Quickstart
For operators · running scans
TutorialYour first scan
Section titled “Your first scan”After installing, scan one username across the embedded registry:
adler torvaldsThe text view streams Found and Uncertain rows as they resolve. NotFound
rows are hidden by default. Each visible row can include a conservative
confidence score; --explain adds the signal evidence and confidence
reasons under the row:
adler --explain --only github,gitlab torvaldsFor machine-readable output, pipe NDJSON to jq:
adler --format ndjson torvalds | jq -r 'select(.kind == "found") | .url'Enrich when you need identity evidence
Section titled “Enrich when you need identity evidence”Plain scans answer “does this account exist?”. Add --enrich when you
need profile evidence such as display names, bio snippets, avatar URLs,
external links, locations, and confidence inputs:
adler --enrich --explain --only github,gitlab torvaldsIdentity clusters are built only from deterministic structured evidence on Found outcomes. Username-only overlap is intentionally ignored.
Export a case file
Section titled “Export a case file”The easiest first case-file path is through the Web UI because finished scans are persisted and the scan id is visible in the URL:
adler --web# open http://127.0.0.1:8080, run a scan, then use the JSON / Markdown / HTML export linksThe same persisted scan can be rendered from the CLI:
adler --report-scan <SCAN_ID> > report.mdadler --report-scan <SCAN_ID> --report-format html > report.htmlReports combine summary counts, found accounts, signal evidence, profile evidence, confidence reasons, identity clusters, timeline context, and limitations. See Investigation reports.
Logging
Section titled “Logging”Adler’s tracing output is gated by the ADLER_LOG env var (defaults to
adler=info):
ADLER_LOG=adler=debug adler torvaldsCommon next steps
Section titled “Common next steps”- Filter to specific sites or tags —
adler --tag dev --only gitscans onlydev-tagged sites whose name containsgit. See Usage → Filtering. - Output scan rows as JSON / CSV / HTML —
adler --format json torvalds > out.json,--format csv, or--format html. Case-file output uses--report-scan; see Usage → Output. - Use the web UI —
adler --webboots a SolidJS SPA athttp://127.0.0.1:8080with live SSE streaming, evidence drawers, confidence chips, identity clusters, report exports, history, side-by-side diff, and a read-only access-engine view. See Web UI. - Scan many usernames —
adler --input users.txtruns through a list, grouped output. See Usage → Batch & enrichment. - Watch for changes —
adler --watch torvaldsdiffs against the last run and reports new / removed accounts.
When something looks off
Section titled “When something looks off”A whole-registry scan from a fresh datacenter IP often returns a lot of
Uncertain rows — that’s not Adler “not working”, that’s the CDN edge
mass-banning the IP range. See FAQ → Why is everything coming back as
Uncertain?
for the residential-IP / browser-backend remedies.
For sites that always return Uncertain because they sit behind Cloudflare / a TLS-fingerprint check / a login wall, see Access engine — that’s the whole point of the engine.
What’s next?
Section titled “What’s next?”- First scan walkthrough — the guided ~15-minute
tutorial: run a scan, read verdicts and confidence, inspect evidence,
fix the dominant
Uncertainreason, export a case file, save the workflow. The right next step if this Quickstart felt too fast. - Honest verdicts — the philosophy behind the three-verdict model. Read this before scaling Adler in a serious engagement; it’ll change how you read the output.
- Access engine — the full toolkit (browser backend, escalation, egress pool, sessions, impersonation) for the hard subset of sites a plain HTTP scan can’t reach.
- Web UI —
adler --webboots a SolidJS SPA with live streaming, evidence/confidence views, clusters, report exports, history, side-by-side diff, and a read-only access view.