Esta página se muestra en inglés. Una traducción al español está en curso.
ScriptsMay 25, 2026·3 min de lectura

Sherlock — Hunt Usernames Across 400+ Social Networks

Sherlock searches hundreds of social media sites for a target username, helping OSINT investigators and security teams map digital footprints from the command line.

Listo para agents

Instalación lista para agent

Este activo puede instalarse después de elegir el runtime, revisar el plan y ejecutar el comando correspondiente.

Native · 98/100Política: permitir
Superficie agent
Cualquier agent MCP/CLI
Tipo
Skill
Instalación
Single
Confianza
Confianza: Established
Entrada
Sherlock Overview
Comando de instalación directa
npx -y tokrepo@latest install 51c17fe8-5836-11f1-9bc6-00163e2b0d79 --target codex

Ejecutar después de confirmar el plan con dry-run.

Introduction

Sherlock is a command-line OSINT tool that takes a username and checks whether that handle exists on hundreds of social networks and websites. It is widely used by security researchers, penetration testers, and investigators who need to map a person's digital presence quickly.

What Sherlock Does

  • Searches 400+ social media platforms and websites for a given username
  • Outputs direct profile URLs for every detected account
  • Supports concurrent requests for fast enumeration
  • Exports results to CSV, JSON, or plain text files
  • Detects false positives using site-specific response analysis

Architecture Overview

Sherlock maintains a JSON data file mapping each supported site to its URL pattern and expected response characteristics. For each site, it constructs the profile URL with the target username, sends an HTTP request, and classifies the response as found, not found, or error based on status codes, response text, or redirects. Requests run concurrently via Python threading for speed.

Self-Hosting & Configuration

  • Install via pip: pip install sherlock-project
  • Run from source: clone the repo and use python -m sherlock_project
  • The site data file (sherlock_project/resources/data.json) can be extended with custom sites
  • Use --timeout to control per-request timeouts on slow networks
  • Proxy support via --proxy flag for anonymized lookups

Key Features

  • Covers 400+ websites out of the box with active community maintenance
  • Concurrent lookups finish in seconds rather than minutes
  • Multiple output formats for integration with downstream analysis tools
  • Tor proxy support for anonymous investigations
  • False-positive filtering reduces noise in results

Comparison with Similar Tools

  • Maigret — Fork of Sherlock with additional sites and enrichment; heavier but more features
  • WhatsMyName — Focuses on accuracy with a curated site list; web-based and CLI
  • Namechk — Commercial service with web UI; no CLI, limited free tier
  • Social Searcher — Web-based social mention search; different focus (content vs. accounts)

FAQ

Q: Does Sherlock guarantee an account belongs to the same person? A: No. Sherlock only confirms a username is registered on a site. Multiple people can share the same handle.

Q: Can I add my own sites? A: Yes. Add entries to the JSON data file following the existing schema, specifying URL pattern and detection method.

Q: Will target users know they were searched? A: Sherlock makes standard HTTP GET requests. Most sites do not notify profile owners of page views.

Q: How do I reduce false positives? A: Use the --print-found flag and review flagged sites. You can also contribute improved detection rules upstream.

Sources

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados