Cette page est affichée en anglais. Une traduction française est en cours.
ScriptsMay 25, 2026·3 min de lecture

Sherlock — Hunt Usernames Across 400+ Social Networks

Sherlock searches hundreds of social media sites for a target username, helping OSINT investigators and security teams map digital footprints from the command line.

Prêt pour agents

Installation agent prête

Cet actif peut être installé après choix du runtime, vérification du plan et exécution de la commande adaptée.

Native · 98/100Policy : autoriser
Surface agent
Tout agent MCP/CLI
Type
Skill
Installation
Single
Confiance
Confiance : Established
Point d'entrée
Sherlock Overview
Commande d'installation directe
npx -y tokrepo@latest install 51c17fe8-5836-11f1-9bc6-00163e2b0d79 --target codex

À exécuter après confirmation du plan en dry-run.

Introduction

Sherlock is a command-line OSINT tool that takes a username and checks whether that handle exists on hundreds of social networks and websites. It is widely used by security researchers, penetration testers, and investigators who need to map a person's digital presence quickly.

What Sherlock Does

  • Searches 400+ social media platforms and websites for a given username
  • Outputs direct profile URLs for every detected account
  • Supports concurrent requests for fast enumeration
  • Exports results to CSV, JSON, or plain text files
  • Detects false positives using site-specific response analysis

Architecture Overview

Sherlock maintains a JSON data file mapping each supported site to its URL pattern and expected response characteristics. For each site, it constructs the profile URL with the target username, sends an HTTP request, and classifies the response as found, not found, or error based on status codes, response text, or redirects. Requests run concurrently via Python threading for speed.

Self-Hosting & Configuration

  • Install via pip: pip install sherlock-project
  • Run from source: clone the repo and use python -m sherlock_project
  • The site data file (sherlock_project/resources/data.json) can be extended with custom sites
  • Use --timeout to control per-request timeouts on slow networks
  • Proxy support via --proxy flag for anonymized lookups

Key Features

  • Covers 400+ websites out of the box with active community maintenance
  • Concurrent lookups finish in seconds rather than minutes
  • Multiple output formats for integration with downstream analysis tools
  • Tor proxy support for anonymous investigations
  • False-positive filtering reduces noise in results

Comparison with Similar Tools

  • Maigret — Fork of Sherlock with additional sites and enrichment; heavier but more features
  • WhatsMyName — Focuses on accuracy with a curated site list; web-based and CLI
  • Namechk — Commercial service with web UI; no CLI, limited free tier
  • Social Searcher — Web-based social mention search; different focus (content vs. accounts)

FAQ

Q: Does Sherlock guarantee an account belongs to the same person? A: No. Sherlock only confirms a username is registered on a site. Multiple people can share the same handle.

Q: Can I add my own sites? A: Yes. Add entries to the JSON data file following the existing schema, specifying URL pattern and detection method.

Q: Will target users know they were searched? A: Sherlock makes standard HTTP GET requests. Most sites do not notify profile owners of page views.

Q: How do I reduce false positives? A: Use the --print-found flag and review flagged sites. You can also contribute improved detection rules upstream.

Sources

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires