In this post, You will learn what is sherlock and is it really helpful in information gathering also this is going to be a comprehensive guide to sherlock.
What is sherlock
Sherlock is one of the famous information-gathering tools among cybersecurity people. This tool hunts down social media accounts by username across social networks.
I came across this tool a while ago and I started to use this tool for finding the profiles available on different social platforms.
This tool uses python language and I didn’t gather a bunch of useful information instead I got a bunch of crap results ????♂️.
Look this tool ask us for the username and just links with the social platforms and display the result as the URL is found or not found.
Is sherlock overrated
Yes, Sherlock is one of the overrated information-gathering tools I came across, Look the idea is genius but most people who are using sherlock is not cybersecurity professional.
Most of the professionals hunt down social platforms manually so that they can view and analyse the bio and the username, pics, reels, videos, posts, songs etc., on their own.
As per psychology, a person can keep the same password for all social platforms, but mostly they don’t keep the same usernames for all social platforms.
Who developed Sherlock
The tool is developed by Siddharth Dushantha, He claims he is from Norway but he seems to be from India anyways I am thanking the author for creating this tool.
Useful commands in Sherlock
- -h, –help show this help message and exit
- –version: Display version information and dependencies.
- –output OUTPUT: the output of the result
- –tor, -t: Make requests over TOR
- –csv: Create Comma-Separated Values (CSV) File.
- –proxy PROXY_URL, -p PROXY_URL: Make requests over a proxy. e.g. socks5://127.0.0.1:1080
- –print-found: Do not output sites where the username was not found.
How to install sherlock in Kali
To install sherlock in kali or any Linux system just do a gi clone or in kali, you can install the tool by just typing apt-get install sherlock
How to use Sherlock
Example 1: Version check
Firstly, Let’s do a version check. To do that we can just enter –version.
Example 2: Verbose
Verbose allows us to view result in a more readable format.
sherlock --verbose techyrick
Example 3: Tor
The result will be found through Tor request but the results may appear or may not and take a lot of time to scan through TOR.
Example 4: Standard scan
To do a standard scan just enter the target name like this ????????
Example 5: Limit result
To limit results we need to specify the sites to scan for.
sherlock techyrick --site wordpress
Example6: Save output
sherlock techyrick > techyric
In summary, Sherlock is a famous information gathering tool but not suitable for real-life recon, Can just have some fun with the tool.
Also Read: Information gathering using Metasploit
Also Read: Tr0ll 1 CTF Full tutorial