Sherlock
Sherlock Social Media Nombre de usuario Hunter Cheat Sheet
__HTML_TAG_22_ Todos los comandos
Overview¶
Sherlock es una poderosa herramienta OSINT que busca cuentas de redes sociales por nombre de usuario en más de 400 redes sociales. Está diseñado para encontrar nombres de usuario en un gran número de redes sociales muy rápidamente, lo que lo convierte en una herramienta esencial para las investigaciones digitales, los controles de antecedentes y la investigación de ciberseguridad. Sherlock utiliza una combinación de solicitudes HTTP y análisis de respuesta para determinar si existe un nombre de usuario en varias plataformas.
▪ restablecimiento Notificación legal: Únicamente use Sherlock para investigaciones legítimas de OSINT, pruebas de seguridad autorizadas o investigación personal. Respetar las condiciones de servicio y las leyes de privacidad aplicables.
Instalación¶
Python pip Instalación¶
# Install via pip
pip3 install sherlock-project
# Verify installation
sherlock --help
# Alternative: Install from GitHub
pip3 install git+https://github.com/sherlock-project/sherlock.git
# Install with all dependencies
pip3 install sherlock-project[all]
Docker Instalación¶
# Pull official Docker image
docker pull sherlockproject/sherlock
# Run with Docker
docker run --rm -t sherlockproject/sherlock username
# Run with output directory
docker run --rm -t -v $(pwd)/results:/opt/sherlock/results sherlockproject/sherlock username
# Build from source
git clone https://github.com/sherlock-project/sherlock.git
cd sherlock
docker build -t sherlock .
Instalación manual¶
# Clone repository
git clone https://github.com/sherlock-project/sherlock.git
cd sherlock
# Install dependencies
pip3 install -r requirements.txt
# Run directly
python3 sherlock username
# Make executable
chmod +x sherlock
./sherlock username
Virtual Environment Setup¶
# Create virtual environment
python3 -m venv sherlock-env
source sherlock-env/bin/activate
# Install Sherlock
pip install sherlock-project
# Verify installation
sherlock --version
Uso básico¶
Command Line Interface¶
# Basic username search
sherlock username
# Search multiple usernames
sherlock user1 user2 user3
# Search with output to file
sherlock username --output results.txt
# Search with CSV output
sherlock username --csv
# Search with JSON output
sherlock username --json results.json
# Verbose output
sherlock username --verbose
# Print only found results
sherlock username --print-found
Opciones de búsqueda avanzadas¶
# Search specific sites only
sherlock username --site GitHub --site Twitter
# Exclude specific sites
sherlock username --exclude Instagram --exclude Facebook
# Use proxy
sherlock username --proxy http://proxy:8080
# Set custom timeout
sherlock username --timeout 10
# Disable SSL verification
sherlock username --no-ssl-verify
# Use Tor proxy
sherlock username --tor
# Foldering output by username
sherlock username --folderoutput results/
Site-Specific Searchs¶
Popular Social Media Platforms¶
# Search major social networks
sherlock username --site Twitter --site Instagram --site Facebook --site LinkedIn
# Search professional networks
sherlock username --site LinkedIn --site GitHub --site GitLab --site Behance
# Search gaming platforms
sherlock username --site Steam --site Twitch --site Discord --site Xbox
# Search dating platforms
sherlock username --site Tinder --site Bumble --site Match
# Search forums and communities
sherlock username --site Reddit --site HackerNews --site StackOverflow
Plataformas de Tecnología y Desarrollo¶
# Developer platforms
sherlock username --site GitHub --site GitLab --site Bitbucket --site SourceForge
