Expand description
Core engine for the Adler OSINT username-search tool — runtime-agnostic, embed-friendly.
The CLI lives in adler-cli; this crate is what you reach for to
drive username detection from your own Rust code (a Discord bot
that checks usernames, a security tool that flags exposed
identities across a watchlist, a CI gate that asserts a name
isn’t claimed elsewhere, …).
§Quick start
Scan the embedded 1,900-entry main registry for one username and print the hits:
use adler_core::{Client, ExecutorOptions, MatchKind, Registry, Username, executor};
let registry = Registry::default_embedded()?;
// filter(include, exclude, tags, exclude_tags, include_nsfw)
// — empty slices = no name/tag filter; `false` keeps the
// default NSFW auto-exclusion (matches Sherlock's `--nsfw`
// opt-in). Pass `true` (or `&["nsfw".into()]` as tags) to
// scan adult-content sites.
let sites = registry.filter(&[], &[], &[], &[], false);
let username = Username::new("torvalds")?;
let client = Client::builder().build()?;
let outcomes =
executor::run(&client, &sites, &username, ExecutorOptions::default()).await;
for outcome in outcomes.iter().filter(|o| o.kind == MatchKind::Found) {
println!("{} → {}", outcome.site, outcome.url);
}§Map of the public API
Detection plumbing:
Registry— loaded, validated collection of sites. Build from the embeddeddefault_embedded, from a JSON string (from_json_str), or from disk (load_from_path).Site,Signal,UrlTemplate,Extractor,KnownPresent— site-registry value types.Siteis serde-(de)serialisable; the JSON Schema lives indocs/sites.schema.json.Username— validated search target. Constructed viaUsername::new; invalid characters / overlong names are rejected at construction time.Client,ClientBuilder—reqwest-backed probe issuer. Knobs the builder exposes: timeout, redirect limit, per-host / global throttle, retry policy, user-agent rotation pool, proxy,robots.txtcache, browser backend, browser budget.CheckOutcome,MatchKind,UncertainReason— verdict types. The signal pipeline is negative-priority: anyNotFoundvote wins overFound; no votes →Uncertain. A per-siteregex_checkmismatch short-circuits withUncertainReason::UsernameNotAllowedbefore any HTTP request.executor— bounded-concurrency fan-out runner. Pass anExecutorOptionsto control concurrency, deadline, and progress callback.
Optional analysis:
correlate— group accounts that look like the same person across sites viaenrichedprofile fields.permute— generate username variants (alice → alice1, alice.dev, …) viaMAX_VARIANTS/PermuteLevel.WatchlistConfig— serde-compatible watchlist configuration for usernames, aliases, and optional site/tag scopes.doctor— registry health check (check_site), signature derivation (suggest_fix), known-present discovery (discover_known_present), site scaffolding (scaffold_site).
Bot-protected sites (Instagram, X/Twitter today):
BrowserBackendtrait — abstract real-Chrome driver. Configurable on theClientviaClientBuilder::browser. Built-in implementations:browser::local::LocalBackend(free, viachromiumoxide) andbrowser::browserbase::BrowserbaseBackend(cloud, residential IPs, in-tree raw async CDP client).BrowserBudgetcaps browser-routed fetches per scan to keep cost predictable.
§Cache
Cache persists per-(site, username, signal-signature) verdicts
between runs. Compose with Client via the builder or skip
entirely for one-shot scans.
§Error model
Result is a Result<T, Error> alias; Error is a single
crate-level thiserror enum. The probe path never surfaces
errors — transient network failures become
MatchKind::Uncertain with a typed UncertainReason, so
you get a partial result for every site even when the network is
flaky. Loader errors (malformed registry JSON, invalid CSS
selectors, regex compile failures) come back as Err.
§Version history
Pre-1.0 SemVer. Breaking changes since 0.1:
- 0.2.0 — added
Site::request_headers(BTreeMap<String, String>);BrowserBackend::fetchgained theheadersparameter;browsermodule becamepub. - 0.3.0 —
Site::known_presentchanged fromOption<String>toOption<KnownPresent>(the new enum accepts string-or-array via untagged serde);DoctorReport::Healthy::presentandUnhealthy::presentchanged fromOption<CheckOutcome>toVec<(String, CheckOutcome)>(one entry per probed candidate). - 0.4.0 —
Registry::filtergained a fifthinclude_nsfw: boolparameter (default-exclude adult sites);UncertainReasongainedUsernameNotAllowed;Site::regex_checkfield added (per-site username regex).
Each change has a migration block in the CHANGELOG.
Re-exports§
pub use browser::BrowserBackend;pub use browser::BrowserBudget;pub use browser::RenderedPage;pub use doctor::DoctorReport;pub use doctor::ExtractSuggestion;pub use doctor::FixSuggestion;pub use executor::ExecutorOptions;
Modules§
- browser
- Browser backend for pages that are unusable from raw HTTP.
- doctor
- Site signature health check.
- executor
- Concurrent fan-out runner for site probes.
- telemetry
- Cross-scan telemetry analysis — close the doctor loop on sites that consistently need the browser backend.
Structs§
- Access
Policy - What a site needs from its egress. The default (empty) means “no special routing” — the request uses the client’s default egress.
- Cache
- In-memory cache backed by a JSON file.
- Check
Outcome - Result of probing a single site for a username.
- Client
- HTTP client used to probe sites.
- Client
Builder - Builder for
Client. - Cluster
- A group of accounts that likely belong to the same person.
