OSINT ON SOCIAL MEDIA ACCOUNTS

USING SHERLOCK TOOL TO CONDUCT OSINT

Social media has redefined how people engage today. From Facebook, Twitter, Instagram to TikTok and many more such platforms, people engage each other and consume lots of information. Organizations have also embraced this trend with some preferring platforms that seem ‘official’ such as LinkedIn.

It is common practice for people and organizations to use the same username across all these platforms for consistency when publicizing/marketing themselves. As a cybersecurity expert conducting OSINT (Open Source Intelligence), it’s important to be aware on which platforms your target is active on to help you gather more relevant information.

While there are many tools that can be used to achieve this, we shall be covering one today which I consider easy and simplified to use. The tool scans a supplied username across numerous platforms and returns links to these accounts when found. The tool in question is known as Sherlock.

INSTALLATION

1. Clone the repo from github.
git clone https://github.com/sherlock-project/sherlock.git

2. Change the working directory to sherlock folder.
cd sherlock

3. Install the dependencies in the requirements file.
python3 -m pip install -r requirements.txt
python -m pip install -r requirements.txt (for windows)

Installation Process

USAGE
1. The sherlock.py file is under the sherlock folder. Change your directory to get to that location.

Python file to use

2. The scripts comes with various options that you can use to customize your output. The default does however, work quite well. Help is accessed using the the [help] tag.
python3 sherlock.py -h

Search options that can be used

3. We shall proceed with the default option and search for accounts using a username using the command below.
python3 sherlock.py <username>
You can then visit these links to confirm if the accounts match the target that you are working on.

Search Results

The results are automatically saved on a file on the current directory.

Results are automatically stored in a file

4. You can also search for multiple accounts by supplying the usernames one after the other.
python3 sherlock.py <username1, username2, username3>

CONCLUSION

While this tool maybe be ideal for anyone hunting down a username, it can be also used at individual to check for what accounts out there are under your name. This may arise from accounts you might have created years ago and forgot about them. Results from this process can be used to further enhance your reconnaissance process.

About the writer:

Follow me on:
LinkedIn, GitHub, Twitter, Telegram