# Tech communities
sherlock username --site StackOverflow --site HackerNews --site DeviantArt
# Code sharing platforms
sherlock username --site Pastebin --site Gist --site CodePen
# Documentation platforms
sherlock username --site GitBook --site Notion --site Confluence
Content and Media Platforms¶
# Video platforms
sherlock username --site YouTube --site Vimeo --site TikTok --site Dailymotion
# Photo platforms
sherlock username --site Instagram --site Flickr --site 500px --site Imgur
# Blogging platforms
sherlock username --site Medium --site WordPress --site Blogger --site Tumblr
# Music platforms
sherlock username --site Spotify --site SoundCloud --site Bandcamp
Formatos de salida y análisis¶
Text Output¶
# Basic text output
sherlock username > results.txt
# Verbose text output
sherlock username --verbose > detailed_results.txt
# Only found accounts
sherlock username --print-found > found_accounts.txt
# With timestamps
sherlock username --verbose|tee "results_$(date +%Y%m%d_%H%M%S).txt"
Datos estructurados¶
# CSV format
sherlock username --csv --output results.csv
# JSON format
sherlock username --json results.json
# Both CSV and JSON
sherlock username --csv --json results.json --output results.csv
# Folder output (organized by username)
sherlock user1 user2 --folderoutput investigation_results/
Custom Output Processing¶
#!/usr/bin/env python3
# sherlock-output-processor.py
import json
import csv
import sys
from datetime import datetime
def process_sherlock_json(json_file):
"""Process Sherlock JSON output"""
try:
with open(json_file, 'r') as f:
data = json.load(f)
results = []
for username, sites in data.items():
for site, info in sites.items():
if info.get('status') == 'Claimed':
results.append(\\\\{
'username': username,
'site': site,
'url': info.get('url_user', ''),
'response_time': info.get('response_time_s', 0),
'status': info.get('status', '')
\\\\})
return results
except Exception as e:
print(f"Error processing JSON: \\\\{e\\\\}")
return []
def generate_summary_report(results):
"""Generate summary report from results"""
if not results:
return "No results to process"
# Count by platform
platform_counts = \\\\{\\\\}
for result in results:
platform = result['site']
platform_counts[platform] = platform_counts.get(platform, 0) + 1
# Generate report
report = f"""
Sherlock Investigation Summary
Generated: \\\\{datetime.now().strftime('%Y-%m-%d %H:%M:%S')\\\\}
Total Accounts Found: \\\\{len(results)\\\\}
Unique Platforms: \\\\{len(platform_counts)\\\\}
Platform Distribution:
"""
for platform, count in sorted(platform_counts.items(), key=lambda x: x[1], reverse=True):
report += f" \\\\{platform\\\\}: \\\\{count\\\\}\n"
report += "\nDetailed Results:\n"
for result in results:
report += f" \\\\{result['site']\\\\}: \\\\{result['url']\\\\}\n"
return report
def export_to_csv(results, filename):
"""Export results to CSV"""
if not results:
return
with open(filename, 'w', newline='') as csvfile:
fieldnames = ['username', 'site', 'url', 'response_time', 'status']
writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
writer.writeheader()
for result in results:
writer.writerow(result)
def main():
if len(sys.argv) != 2:
print("Usage: python3 sherlock-output-processor.py <sherlock_json_file>")
sys.exit(1)
json_file = sys.argv[1]
results = process_sherlock_json(json_file)
if results:
# Generate summary
summary = generate_summary_report(results)
print(summary)
# Save summary to file
with open('sherlock_summary.txt', 'w') as f:
f.write(summary)
# Export to CSV
export_to_csv(results, 'sherlock_results.csv')
print(f"\nSummary saved to: sherlock_summary.txt")
