How To: Hunt Down Social Media Accounts by Usernames with Sherlock

Hunt Down Social Media Accounts by Usernames with Sherlock

When researching a person using open source intelligence, the goal is to find clues that tie information about a target into a bigger picture. Screen names are perfect for this because they are unique and link data together, as people often reuse them in accounts across the internet. With Sherlock, we can instantly hunt down social media accounts created with a unique screen name on many online platforms simultaneously.

From a single clue like an email address or screen name, Sherlock can grow what we know about a target piece by piece as we learn about their activity on the internet. Even if a person is careful, their online contacts may not be, and it's easy to slip up and leave default privacy setting enabled on apps like Venmo. A single screen name can reveal many user accounts created by the same person, potentially introducing photos, accounts of family members, and other avenues for collecting further information.

What Sherlock Can Find

Social media accounts are rich sources of clues. One social media account may contain links to others which use different screen names, giving you another round of searching to include the newly discovered leads. Images from profile photos are easy to put into a reverse image search, allowing you to find other profiles using the same image whenever the target has a preferred profile photo.

Even the description text in a profile may often be copied and pasted between profiles, allowing you to search for profiles created with identical profile text or descriptions. For our example, I'll be taking the suggestion of a fellow Null Byte writer to target the social media accounts of Neil Breen, director of many very intense movies such as the classic hacker film Fateful Findings.

What You'll Need

Python 3.6 or higher is required, but aside from that, you'll just need pip3 to install Sherlock on your computer. I had it running on macOS and Ubuntu just fine, so it seems to be cross-platform. If you want to learn more about the project, you can check out its simple GitHub page.

Step 1: Install Python & Sherlock

To get started, we can follow the instructions included in the GitHub repository. In a new terminal window, run the following commands to install Sherlock and all dependencies needed.

~$ git clone
~$ cd sherlock
~/sherlock$ pip3 install -r requirements.txt

If something fails, make sure you have python3 and python3-pip installed, as they're required for Sherlock to install. Once it's finished installing, you can run python3 -h from inside the /sherlock folder to see the help menu.

~/sherlock$ python3 -h

usage: [-h] [--version] [--verbose] [--rank]
                   [--folderoutput FOLDEROUTPUT] [--output OUTPUT] [--tor]
                   [--unique-tor] [--csv] [--site SITE_NAME]
                   [--proxy PROXY_URL] [--json JSON_FILE]
                   [--proxy_list PROXY_LIST] [--check_proxies CHECK_PROXY]
                   USERNAMES [USERNAMES ...]

Sherlock: Find Usernames Across Social Networks (Version 0.5.8)

positional arguments:
  USERNAMES             One or more usernames to check with social networks.

optional arguments:
  -h, --help            show this help message and exit
  --version             Display version information and dependencies.
  --verbose, -v, -d, --debug
                        Display extra debugging information and metrics.
  --rank, -r            Present websites ordered by their global
                        rank in popularity.
                        If using multiple usernames, the output of the results
                        will be saved at this folder.
  --output OUTPUT, -o OUTPUT
                        If using single username, the output of the result
                        will be saved at this file.
  --tor, -t             Make requests over TOR; increases runtime; requires
                        TOR to be installed and in system path.
  --unique-tor, -u      Make requests over TOR with new TOR circuit after each
                        request; increases runtime; requires TOR to be
                        installed and in system path.
  --csv                 Create Comma-Separated Values (CSV) File.
  --site SITE_NAME      Limit analysis to just the listed sites. Add multiple
                        options to specify more than one site.
  --proxy PROXY_URL, -p PROXY_URL
                        Make requests over a proxy. e.g.
  --json JSON_FILE, -j JSON_FILE
                        Load data from a JSON file or an online, valid, JSON
  --proxy_list PROXY_LIST, -pl PROXY_LIST
                        Make requests over a proxy randomly chosen from a list
                        generated from a .csv file.
  --check_proxies CHECK_PROXY, -cp CHECK_PROXY
                        To be used with the '--proxy_list' parameter. The
                        script will check if the proxies supplied in the .csv
                        file are working and anonymous.Put 0 for no limit on
                        successfully checked proxies, or another number to
                        institute a limit.
  --print-found         Do not output sites where the username was not found.

