicit licensing negotiation with copyright holder. Not a standard permissive OSI license for closed-source commercial distribution. Legal review required.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitPossible
Assessment confidenceHigh
Security considerations

Tool designed for reconnaissance and profile aggregation; inherent use case carries privacy and legal risk. No built-in audit logging, access controls, or encryption documented. Deployment localhost-only by design; network exposure requires operator discipline. Depends on external services (Google API, browser automation); injection and supply-chain risks possible. No security policy or CVE tracking visible; recommend security review before operational deployment.

Alternatives to consider

Maltego

Commercial OSINT platform with supported integrations, API, and enterprise access controls. Actively maintained and suitable for SaaS or commercial deployment; requires license cost.

Sherlock

Simpler, lightweight Python tool for username enumeration across social media. Easier to integrate, fewer dependencies, but narrower scope (username search only, no metadata extraction).

TheHarvester

OSINT framework for email, subdomain, and people search. Broader scope (not just social media), active maintenance, Python-based. Steeper learning curve; different use-case fit.

Software development agency

Build on social-analyzer with DEV.co software developers

Assess AGPL-3.0 licensing, local deployment constraints, and accuracy requirements with your security and legal teams before implementation.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

social-analyzer FAQ

Can I deploy this as a hosted service for my team?
Not without legal review. AGPL-3.0 requires source disclosure if accessed over network. README explicitly states 'meant to be used locally, not as a service.' Consult legal counsel; proprietary license may be available from maintainer.
What is the detection accuracy and false-positive rate?
README describes a '0-100 rating mechanism (No-Maybe-Yes)' designed to reduce false positives, but no benchmark or independent validation provided. Law enforcement version uses different detection database than public code; public version accuracy Unknown.
How do I integrate this with my OSINT workflow?
Wiki includes integration guide. Python object import and JSON output supported for programmatic use. Node/Python CLI accepts batch usernames. No formal API versioning; changes may require script updates.
Is there a stable release or breaking-change policy?
No stable release (latestRelease: n/a). 28 open issues and active development suggest ongoing changes. Subscribe to repo for notifications; pin to specific commit if stability critical.

Work with a software development agency

Adopting social-analyzer is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source security software in production.

Evaluate Social Analyzer for Your Investigation Needs

Assess AGPL-3.0 licensing, local deployment constraints, and accuracy requirements with your security and legal teams before implementation.