print(f"CSV export saved to: sherlock_results.csv")
else:
print("No valid results found in JSON file")
if __name__ == "__main__":
main()
Automatización y procesamiento de lotes¶
Batch Username Investigation¶
#!/bin/bash
# sherlock-batch-investigation.sh
USERNAMES_FILE="$1"
OUTPUT_DIR="$2"
if [ $# -ne 2 ]; then
echo "Usage: $0 <usernames_file> <output_directory>"
echo "Example: $0 usernames.txt investigation_results/"
exit 1
fi
if [ ! -f "$USERNAMES_FILE" ]; then
echo "Error: Usernames file not found: $USERNAMES_FILE"
exit 1
fi
# Create output directory
mkdir -p "$OUTPUT_DIR"
echo "Starting batch Sherlock investigation"
echo "Usernames file: $USERNAMES_FILE"
echo "Output directory: $OUTPUT_DIR"
echo "=================================="
# Process each username
while IFS= read -r username; do
# Skip empty lines and comments
if [[ -z "$username"||"$username" =~ ^#.* ]]; then
continue
fi
echo "Investigating username: $username"
# Create individual output files
TEXT_OUTPUT="$OUTPUT_DIR/$\\\\{username\\\\}_results.txt"
JSON_OUTPUT="$OUTPUT_DIR/$\\\\{username\\\\}_results.json"
CSV_OUTPUT="$OUTPUT_DIR/$\\\\{username\\\\}_results.csv"
# Run Sherlock with multiple output formats
sherlock "$username" \
--output "$TEXT_OUTPUT" \
--json "$JSON_OUTPUT" \
--csv \
--timeout 15 \
--print-found \
--verbose
# Move CSV file to proper location
if [ -f "$\\\\{username\\\\}.csv" ]; then
mv "$\\\\{username\\\\}.csv" "$CSV_OUTPUT"
fi
echo "Results saved for $username"
echo " Text: $TEXT_OUTPUT"
echo " JSON: $JSON_OUTPUT"
echo " CSV: $CSV_OUTPUT"
echo ""
# Add delay to avoid rate limiting
sleep 2
done < "$USERNAMES_FILE"
echo "Batch investigation completed"
echo "Results saved in: $OUTPUT_DIR"
# Generate combined summary
echo "Generating combined summary..."
python3 << 'PYTHON_SCRIPT'
import os
import json
import sys
from collections import defaultdict
output_dir = sys.argv[1] if len(sys.argv) > 1 else "investigation_results"
all_results = defaultdict(list)
total_accounts = 0
# Process all JSON files
for filename in os.listdir(output_dir):
if filename.endswith('_results.json'):
username = filename.replace('_results.json', '')
filepath = os.path.join(output_dir, filename)
try:
with open(filepath, 'r') as f:
data = json.load(f)
for site, info in data.get(username, \\\\{\\\\}).items():
if info.get('status') == 'Claimed':
all_results[username].append(\\\\{
'site': site,
'url': info.get('url_user', ''),
'response_time': info.get('response_time_s', 0)
\\\\})
total_accounts += 1
except Exception as e:
print(f"Error processing \\\\{filename\\\\}: \\\\{e\\\\}")
# Generate summary report
summary_file = os.path.join(output_dir, 'investigation_summary.txt')
with open(summary_file, 'w') as f:
f.write("Sherlock Batch Investigation Summary\n")
f.write("===================================\n\n")
f.write(f"Total usernames investigated: \\\\{len(all_results)\\\\}\n")
f.write(f"Total accounts found: \\\\{total_accounts\\\\}\n\n")
for username, accounts in all_results.items():
f.write(f"Username: \\\\{username\\\\}\n")
f.write(f"Accounts found: \\\\{len(accounts)\\\\}\n")
for account in accounts:
f.write(f" \\\\{account['site']\\\\}: \\\\{account['url']\\\\}\n")
f.write("\n")
print(f"Combined summary saved to: \\\\{summary_file\\\\}")
PYTHON_SCRIPT "$OUTPUT_DIR"
Automated Monitoring Script¶
#!/usr/bin/env python3
# sherlock-monitor.py
import subprocess
import json
import time
import smtplib
from email.mime.text import MimeText
from email.mime.multipart import MimeMultipart
from datetime import datetime
import os
class SherlockMonitor:
def __init__(self, config_file="monitor_config.json"):
self.config = self.load_config(config_file)
