Finding Social Media Accounts with Sherlock Python Script

Finding Social Media Accounts with Sherlock Python Script

If you're looking for an efficient way to track usernames across social media platforms, the Sherlock Python script is the perfect tool for the job. Whether you're an ethical hacker conducting OSINT (Open Source Intelligence), a brand manager monitoring your online presence, or just someone curious about username availability, Sherlock makes it simple and effective.


What Is Sherlock Python Script?

The Sherlock Python script is an open-source tool designed to search for usernames across multiple social media platforms. It automates the laborious process of manually checking username availability on different websites and returns results in seconds.

GitHub - sherlock-project/sherlock: Hunt down social media accounts by username across social networks
Hunt down social media accounts by username across social networks - sherlock-project/sherlock

Sherlock supports hundreds of websites, including popular platforms like:

  • Facebook
  • Twitter
  • Instagram
  • LinkedIn
  • Reddit
  • Niche websites like chess.com and dev.to

You can find the complete list of supported sites here:

List of supported sites - Sherlock Project
Sherlock currently supports **400+** sites

The script's simplicity and speed make it an indispensable tool for cybersecurity professionals and other users interested in OSINT.


Why Use Sherlock Python Script?

The Sherlock Python script is particularly useful for:

  1. Ethical Hacking: In penetration testing, gathering publicly available information about a target (with permission) is vital. Sherlock helps ethical hackers identify accounts linked to a username, which could reveal potential vulnerabilities.
  2. Brand Monitoring: Businesses can track usernames associated with their brand to identify impersonators or unauthorized accounts.
  3. Personal Use: Individuals can use Sherlock to check username availability across platforms or identify any unauthorized profiles using their name.

Before diving into how to use the Sherlock Python script, it’s important to address the ethical and legal considerations:

  • Permitted Uses: Use Sherlock for personal learning, professional penetration testing (with written authorization), or brand monitoring.
  • Prohibited Uses: Never use Sherlock for stalking, harassment, or gathering sensitive information without consent.

Remember, while Sherlock only accesses publicly available information, your intent matters. Misusing the tool can lead to legal consequences.


How to Use Sherlock Python Script

Let’s get started with the Sherlock Python script.

Installing Sherlock Locally

You can choose to run Sherlock. python scrip locally on any laptop or computer that supports installing python, or you can choose to run it on a server in the cloud - commonly known as virtual private servers from popular cloud providers. here are some links to try the popular cloud providers.

Prerequisites

Before installing the Sherlock Python script, ensure you have the following:

  • Python 3: Sherlock requires Python 3 or higher. Follw the guide below on how you can install Python3 on your system
How to Install Python on Your System: A Guide – Real Python
The first step to getting started with Python is to install it on your machine. In this tutorial, you’ll learn how to check which version of Python, if any, you have on your Windows, Mac, or Linux computer and the best way to install the most recent version in any environment.
  • Pip: The Python package manager to install dependencies. However pipx is often recommended over pip, having more predictable behavior.
Using Python’s pip to Manage Your Projects’ Dependencies – Real Python
What is pip? In this beginner-friendly tutorial, you’ll learn how to use pip, the standard package manager for Python, so that you can install and manage packages that aren’t part of the Python standard library.
pipx
execute binaries from Python packages in isolated environments
  • Git
Git - Installing Git

Installation Steps

Since the installation steps vary for every system, I would recommend checking out the official documentation, for the full guide on how to install this based on your system.

Installation - Sherlock Project

For the following are the installation steps when using pipx :

💡
This is an officially supported package, maintained by a member of the Sherlock Project itself.

pipx is often recommended over pip, having more predictable behavior.

pipx install sherlock-project

For those who prefer classic pip, it’s very similar. Userspace is recommended.

pip install --user sherlock-project

That’s it! You can now run sherlock from anywhere.

sherlock --version

Using Sherlock Python Script: Practical Examples

Example 1: Searching for a Username

For basic usage, Sherlock is pretty straight forward:

Search for only one user:

sherlock user123

Search for multiples users:

sherlock user1 user2 user3

Sherlock will return a list of platforms where the username exists, along with direct links to the profiles.

Accounts found will be stored in an individual text file with the corresponding username (e.g user123.txt).

💡
Not all profiles returned by sherlock are valid. Some of the sites have been configured to return a positive result even for users that do not exist and you will need to verify the results. For example, of the 14 sites below, less than 5 are valid.

By default, sherlock has a timeout (in seconds) - to wait for response to requests of 60. To speed up the search, adjust the --timeout parameter with a value of your choosing. For example:

sherlock franklinetech --timeout 1

Sherlock will spend only one second per platform, significantly reducing the total runtime.

You can also get the help and more other advanced options using the command below.

sherlock --help

Applications of Sherlock Python Script

The Sherlock Python script has a variety of use cases beyond ethical hacking:

  1. Penetration Testing: Ethical hackers can gather information about a target to identify potential vulnerabilities.
  2. Reputation Management: Businesses and individuals can monitor usernames associated with their brand or name across platforms.
  3. Checking Username Availability: Sherlock is a handy tool for anyone looking to create unique usernames across multiple platforms.

Limitations of Sherlock Python Script

While the Sherlock Python script is a powerful OSINT tool, it has some limitations:

  1. False Positives: Sherlock may occasionally return incorrect results, such as accounts that don’t actually belong to the target username.
  2. Public Information Only: Sherlock can only access publicly available data. Private or hidden accounts won’t appear in the results.
  3. Platform-Specific Restrictions: Some websites may restrict automated queries, which can affect Sherlock’s accuracy.

Best Practices for Using Sherlock Python Script

To ensure ethical and effective use of the Sherlock Python script, follow these best practices:

  1. Obtain Permission: Always get explicit permission when conducting OSINT on behalf of a client or organization.
  2. Document Your Work: Keep detailed records of your activities, especially during penetration tests.
  3. Use Responsibly: Remember that Sherlock is a learning tool and should only be used for ethical purposes.

Next Steps

If you’re intrigued by the Sherlock Python script, here’s what you can do next:

  1. Visit the Sherlock GitHub Repository for more information and updates.
  2. Explore other OSINT tools like theHarvester, SpiderFoot, or Maltego.
  3. Dive deeper into ethical hacking by enrolling in cybersecurity courses.

Start using Sherlock today and unlock the potential of automated OSINT—ethically, of course!

## Convertkit Newsletter