- Confidence
Score - Confidence attached to a single scan outcome.
- Correlation
Report - Result of correlating a scan’s outcomes.
- Country
Code - ISO-3166-1 alpha-2 country code, stored lowercased (e.g.
pl,de). A newtype so a geo requirement can’t be confused with an arbitrary string and is validated at the boundary. - Egress
Spec - A configured egress (proxy) the client can route through.
- Egress
Summary - Read-only metadata for one configured egress, surfaced via
Client::egress_summary. - Engine
- Shared detection signature template for a family of sites that
run the same forum / blog / wiki software (Discourse, vBulletin,
XenForo,MediaWiki, …). Referenced fromSite::engine. - Escalation
Budget - Per-scan ceiling on automatic escalation attempts.
- Evidence
Access Path - Non-secret access context for an evidence item.
- Evidence
Source - Source metadata attached to every normalized evidence item.
- Extractor
- A rule for extracting one profile field from a page.
- Historical
Scan Ref - Borrowed scan metadata needed to compare one scan against prior scans.
- Identity
Cluster - A deterministic candidate group of profiles that likely belong together.
- Investigation
Report - Structured report over one scan or scan-derived artifact.
- Investigation
Report Builder - Builder for optional report inputs that do not live in
CheckOutcome. - Observed
Profile - A positive profile observation suitable for identity-level reasoning.
- Profile
Evidence - A normalized fact observed on a profile or profile-like endpoint.
- RawResponse
- Raw response data returned by
Client::fetchfor diagnostics. - Registry
- A loaded, validated collection of site definitions.
- Report
Account - Found account row used by report sections.
- Report
Disabled Site - Disabled or parked site omitted from the scan scope.
- Report
Evidence - One structured evidence table row.
- Report
Limitation - Explicit caveat for the report.
- Report
Summary - Aggregate counts used by report renderers.
- Report
Timeline Event - Optional history event supplied by timeline/watchlist layers.
- Report
Uncertain Account - Inconclusive account row.
- Scan
Schedule - Repeated scan policy for a watchlist.
- Session
- An operator-supplied authenticated session for a site: a bag of HTTP
headers (typically
Cookie, sometimesAuthorization/ CSRF tokens) applied to probes for sites whoseaccess.sessionnames it. - Session
Store - Named-session store, indexed by the name a site references via
access.session. Empty by default → a no-op. - Site
- One site we can probe for the existence of an account.
- Site
Filter - Reusable site-filter specification shared by CLI, server, and MCP surfaces.
- UrlTemplate
- URL template containing a
{username}placeholder. - Username
- A validated username.
- Watch
Scan Target - Concrete scan work item derived from a watchlist.
- Watch
Scope - Site/tag scope for watchlist scans.
- Watch
Target - One watched identity.
- Watchlist
Config - Top-level watchlist configuration.
Enums§
- Cluster
Reason - Deterministic reasons used to link observed profiles.
- Confidence
Label - Human-facing confidence bucket.
- Confidence
Reason - Machine-readable confidence rationale.
- Egress
Kind - The kind of network an egress exits from.
- Error
- Errors produced by the Adler engine.
- Evidence
Origin - Adler subsystem that produced an evidence item.
- Http
Method - HTTP method used to probe a site. Only GET and POST are supported.
- Known
Present - Known-present declaration on a
Site. - Match
Kind - Outcome of a single site probe.
- Permute
Level - How aggressively to expand a username into variants.
- Profile
Evidence Kind - Profile evidence categories that higher-level analysis can reason over.
- Protection
Kind - A specific anti-bot mechanism a site is known to deploy. Used to route probes to the right backend (raw HTTP, cloudscraper, full browser) and to inform users what blocks reliable detection.
- Report
Limitation Kind - Limitation categories.
- Report
Timeline Event Kind - Timeline event categories available to report renderers.
- Signal
- A single piece of evidence about whether an account exists.
- Transport
Tier - Which transport actually produced an outcome.
- Uncertain
Reason - Why a probe was inconclusive.
- Watchlist
Error - Watchlist validation error.
Constants§
- BOT_
PROTECTED_ TAG - Registry tag marking a site as bot-protected.
- DEFAULT_
BROWSER_ BUDGET - Default ceiling on browser-backed probes per scan when no other value is specified.
- DEFAULT_
ESCALATION_ BUDGET - Default ceiling on automatic escalation fetches per scan (HTTP /
impersonate → browser when the cheap path returns
Uncertain(CloudflareChallenge | RateLimited)). - INVESTIGATION_
REPORT_ SCHEMA_ VERSION - Current schema version for investigation report JSON.
- LINK_
THRESHOLD - Minimum pairwise score to link two accounts.
- MAX_
VARIANTS - Hard cap on the number of variants returned (including the original).
- WATCHLIST_
CONFIG_ SCHEMA_ VERSION - Current schema version for watchlist configuration documents.
Functions§
- build_
identity_ clusters - Build deterministic identity clusters from scan outcomes.
- correlate
- Correlate
Foundaccounts by their enrichment fields. - historical_
consistency_ counts - Count previous stable Found observations per current Found site.
- permute
- Expand
usernameinto a deduplicated list of variants perlevel. - render_
investigation_ report_ html - Render a self-contained, no-JS HTML investigation report.
- render_
investigation_ report_ markdown - Render a deterministic Markdown investigation report.
Type Aliases§
- Result
- Result alias used throughout the engine.