Welcome back, aspiring OSINT investigators!
Social media platforms hold a wealth of personal and professional information, making them valuable for reconnaissance in penetration testing and cyberwarfare operations. Sherlock is a lightweight yet powerful tool designed to search for social media profiles using a username. In this article, we’ll guide you through installing and using Sherlock on Kali Linux while demonstrating its capabilities in action.
Let’s get started!
What does Sherlock do?
Sherlock scans hundreds of websites to check if a given username is associated with an account, making it a fast and efficient way to uncover a person’s online presence across multiple platforms. Beyond mainstream sites like Twitter, Facebook, and Reddit, Sherlock extends its search to gaming platforms such as NameMC, Steam, and Roblox, as well as coding communities like Codecademy, GitHub, and GitLab—among many others.
Currently, Sherlock can identify usernames on 400+ websites, providing direct profile links in seconds. The extent of its capabilities is truly remarkable, making it an invaluable tool for reconnaissance. Despite its speed, Sherlock maintains a low false positive rate compared to similar tools, ensuring more accurate results.
Installation
To install Sherlock, open a Linux terminal and run the command below.
kali> sudo apt install sherlock
Once the installation is complete, verify that Sherlock is installed correctly by running the help command:
kali> sherlock –help
Now let’s put Sherlock to use. We can do this by simply running the following command in the terminal:
kali> sherlock <username>
In just a few seconds, we can see 16 positive results. However, as with any tool, it’s important to verify whether these profiles match the person you’re searching for.
Sometimes it can take a long time to get a response from the site, the default timeout is 60 seconds, but we can set it to any time we need, for example, 1 second. In this case, only a second will be spent on one site:
kali> sherlock –timeout 1 <username>
Additionally, it would be helpful to save these scan results in a file, so you don’t have to search for them again.
kali> sherlock –timeout 1 <username> –output username.txt
Summary
Sherlock is a powerful OSINT tool that offers a fast and efficient way to search for social media profiles across multiple platforms. It’s definitely one to add to your research toolbox!
If you want to improve your OSINT skills, check out this OSINT Investigator Bundle. It covers both fundamental and advanced techniques and includes an OSINT Certified Investigator Voucher.