self.previous_results = \\\\{\\\\}
self.load_previous_results()
def load_config(self, config_file):
"""Load monitoring configuration"""
default_config = \\\\{
"usernames": [],
"check_interval": 3600, # 1 hour
"email_notifications": False,
"email_config": \\\\{
"smtp_server": "smtp.gmail.com",
"smtp_port": 587,
"username": "",
"password": "",
"to_email": ""
\\\\},
"output_directory": "monitoring_results"
\\\\}
try:
with open(config_file, 'r') as f:
config = json.load(f)
# Merge with defaults
for key, value in default_config.items():
if key not in config:
config[key] = value
return config
except FileNotFoundError:
print(f"Config file not found, creating default: \\\\{config_file\\\\}")
with open(config_file, 'w') as f:
json.dump(default_config, f, indent=2)
return default_config
def load_previous_results(self):
"""Load previous monitoring results"""
results_file = os.path.join(self.config["output_directory"], "previous_results.json")
try:
with open(results_file, 'r') as f:
self.previous_results = json.load(f)
except FileNotFoundError:
self.previous_results = \\\\{\\\\}
def save_results(self, results):
"""Save current results"""
os.makedirs(self.config["output_directory"], exist_ok=True)
results_file = os.path.join(self.config["output_directory"], "previous_results.json")
with open(results_file, 'w') as f:
json.dump(results, f, indent=2)
self.previous_results = results
def run_sherlock(self, username):
"""Run Sherlock for a specific username"""
output_file = os.path.join(self.config["output_directory"], f"\\\\{username\\\\}_latest.json")
try:
cmd = [
"sherlock", username,
"--json", output_file,
"--timeout", "15",
"--print-found"
]
result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)
if result.returncode == 0 and os.path.exists(output_file):
with open(output_file, 'r') as f:
return json.load(f)
else:
print(f"Sherlock failed for \\\\{username\\\\}: \\\\{result.stderr\\\\}")
return None
except Exception as e:
print(f"Error running Sherlock for \\\\{username\\\\}: \\\\{e\\\\}")
return None
def compare_results(self, username, current_results, previous_results):
"""Compare current and previous results"""
changes = \\\\{
"new_accounts": [],
"removed_accounts": [],
"username": username,
"timestamp": datetime.now().isoformat()
\\\\}
current_sites = set()
previous_sites = set()
# Extract claimed accounts
if username in current_results:
for site, info in current_results[username].items():
if info.get('status') == 'Claimed':
current_sites.add(site)
if username in previous_results:
for site, info in previous_results[username].items():
if info.get('status') == 'Claimed':
previous_sites.add(site)
# Find changes
changes["new_accounts"] = list(current_sites - previous_sites)
changes["removed_accounts"] = list(previous_sites - current_sites)
return changes
def send_notification(self, changes):
"""Send email notification about changes"""
if not self.config["email_notifications"]:
return
if not changes["new_accounts"] and not changes["removed_accounts"]:
return
try:
msg = MimeMultipart()
msg['From'] = self.config["email_config"]["username"]
msg['To'] = self.config["email_config"]["to_email"]
msg['Subject'] = f"Sherlock Monitor Alert - \\\\{changes['username']\\\\}"
body = f"""
Sherlock monitoring detected changes for username: \\\\{changes['username']\\\\}
Timestamp: \\\\{changes['timestamp']\\\\}
New accounts found: \\\\{len(changes['new_accounts'])\\\\}
\\\\{chr(10).join(changes['new_accounts'])\\\\}
Removed accounts: \\\\{len(changes['removed_accounts'])\\\\}
\\\\{chr(10).join(changes['removed_accounts'])\\\\}
This is an automated message from Sherlock Monitor.
