Sherlock Information gathering Tutorial from scratch

Introduction

In this post, You will learn what is sherlock and is it really helpful in information gathering also this is going to be a comprehensive guide to sherlock.

Video

What is sherlock

Sherlock is one of the famous information-gathering tools among cybersecurity people. This tool hunts down social media accounts by username across social networks.

I came across this tool a while ago and I started to use this tool for finding the profiles available on different social platforms.

This tool uses python language and I didn’t gather a bunch of useful information instead I got a bunch of crap results ????‍♂️.

Look this tool ask us for the username and just links with the social platforms and display the result as the URL is found or not found.

Advertisement

Is sherlock overrated

Yes, Sherlock is one of the overrated information-gathering tools I came across, Look the idea is genius but most people who are using sherlock is not cybersecurity professional.

Most of the professionals hunt down social platforms manually so that they can view and analyse the bio and the username, pics, reels, videos, posts, songs etc., on their own.

As per psychology, a person can keep the same password for all social platforms, but mostly they don’t keep the same usernames for all social platforms.

Who developed Sherlock

The tool is developed by Siddharth Dushantha, He claims he is from Norway but he seems to be from India anyways I am thanking the author for creating this tool.

Useful commands in Sherlock

  • -h, –help show this help message and exit
  • –version: Display version information and dependencies.
  • –output OUTPUT: the output of the result
  • –tor, -t: Make requests over TOR
  • –csv: Create Comma-Separated Values (CSV) File.
  • –proxy PROXY_URL, -p PROXY_URL: Make requests over a proxy. e.g. socks5://127.0.0.1:1080
  • –print-found: Do not output sites where the username was not found.

Advertisement

How to install sherlock in Kali

To install sherlock in kali or any Linux system just do a gi clone or in kali, you can install the tool by just typing apt-get install sherlock

How to use Sherlock

Example 1: Version check

Firstly, Let’s do a version check. To do that we can just enter –version.

sherlock --version
Sherlock

Example 2: Verbose

Verbose allows us to view result in a more readable format.

sherlock --verbose techyrick
Sherlock

Example 3: Tor

The result will be found through Tor request but the results may appear or may not and take a lot of time to scan through TOR.

Sherlock

Example 4: Standard scan

To do a standard scan just enter the target name like this ????????

sherlock techyrick

Example 5: Limit result

To limit results we need to specify the sites to scan for.

sherlock techyrick --site wordpress

Example6: Save output

sherlock techyrick > techyric

Conclusion

In summary, Sherlock is a famous information gathering tool but not suitable for real-life recon, Can just have some fun with the tool.


Also Read: Information gathering using Metasploit

Also Read: Tr0ll 1 CTF Full tutorial