When investigating a person using open source intelligence, the goal is to find clues that aggregate information about a goal into a larger image. Screen names are perfect because they are unique and link data, as they are often reused in accounts over the Internet. With Sherlock, we can immediately track social media accounts created on many online platforms with a unique screen name.
From a single cue, such as an e-mail address or a screen name, Sherlock can gradually expand what we know about a destination, as we learn about their work on the Internet. Even if a person is careful, their online contacts may not be okay, and it's easy to change the default privacy settings for apps like Venmo. A single screen name can display many user accounts created by the same person, and may include photos, family member accounts, and other ways to gather more information.
What Sherlock Can Find
Social media accounts are an extensive source of clues. A social media account can contain links to other accounts that use different screen names so you can search for the newly discovered leads again. Pictures from profile photos can easily be pasted into a reverse image search, so you can find other profiles with the same image if the target has a favorite profile photo.
Even the descriptive text in a profile can often be copied and pasted into profiles that allow you to search for profiles created with identical profile texts or descriptions. In our example, I will pick up the suggestion of another zero-byte author to target the social media accounts of Neil Breen, director of many very intense films like the classic hacker movie Fateful Findings ,
Python 3.6 or later is required, but apart from that you only need pip3 to install Sherlock on your computer. I had a good run on MacOS and Ubuntu, so it seems to be cross-platform. If you want to know more about the project, read the simple GitHub page .
Step 1: Install Python & Sherlock
First follow the instructions in GitHub Repository. In a new terminal window, run the following commands to install Sherlock and any required dependencies.
~ $ git clone https://github.com/sherlock-project/sherlock.git ~ $ cd Sherlock ~ / sherlock $ pip3 install -r requirements.txt
If something fails, make sure you have python3 and python3-pip installed, as this is required to install Sherlock. When installation is complete, you can run python3 sherlock.py -h in the / sherlock folder to display the Help menu.
~ / sherlock $ python3 sherlock.py -h Use: sherlock.py [-h] [--version] [--verbose] [--rank] [--folderoutput FOLDEROUTPUT] [--output OUTPUT] [--tor] [--unique-tor] [--csv] [--site SITE_NAME] [--proxy PROXY_URL] [--json JSON_FILE] [--proxy_list PROXY_LIST] [--check_proxies CHECK_PROXY] [--print-found] USERNAMES [USERNAMES ...] Sherlock: Search Usernames in Social Networks (Version 0.5.8) Positional arguments: USERNAME One or more social network usernames. optional arguments: -h, --help show this help message and finish it --version Show version information and dependencies. --verbose, -v, -d, --debug Show additional debugging information and metrics. --rank, -r Showcase websites that have been ordered by Alexa.com worldwide Rank in popularity. --folderoutput FOLDEROUTPUT, -fo FOLDEROUTPUT If multiple usernames are used, the results will be output is saved in this folder. --output OUTPUT, -o OUTPUT If a single user name is used, the result is output is saved in this file. --tor, -t Ask about TOR; increases the term; requires TOR must be installed and in the system path. --unique-tor, -u Make requests via TOR, each with a new TOR circle Request; increases the term; requires to be TOR installed and in the system path. --csv Creates a comma-separated values (CSV) file. --site SITE_NAME Limit the analysis to the listed sites. Add several Options for specifying more than one site. --proxy PROXY_URL, -p PROXY_URL Make inquiries via a proxy. e.g. socks5: //127.0.0.1: 1080 - json JSON_FILE, -j JSON_FILE Load data from a JSON file or a valid online JSON file File. --proxy_list PROXY_LIST, -pl PROXY_LIST Make inquiries about a proxy randomly selected from a list Generated from a CSV file. --check_proxies CHECK_PROXY, -cp CHECK_PROXY For use with the parameter & # 39; - proxy_list & # 39 ;. The The script verifies that the proxies specified in the CSV file exist File works and anonymous. Enter 0 for unlimited time successfully checked proxies or another number to set a limit. --print-found Do not dump sites where the username was not found.
