π Reveal the identity behind a share link
17 sources β’ no API keys β’ one command
pip install sharetrace-osint
sharetrace <url>Or use two community-run alternatives:
- Telegram bot β @sharetrace_bot
- Web UI β https://share.whopostedwhat.com/
See Advanced usage below for JSON output, batch mode (
-i), saving to a file (-o), and other flags.
# TikTok share link β extracts sharer identity + device + share method
python -m sharetrace "https://vm.tiktok.com/<code>"
# ChatGPT share β extracts display name
python -m sharetrace "https://chatgpt.com/share/<uuid>"
# Google Docs / Sheets / Drive β extracts owner email + Google ID + dates
python -m sharetrace "https://docs.google.com/document/d/<id>/edit" --json
# GitHub commit β extracts committer name + email
python -m sharetrace "https://github.com/<user>/<repo>/commit/<sha>"
# GitHub profile β scans recent public PushEvents for emails
python -m sharetrace "https://github.com/<username>"
# GitLab commit β same .patch trick as GitHub
python -m sharetrace "https://gitlab.com/<group>/<project>/-/commit/<sha>"
# Hugging Face profile β extracts full name, followers, orgs
python -m sharetrace "https://huggingface.co/<username>"
# Notion public page β leaks editor names + UUIDs in one POST
python -m sharetrace "https://<workspace>.notion.site/<page>"git clone https://github.com/soxoj/sharetrace.git
cd sharetrace
pip install -r requirements.txt| Name | Extracts | Notes |
|---|---|---|
| TikTok | User ID, Username, Nickname, Country, Avatar, Signature, Device, Share Method, Timestamp, Follower/Following/Video/Heart Counts, Private Account, DM Available | Requires short share link (vm.tiktok.com / vt.tiktok.com) |
| Username, User ID, Display Name, Profile URL, Profile Pic | Sharer data might expire within a few days; only fresh share links contain identity info | |
| Discord | User ID, Username, Display Name, Avatar, Creation Time | Vanity invites may not contain inviter data |
| ChatGPT | Display Name | |
| Claude | Display Name, User ID | |
| Perplexity | Username, Avatar, User ID | |
| Microsoft | From SharePoint/OneDrive personal links; no HTTP request needed | |
| Username, User ID, Display Name, Avatar, Profile URL | Requires short share link (pin.it) with invite code |
|
| Substack | User ID, Name, Handle, Bio, Avatar, Profile Setup Date | Requires referral share link (?r= parameter) |
| Suno | Username, Display Name, Avatar, Profile URL | |
| Telegram | User ID | Decoded from joinchat link hash; no HTTP request needed. Links starting with AAAAA decode to user_id=0 and contain no useful data |
| Google Docs | Owner Email, Name, Google ID, Avatar, Creation Date, Last Edit | Works for Docs, Sheets, Slides, Drawings, Forms, Drive files, Apps Script, Jamboard, My Maps. Requires document to be publicly shared. API key overridable via SHARETRACE_GDOC_API_KEY |
| GitHub | Email, Name, Commit SHA, Repo (commit URL); Username, Emails list (profile URL) | Commit URL: parses .patch mbox From: header. Profile URL: scans recent public PushEvents (last 90 days). users.noreply.github.com emails flagged. Profile route subject to GitHub's 60/hr unauth rate limit |
| GitLab | Email, Name, Commit SHA, Project (commit URL); Username, Public Email (profile URL) | Same .patch mbox trick as GitHub for commits. Profile lookup via /api/v4/users returns public_email only when the user opted in. Self-hosted GitLab instances out of scope |
| Hugging Face | Username, Full Name, Avatar, Account Type, Followers, Organizations, Profile URL | Uses public /api/users/<name>/overview endpoint. Repo URLs (/<user>/<repo>) resolve to owner |
| Display Name, Headline, Avatar, Profile URL | OG-tag scrape with realistic UA. Honestly surfaces is_blocked: True on 999/403/429/authwall β block rate dynamic |
|
| Notion | Name, Avatar, User ID, Workspace Name/Domain, Other Editors | Public pages leak editor UUIDs in block permissions; resolved in one syncRecordValuesMain POST (no auth, no cookies). Works for notion.so/Page-<uuid> and *.notion.site/ links. Notion has started redacting email fields for some accounts |
A self-hosted Flask wrapper with a browser UI is available: voelspriet/sharetrace-web β live demo at https://share.whopostedwhat.com. Maintained separately; all extraction logic still lives in this repo.
# Output as JSON for piping
python -m sharetrace <url> --json
# List all supported platforms
python -m sharetrace --list
# Save a single result to a file (format inferred from .csv / .json extension)
python -m sharetrace <url> -o result.csv
python -m sharetrace <url> -o result.json
# Batch mode β one URL per line, '#' comments and blank lines ignored
cat > urls.txt <<EOF
https://github.com/<username>
https://huggingface.co/<username>
# https://linkedin.com/in/<slug> β skipped
EOF
python -m sharetrace -i urls.txt -o results.csv
# Override the default Google Drive API key (if it gets revoked)
SHARETRACE_GDOC_API_KEY=<your-key> python -m sharetrace <drive-url>This tool uses the following OSINT techniques:
- Malfrats/xeuledoc by @mxrch and @megadose β the Google Drive
v2betaowner-metadata endpoint was first documented here (GPLv3). Thegdocmodule is a clean-room rewrite against the same public API. - avonture.be by @cavo789 β documented the GitHub
.patchtrick that thegithubmodule's commit route relies on. - Notion editor-leak technique β public pages expose editor UUIDs in block permissions, resolvable to names/photos via
syncRecordValuesMainwith no auth. Originally discovered by @SpongeBhav (@baibhavanand on GitHub) and amplified by @weezerosint.
This tool is created for educational and defensive purposes only.
- Only analyze links that have been publicly shared or sent to you.
- Only hit endpoints that are explicitly public (no auth, no scraping of private data).
- The maintainers are not responsible for misuse.
Permitted: journalistic fact-checking, corporate security research, authorized penetration testing, counter-scam / anti-fraud work, personal reputation monitoring.
Forbidden: doxxing, harassment, stalking, unauthorized surveillance, social engineering for fraud, privacy invasion, any criminal activity.