"""
msg.attach(MimeText(body, 'plain'))
server = smtplib.SMTP(
self.config["email_config"]["smtp_server"],
self.config["email_config"]["smtp_port"]
)
server.starttls()
server.login(
self.config["email_config"]["username"],
self.config["email_config"]["password"]
)
text = msg.as_string()
server.sendmail(
self.config["email_config"]["username"],
self.config["email_config"]["to_email"],
text
)
server.quit()
print(f"Notification sent for \\\\{changes['username']\\\\}")
except Exception as e:
print(f"Failed to send notification: \\\\{e\\\\}")
def monitor_usernames(self):
"""Monitor all configured usernames"""
print(f"Starting Sherlock monitoring at \\\\{datetime.now()\\\\}")
print(f"Monitoring \\\\{len(self.config['usernames'])\\\\} usernames")
current_results = \\\\{\\\\}
all_changes = []
for username in self.config["usernames"]:
print(f"Checking username: \\\\{username\\\\}")
# Run Sherlock
results = self.run_sherlock(username)
if results:
current_results.update(results)
# Compare with previous results
changes = self.compare_results(username, results, self.previous_results)
if changes["new_accounts"] or changes["removed_accounts"]:
print(f"Changes detected for \\\\{username\\\\}:")
print(f" New accounts: \\\\{changes['new_accounts']\\\\}")
print(f" Removed accounts: \\\\{changes['removed_accounts']\\\\}")
all_changes.append(changes)
self.send_notification(changes)
else:
print(f"No changes for \\\\{username\\\\}")
# Delay between checks
time.sleep(5)
# Save current results
self.save_results(current_results)
# Save change log
if all_changes:
change_log_file = os.path.join(
self.config["output_directory"],
f"changes_\\\\{datetime.now().strftime('%Y%m%d_%H%M%S')\\\\}.json"
)
with open(change_log_file, 'w') as f:
json.dump(all_changes, f, indent=2)
print(f"Change log saved: \\\\{change_log_file\\\\}")
print(f"Monitoring cycle completed at \\\\{datetime.now()\\\\}")
def run_continuous_monitoring(self):
"""Run continuous monitoring with configured interval"""
print("Starting continuous Sherlock monitoring")
print(f"Check interval: \\\\{self.config['check_interval']\\\\} seconds")
while True:
try:
self.monitor_usernames()
print(f"Sleeping for \\\\{self.config['check_interval']\\\\} seconds...")
time.sleep(self.config["check_interval"])
except KeyboardInterrupt:
print("\nMonitoring stopped by user")
break
except Exception as e:
print(f"Error in monitoring cycle: \\\\{e\\\\}")
time.sleep(60) # Wait 1 minute before retrying
def main():
import sys
if len(sys.argv) > 1 and sys.argv[1] == "--continuous":
monitor = SherlockMonitor()
monitor.run_continuous_monitoring()
else:
monitor = SherlockMonitor()
monitor.monitor_usernames()
if __name__ == "__main__":
main()
Integración con otras herramientas OSINT¶
Maltego Integration¶
#!/usr/bin/env python3
# sherlock-maltego-integration.py
import json
import csv
import xml.etree.ElementTree as ET
from datetime import datetime
def sherlock_to_maltego(sherlock_json, output_file="maltego_import.csv"):
"""Convert Sherlock results to Maltego CSV format"""
try:
with open(sherlock_json, 'r') as f:
data = json.load(f)
maltego_data = []
for username, sites in data.items():
# Add username entity
maltego_data.append(\\\\{
'Entity Type': 'maltego.Username',
'Entity Value': username,
'Additional Fields': '',
'Notes': f'Investigated with Sherlock on \\\\{datetime.now().strftime("%Y-%m-%d")\\\\}'
\\\\})
for site, info in sites.items():
if info.get('status') == 'Claimed':
# Add website entity
maltego_data.append(\\\\{
'Entity Type': 'maltego.Website',
'Entity Value': info.get('url_user', ''),
'Additional Fields': f'Platform=\\\\{site\\\\}',
'Notes': f'Username: \\\\{username\\\\}, Response time: \\\\{info.get("response_time_s", 0)\\\\}s'
\\\\})
# Write to CSV
with open(output_file, 'w', newline='') as csvfile:
fieldnames = ['Entity Type', 'Entity Value', 'Additional Fields', 'Notes']
writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
writer.writeheader()
for row in maltego_data:
writer.writerow(row)
print(f"Maltego import file created: \\\\{output_file\\\\}")
return output_file
except Exception as e:
print(f"Error creating Maltego import: \\\\{e\\\\}")
