Every security researcher, bug bounty hunter, and OSINT analyst knows the frustration of running traditional username trackers only to get buried under a mountain of false positives.
You run a scan, a tool flags 50 active accounts, and when you actually click the links, half of them are dead ends.
The Problem with Modern Web Scraping
Older generation enumeration tools rely heavily on naive HTTP status code checks (looking for a standard HTTP 200 OK). While this worked great years ago, the modern web is built differently:
Single Page Applications (SPAs): Platforms like Bluesky or modern web apps serve a generic shell page that always returns an HTTP 200, even if the requested username doesn't exist.
WAFs and Cloudflare Protection: Advanced anti-bot layers intercept standard requests, forcing a redirect or a verification page that tricks basic scrapers into thinking a profile was found.
Homepage Redirects: Many platforms silently route dead profile URLs back to their landing page instead of throwing a clean 404 Not Found.
To solve this friction point and clear out the noise, I built Helix — an asynchronous OSINT identity mapper designed from the ground up to eliminate false positives and map digital footprints visually.
Check out the project here: https://github.com/thalha-a9/helix
How Helix Handles Verification Differently
Instead of treating every website the same, Helix implements targeted, platform-specific detection layers:
Official API Queries: For platforms like Reddit, Chess.com, or Lichess, it bypasses HTML scraping entirely and hits raw public JSON endpoints.
Protocol Interrogation: For decentralized platforms like Bluesky, it communicates directly with the underlying AT Protocol API.
Open Graph Parsing: It extracts server-side rendered meta tags to validate that the actual account owner's username is injected into the header, rather than a generic fallback title.
TLS Impersonation: It optionally leverages curl_cffi to mimic real browser TLS fingerprints, smoothly navigating past rigid Web Application Firewalls (WAFs) on platforms like Twitter/X and Instagram.
Moving Beyond Flat Text Lists: Dynamic D3.js Graphing
Finding the accounts is only half the battle. Analysts need to see how data correlates.
Helix extracts live links directly from profile bios during the async crawl. If a target links their GitHub on their Twitter bio, Helix recognizes that relationship and maps it automatically.
The final output is a standalone, zero-dependency, interactive D3.js relational network graph directly in your browser. You can drag nodes, zoom, and visually track verified cross-platform footprints instantly.
██╗ ██╗███████╗██╗ ██╗██╗ ██╗
██║ ██║██╔════╝██║ ██║╚██╗██╔╝
███████║█████╗ ██║ ██║ ╚███╔╝
██╔══██║██╔══╝ ██║ ██║ ██╔██╗
██║ ██║███████╗███████╗██║██╔╝ ██╗
╚═╝ ╚═╝╚══════╝╚══════╝╚═╝╚═╝ ╚═╝
Getting Started
Helix is built on Python 3.9+ using aiohttp for rapid concurrent execution.
Commands to clone and install:
git clone https://github.com/thalha-a9/helix.git
cd helix
pip install -r requirements.txt
Command to run a username scan with live D3.js mapping:
python helix.py -u targetusername
Roadmap and Contributing
The tool is completely open-source under the MIT license. I'm actively working on optimizing the concurrency layers and adding deeper email correlation modules.
I would love to hear your feedback, feature ideas, or architectural notes!
If you find the project useful or want to support development, please drop a star on GitHub: https://github.com/thalha-a9/helix
Top comments (0)