As you can see, there are many options here, including the options for using Tor. Although we will not be using them today, these functions can be useful if you do not want to know who is directly asking these questions.
Now that we can see how the script is executed. It's time to do a search. We upload our target, Neil Breen, with a screen name found by doing a Google search for "Neil Breen" and "Twitter."
This is our name guy. The screen name you are looking for is neilbreen . We format this as the following command, which uses the user name "neilbreen" to search for accounts on the Internet and only outputs the results it finds. This significantly reduces output, as most queries are generally negative. The last argument -r organizes the list of found accounts, according to which websites are the most popular.
~ / sherlock $ python3 sherlock.py neilbreen -r --print-found
If you execute this command, many issues will be output without the flag, regardless of the results – Print found displayed. In our example neilbreen we are virtually led through the Internet by Neil Breen's life.
~ / sherlock $ python3 sherlock.py neilbreen -r --print-found , "" "-. / ____ _ _ _ | _ .. - & # 39; -. / ___ || | __ ___ _ __ | | ___ ___ | | __> .` __.- "" ; "` ___ | & # 39; _ / _ & # 39; __ | | / _ / __ | | / / / / (^ ___) | | | | __ / | | | (_) | (__ | <& # 39; -`) = | -. | ____ / | _ | | _ | ___ | _ | | _ | ___ / ___ | _ | _ /`--.'-- & # 39; .-. . & # 39; `-._`. | J / / `-. | __ / [*] Checking the username neilbreen on: [+] Google Plus: https://plus.google.com/+neilbreen [+] Facebook: https://www.facebook.com/neilbreen [+] Twitter: https://www.twitter.com/neilbreen [+] VK: https://vk.com/neilbreen [+] Reddit: https://www.reddit.com/user/neilbreen [+] Twitch: https://m.twitch.tv/neilbreen [+] Ebay: https://www.ebay.com/usr/neilbreen [-] Connection error: GitHub [-] GitHub: Error! [+] Imgur: https://imgur.com/user/neilbreen [+] Pinterest: https://www.pinterest.com/neilbreen/ [-] Connection error: Roblox [-] Roblox: Error! [+] Spotify: https://open.spotify.com/user/neilbreen [+] Steam: https://steamcommunity.com/id/neilbreen [+] SteamGroup: https://steamcommunity.com/groups/neilbreen [+] SlideShare: https://slideshare.net/neilbreen [+] Media: https://medium.com/@neilbreen [-] Error while connecting: Scribd [-] Scribd: Error! [+] Academia.edu: https://independent.academia.edu/neilbreen [+] 9GAG: https://9gag.com/u/neilbreen [-] Connection error: GoodReads [-] GoodReads: Error! [+] Wattpad: https://www.wattpad.com/user/neilbreen [+] Bandcamp: https://www.bandcamp.com/neilbreen [+] Giphy: https://giphy.com/neilbreen [+] last.fm: https://last.fm/user/neilbreen [+] AskFM: https://ask.fm/neilbreen [+] Disqus: https://disqus.com/neilbreen [+] Tinder: https://www.gotinder.com/@neilbreen [-] Error while connecting: Kongregate [-] Kongregate: Error! [+] Letterboxd: https://letterboxd.com/neilbreen [+] 500px: https://500px.com/neilbreen [+] Newgrounds: https://neilbreen.newgrounds.com [-] Connection error: Trip [-] Trip: Error! [+] Venmo: https://venmo.com/neilbreen [+] NameMC (Minecraft.net skins): https://namemc.com/profile/neilbreen [+] Repl.it: https://repl.it/@neilbreen [-] Connection error: StreamMe [-] StreamMe: Error! [+] CashMe: https://cash.me/neilbreen [+] Kik: https://ws2.kik.com/user/neilbreen[19659011)Thisoutputhasalsoprovidedahandytextfiletostoretheresultsofwhichnowadayssomelinkswillhavetolookandseewhattheresultscanbe[
Step 4: Checking the destination list for more information
To check our destination list, enter ls to search for the created text file. In our example, it should be neilbreen.txt .