return None
def create_maltego_transform_config():
"""Create Maltego transform configuration"""
config = """
<?xml version="1.0" encoding="UTF-8"?>
<MaltegoTransform>
<Name>Sherlock Username Search</Name>
<UIName>Sherlock Username Search</UIName>
<Author>OSINT Investigator</Author>
<Description>Search for username across social media platforms using Sherlock</Description>
<Version>1.0</Version>
<InputEntity>maltego.Username</InputEntity>
<OutputEntity>maltego.Website</OutputEntity>
<TransformSettings>
<Property name="cmdline" type="string">python3 sherlock_transform.py</Property>
<Property name="cmdparms" type="string">%value%</Property>
<Property name="working-directory" type="string">.</Property>
</TransformSettings>
</MaltegoTransform>
"""
with open('sherlock_transform.mtz', 'w') as f:
f.write(config)
print("Maltego transform configuration created: sherlock_transform.mtz")
OSINT Framework Integration¶
#!/usr/bin/env python3
# osint-framework-sherlock.py
import subprocess
import json
import requests
from datetime import datetime
import os
class OSINTFrameworkIntegration:
def __init__(self):
self.results = \\\\{\\\\}
self.tools_used = []
def run_sherlock(self, username):
"""Run Sherlock investigation"""
print(f"Running Sherlock for: \\\\{username\\\\}")
output_file = f"sherlock_\\\\{username\\\\}.json"
try:
cmd = ["sherlock", username, "--json", output_file, "--timeout", "15"]
result = subprocess.run(cmd, capture_output=True, text=True)
if result.returncode == 0 and os.path.exists(output_file):
with open(output_file, 'r') as f:
sherlock_data = json.load(f)
self.results['sherlock'] = sherlock_data
self.tools_used.append('Sherlock')
return sherlock_data
else:
print(f"Sherlock failed: \\\\{result.stderr\\\\}")
return None
except Exception as e:
print(f"Error running Sherlock: \\\\{e\\\\}")
return None
def run_theharvester(self, domain):
"""Run theHarvester for email enumeration"""
print(f"Running theHarvester for: \\\\{domain\\\\}")
try:
cmd = ["theharvester", "-d", domain, "-l", "100", "-b", "google,bing"]
result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)
if result.returncode == 0:
# Parse theHarvester output
emails = []
hosts = []
for line in result.stdout.split('\n'):
if '@' in line and domain in line:
emails.append(line.strip())
elif domain in line and not '@' in line:
hosts.append(line.strip())
harvester_data = \\\\{
'emails': emails,
'hosts': hosts,
'domain': domain
\\\\}
self.results['theharvester'] = harvester_data
self.tools_used.append('theHarvester')
return harvester_data
except Exception as e:
print(f"Error running theHarvester: \\\\{e\\\\}")
return None
def check_haveibeenpwned(self, email):
"""Check Have I Been Pwned for email"""
print(f"Checking Have I Been Pwned for: \\\\{email\\\\}")
try:
url = f"https://haveibeenpwned.com/api/v3/breachedaccount/\\\\{email\\\\}"
headers = \\\\{
'User-Agent': 'OSINT-Investigation-Tool',
'hibp-api-key': 'YOUR_API_KEY_HERE' # Replace with actual API key
\\\\}
response = requests.get(url, headers=headers, timeout=10)
if response.status_code == 200:
breaches = response.json()
self.results['haveibeenpwned'] = \\\\{
'email': email,
'breaches': breaches,
'breach_count': len(breaches)
\\\\}
self.tools_used.append('Have I Been Pwned')
return breaches
elif response.status_code == 404:
print(f"No breaches found for \\\\{email\\\\}")
return []
else:
print(f"HIBP API error: \\\\{response.status_code\\\\}")
return None
except Exception as e:
print(f"Error checking Have I Been Pwned: \\\\{e\\\\}")
return None
def comprehensive_investigation(self, target):
"""Run comprehensive OSINT investigation"""
print(f"Starting comprehensive investigation for: \\\\{target\\\\}")
# Determine if target is username, email, or domain
if '@' in target:
# Email investigation
email = target
domain = target.split('@')[1]
username = target.split('@')[0]
# Run investigations
self.run_sherlock(username)
self.run_theharvester(domain)
self.check_haveibeenpwned(email)
elif '.' in target and len(target.split('.')) > 1:
# Domain investigation
domain = target
self.run_theharvester(domain)
