Find target Internet activity across Social Networks using Sherlock
July 13th, 2019 by cedcraftscodes
When gathering our target internet activity on the internet, Sherlock is a great tool we can easily use to collect opensource intelligence (data that are produced from publicly available information). The downside of open-source intelligence, whilst can be used by security professionals, so does threat actors. With a single clue, such as username/email, we can obtain information like transactions, family members and other account created by our target.
In this tutorial we need Kali Linux, Python 3 and pip to install the dependencies and run Sherlock.
Step 1: Clone the Sherlock Project
Open up your terminal and clone the project by pasting the following clone command.
1 2 3 4 5 | # clone the repo $ git clone https://github.com/sherlock-project/sherlock.git # change the working directory to sherlock $ cd sherlock |
Step 2: Install dependencies.
Install Sherlock dependencies using Pip3.
1 2 | # install the requirements $ pip3 install -r requirements.txt |
Step 3: Gathering opensource intelligence
To start OSCINT, type the following command. You will see the list of URLs the user is associated to.
1 | python3 sherlock.py user123 |
Step 4: Viewing results
If you list all the files, you will notice a “user123.txt” exist. Open if by using the nano command.
1 2 3 4 5 | #List all the files in list format, reverse, time in the current directory $ ls -lrt #Open file $sudo nano user123.txt |
For more options, you can open sherlock help using this command.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | $ python3 sherlock.py --help usage: sherlock.py [-h] [--version] [--verbose] [--rank] [--folderoutput FOLDEROUTPUT] [--output OUTPUT] [--tor] [--unique-tor] [--csv] [--site SITE_NAME] [--proxy PROXY_URL] [--json JSON_FILE] USERNAMES [USERNAMES ...] Sherlock: Find Usernames Across Social Networks (Version 0.6.5) positional arguments: USERNAMES One or more usernames to check with social networks. optional arguments: -h, --help show this help message and exit --version Display version information and dependencies. --verbose, -v, -d, --debug Display extra debugging information and metrics. --rank, -r Present websites ordered by their Alexa.com global rank in popularity. --folderoutput FOLDEROUTPUT, -fo FOLDEROUTPUT If using multiple usernames, the output of the results will be saved at this folder. --output OUTPUT, -o OUTPUT If using single username, the output of the result will be saved at this file. --tor, -t Make requests over TOR; increases runtime; requires TOR to be installed and in system path. --unique-tor, -u Make requests over TOR with new TOR circuit after each request; increases runtime; requires TOR to be installed and in system path. --csv Create Comma-Separated Values (CSV) File. --site SITE_NAME Limit analysis to just the listed sites. Add multiple options to specify more than one site. --proxy PROXY_URL, -p PROXY_URL Make requests over a proxy. e.g. socks5://127.0.0.1:1080 --json JSON_FILE, -j JSON_FILE Load data from a JSON file or an online, valid, JSON file. --print-found Prints only found messages. Errors, and invalid username errors will not appear. |
To share awareness, please share this post by clicking the social media icons below 🙂
Related Posts
Publishing Java SpringBoot Library in JitPack
Deploy React Application in Netlify
MFRC522 RFID Read and Write Data in Specific RFID Block
Create a BadUSB Rubber Ducky using Arduino
Social Media Phishing with Captive Portal using NodeMcu
Scan WordPress site Vulnerabilities using WPScan
Comments
2 Comments
Leave a Reply
Recent Posts
GG
July 14, 2019 at 1:35 pmI mean the step #2.
cedcraftscodes
July 14, 2019 at 7:21 pmAre you using Python3 and Pip3 for Python?