~ / sherlock $ ls CODE_OF_CONDUCT.md install_packages.sh __pycache__ screenshot tests CONTRIBUTING.md LICENSE README.md sherlock.py data.json load_proxies.py removed_sites.md site_list.py Dockerfile neilbreen.txt requirements.txt sites.md
You can read the contents by typing the following command cat which gives us a variety of URL destinations to choose from.
~ / sherlock $ cat neilbreen.txt https://plus.google.com/+neilbreen https://www.facebook.com/neilbreen Tweets by NeilBreen https://vk.com/neilbreen https://www.reddit.com/user/neilbreen https://m.twitch.tv/neilbreen https://www.ebay.com/usr/neilbreen https://imgur.com/user/neilbreen https://www.pinterest.com/neilbreen/ https://open.spotify.com/user/neilbreen https://steamcommunity.com/id/neilbreen https://steamcommunity.com/groups/neilbreen https://slideshare.net/neilbreen https://medium.com/@neilbreen https://independent.academia.edu/neilbreen https://9gag.com/u/neilbreen https://www.wattpad.com/user/neilbreen https://www.bandcamp.com/neilbreen https://giphy.com/neilbreen https://last.fm/user/neilbreen https://ask.fm/neilbreen https://disqus.com/neilbreen https://www.gotinder.com/@neilbreen https://letterboxd.com/neilbreen https://500px.com/neilbreen https://neilbreen.newgrounds.com https://venmo.com/neilbreen https://namemc.com/profile/neilbreen https://repl.it/@neilbreen https://cash.me/neilbreen https://ws2.kik.com/user/neilbreen[19659011lightboxesEinpaardavonkönnenwirausschließenwieGooglePlusdasjetztheruntergefahrenwurdeAnderekönnenvielnützlicherseinabhängigvonderArtdesErgebnissesdaswirerhaltenAufgrunddesinternationalenSuperstar-StatusvonNeilBreensindhiervieleFan-AccountsangesiedeltWirmüsseneinigevernünftigeTechnikenanwendenumsieauszuschließenwährendwirversuchenmehrInformationenüberdieselebendeLegendezufinden
Zunächst we see that an account with Venmo and Cash.me listed. While these do not appear here, many people leave their venmo payments public, so you can see who they pay for when. In this example, this account was apparently set up by a fan to receive donations for Neil Breen. A dead end.
Next, we'll move the list down the ranking of the most popular sites. Here we see an account that is more of a personal account.
The above link also leads us to a very insecure website for a Neil Breen movie titled "Pass-Thru," which could and should have many security holes also has.
A reverse image search of Neil's letterbox and Twitter profile images also finds another screen name used by the target: neil-breen . It leads back to an active Quora account, where the target prompts random strangers.
We've already used a screen name and found another one on the profile picture that we initially did not know about.
Another common source of information is websites where users exchange information. With DiaShare or Prezi, users can share visible presentations to the public.
If the target created presentations for business or personal reasons, we can see them here. In our case we did not find much. However, a search in the Reddit account we found shows that the account was dating before Neil Breen became huge. The age of the account means that it's probably legitimate. We can see that Neil likes to interact with Armani, is struggling with technology, and is trying to find ideas for the locations of his next film.
After all, our crown jewel is an active eBay account that lets us see many things Neil buys and reads reviews from sellers with whom he has completed transactions.
With the information here, we may examine hobbies, professional projects, and other details lost through eBay confirmed and listed purchases publicly under this screen name.
As we noted in our sample exam, Sherlock offers many clues to find useful details about a target. From financial transactions with Venmo to alternative screen names found when looking for favorite profile photos, Sherlock can enter a shocking amount of personal information. The next step in our investigation would be to re-run Sherlock with the new screen names we found on our first round, but we'll leave Neil alone for today.
I hope you have enjoyed this guide to using Sherlock for finding social networks Media accounts! If you have questions about this tutorial for OSINT tools, leave a comment below, and contact me at Twitter @KodyKinzie .