# Could also run Sherlock on domain name as username
self.run_sherlock(domain.split('.')[0])
else:
# Username investigation
username = target
self.run_sherlock(username)
# Could also check common email patterns
common_domains = ['gmail.com', 'yahoo.com', 'hotmail.com', 'outlook.com']
for domain in common_domains:
email = f"\\\\{username\\\\}@\\\\{domain\\\\}"
self.check_haveibeenpwned(email)
return self.generate_comprehensive_report()
def generate_comprehensive_report(self):
"""Generate comprehensive investigation report"""
report = \\\\{
'investigation_timestamp': datetime.now().isoformat(),
'tools_used': self.tools_used,
'results_summary': \\\\{\\\\},
'detailed_results': self.results,
'recommendations': []
\\\\}
# Summarize results
if 'sherlock' in self.results:
sherlock_accounts = 0
for username, sites in self.results['sherlock'].items():
for site, info in sites.items():
if info.get('status') == 'Claimed':
sherlock_accounts += 1
report['results_summary']['sherlock'] = \\\\{
'accounts_found': sherlock_accounts,
'platforms_checked': len(sites) if 'sites' in locals() else 0
\\\\}
if 'theharvester' in self.results:
harvester_data = self.results['theharvester']
report['results_summary']['theharvester'] = \\\\{
'emails_found': len(harvester_data.get('emails', [])),
'hosts_found': len(harvester_data.get('hosts', []))
\\\\}
if 'haveibeenpwned' in self.results:
hibp_data = self.results['haveibeenpwned']
report['results_summary']['haveibeenpwned'] = \\\\{
'breaches_found': hibp_data.get('breach_count', 0)
\\\\}
# Generate recommendations
if report['results_summary'].get('sherlock', \\\\{\\\\}).get('accounts_found', 0) > 5:
report['recommendations'].append("High social media presence detected - verify account authenticity")
if report['results_summary'].get('haveibeenpwned', \\\\{\\\\}).get('breaches_found', 0) > 0:
report['recommendations'].append("Email found in data breaches - recommend password changes")
# Save report
report_file = f"osint_investigation_\\\\{datetime.now().strftime('%Y%m%d_%H%M%S')\\\\}.json"
with open(report_file, 'w') as f:
json.dump(report, f, indent=2)
print(f"Comprehensive report saved: \\\\{report_file\\\\}")
return report
def main():
import sys
if len(sys.argv) != 2:
print("Usage: python3 osint-framework-sherlock.py <target>")
print("Target can be: username, email, or domain")
sys.exit(1)
target = sys.argv[1]
investigation = OSINTFrameworkIntegration()
report = investigation.comprehensive_investigation(target)
print("\nInvestigation Summary:")
print("=" * 50)
for tool, summary in report['results_summary'].items():
print(f"\\\\{tool.upper()\\\\}:")
for key, value in summary.items():
print(f" \\\\{key\\\\}: \\\\{value\\\\}")
if report['recommendations']:
print("\nRecommendations:")
for rec in report['recommendations']:
print(f" - \\\\{rec\\\\}")
if __name__ == "__main__":
main()
Buenas Prácticas y OPSEC¶
Operational Security¶
#!/bin/bash
# sherlock-opsec-setup.sh
echo "Sherlock OPSEC Configuration"
echo "============================"
# Network security
echo "1. Network Security:"
echo " □ Use VPN or proxy"
echo " □ Rotate IP addresses"
echo " □ Monitor for rate limiting"
echo " □ Use Tor for sensitive investigations"
# Data security
echo -e "\n2. Data Security:"
echo " □ Encrypt investigation results"
echo " □ Use secure file permissions"
echo " □ Regular cleanup of temporary files"
echo " □ Secure storage of findings"
# Legal compliance
echo -e "\n3. Legal Compliance:"
echo " □ Verify investigation authorization"
echo " □ Document methodology"
echo " □ Respect platform terms of service"
echo " □ Follow local privacy laws"
# Technical measures
echo -e "\n4. Technical Measures:"
echo " □ Use isolated investigation environment"
echo " □ Monitor system resources"
echo " □ Implement logging"
echo " □ Regular tool updates"
Tasa de limitación y integridad¶
import time
import random
import subprocess
def stealth_sherlock_search(username, delay_range=(5, 15)):
"""Run Sherlock with stealth measures"""
# Random delay before starting
delay = random.uniform(delay_range[0], delay_range[1])
print(f"Waiting \\\\{delay:.1f\\\\} seconds before search...")
time.sleep(delay)
# Run Sherlock with timeout and limited sites
cmd = [
"sherlock", username,
"--timeout", "20",
"--json", f"\\\\{username\\\\}_stealth.json",
"--print-found"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=600)
if result.returncode == 0:
print(f"Stealth search completed for \\\\{username\\\\}")
return True
else:
print(f"Search failed: \\\\{result.stderr\\\\}")
return False
except subprocess.TimeoutExpired:
print("Search timed out")
return False
except Exception as e:
print(f"Error: \\\\{e\\\\}")
return False
def batch_stealth_investigation(usernames, delay_range=(10, 30)):
"""Run batch investigation with stealth measures"""
results = \\\\{\\\\}
for i, username in enumerate(usernames):
print(f"Processing \\\\{i+1\\\\}/\\\\{len(usernames)\\\\}: \\\\{username\\\\}")
success = stealth_sherlock_search(username, delay_range)
results[username] = success
# Longer delay between users
if i < len(usernames) - 1:
delay = random.uniform(delay_range[0], delay_range[1])
print(f"Waiting \\\\{delay:.1f\\\\} seconds before next user...")
time.sleep(delay)
return results
Troubleshooting¶
Common Issues and Solutions¶
# Issue: No results returned
# Solution: Check internet connection and site availability
sherlock username --verbose
# Issue: Timeout errors
# Solution: Increase timeout value
sherlock username --timeout 30
# Issue: SSL/TLS errors
# Solution: Disable SSL verification (use with caution)
sherlock username --no-ssl-verify
# Issue: Proxy connection errors
# Solution: Verify proxy configuration
sherlock username --proxy http://proxy:8080 --verbose
# Issue: JSON output not generated
# Solution: Check file permissions and disk space
sherlock username --json results.json --verbose
Debug and Logging¶
import subprocess
import logging
# Enable debug logging
logging.basicConfig(level=logging.DEBUG)
def debug_sherlock_run(username):
"""Run Sherlock with debug information"""
cmd = ["sherlock", username, "--verbose", "--debug"]
try:
result = subprocess.run(
cmd,
capture_output=True,
text=True,
timeout=300
)
print("STDOUT:")
print(result.stdout)
print("\nSTDERR:")
print(result.stderr)
print(f"\nReturn code: \\\\{result.returncode\\\\}")
return result.returncode == 0
except Exception as e:
print(f"Debug run failed: \\\\{e\\\\}")
return False
Performance Optimization¶
# Use specific sites for faster results
sherlock username --site GitHub --site Twitter --site Instagram
# Reduce timeout for faster scanning
sherlock username --timeout 5
# Use multiple processes for batch operations
parallel -j 4 sherlock \\\\{\\\\} --json \\\\{\\\\}.json ::: user1 user2 user3 user4
# Monitor system resources
htop # Monitor CPU and memory usage during large investigations
Resources¶
- [Sherlock GitHub Repository]
- [Sherlock Documentation](URL_28__
- [SINT Framework](URL_29__
- [Social Media OSINT Guide](URL_30_
- [Tecnicas de investigación del nombre de usuario](URL_31__
-...
*Esta hoja de trampa proporciona una guía completa para utilizar Sherlock para las investigaciones de nombres de usuario y redes sociales OSINT. Garantizar siempre la debida autorización y el cumplimiento legal antes de realizar cualquier investigación. *