As you can see, there are lots of options here, including options for using Tor. While we won't be using them today, these features can come in handy when we don't want anyone to know who is making these requests directly.

Step 2: Identify a Screen Name

Now that we can see how the script runs, it's time to run a search. We'll load up our target, Neil Breen, with a screen name found by running a Google search for "Neil Breen" and "Twitter."

That's our guy. The screen name we'll be searching is neilbreen. We'll format that as the following command, which will search for accounts across the internet with the username "neilbreen" and print only the results that it finds. It will significantly reduce the output, as the majority of queries will usually come back negative. The final argument, -r, will organize the list of found accounts by which websites are most popular.

~/sherlock$ python3 neilbreen -r --print-found

Step 3: Scan for Accounts

Upon running this command, we will see a lot of output without the --print found flag regardless of the results. In our neilbreen example, we are taken on a virtual tour of Neil Breen's life across the internet.

~/sherlock$ python3 neilbreen -r --print-found

                                             /      \
 ____  _               _            _        |  _..--'-.
/ ___|| |__   ___ _ __| | ___   ___| |__    >.`__.-""\;"`
\___ \| '_ \ / _ \ '__| |/ _ \ / __| |/ /   / /(     ^\
 ___) | | | |  __/ |  | | (_) | (__|   <    '-`)     =|-.
|____/|_| |_|\___|_|  |_|\___/ \___|_|\_\    /`--.'--'   \ .-.
                                           .'`-._ `.\    | J /
                                          /      `--.|   \__/

[*] Checking username neilbreen on:
[+] Google Plus:
[+] Facebook:
[+] Twitter:
[+] VK:
[+] Reddit:
[+] Twitch:
[+] Ebay:
[-] Error Connecting: GitHub
[-] GitHub: Error!
[+] Imgur:
[+] Pinterest:
[-] Error Connecting: Roblox
[-] Roblox: Error!
[+] Spotify:
[+] Steam:
[+] SteamGroup:
[+] SlideShare:
[+] Medium:
[-] Error Connecting: Scribd
[-] Scribd: Error!
[+] 9GAG:
[-] Error Connecting: GoodReads
[-] GoodReads: Error!
[+] Wattpad:
[+] Bandcamp:
[+] Giphy:
[+] AskFM:
[+] Disqus:
[+] Tinder:
[-] Error Connecting: Kongregate
[-] Kongregate: Error!
[+] Letterboxd:
[+] 500px:
[+] Newgrounds:
[-] Error Connecting: Trip
[-] Trip: Error!
[+] Venmo:
[+] NameMC ( skins):
[-] Error Connecting: StreamMe
[-] StreamMe: Error!
[+] CashMe:
[+] Kik:

Aside from this output, we've also got a handy text file that's been created to store the results. Now that we have some links, let's get creepy and see what we can find from the results.

Step 4: Check Target List for More Clues

To review our target list, type ls to locate the text file that was created. It should be, in our example, neilbreen.txt.

~/sherlock$ ls  __pycache__       screenshot    tests     LICENSE    
Dockerfile          neilbreen.txt        requirements.txt

We can read the contents by typing the following cat command, which gives us plenty of URL targets to pick from.

~/sherlock$ cat neilbreen.txt

A few of these we can rule out, like Google Plus, which has now shut down. Others can be much more useful, depending on the type of result we get. Due to Neil Breen's international superstar status, there are many fan accounts sprinkled in here. We'll need to use some common-sense techniques to rule them out while trying to locate more information about this living legend.

First, we see that there is a Venmo and account listed. While these don't pan out here, many people leave their Venmo payments public, allowing you to see who they are paying and when. In this example, it appears this account was set up by a fan to accept donations on behalf of Neil Breen. A dead end.

Next, we move down the list, which is organized by a ranking of which sites are most popular. Here, we see an account that's more likely to be a personal account.

The link above also takes us to a very insecure website for a Neil Breen movie called "Pass-Thru" which could, and probably does, have many vulnerabilities.

A reverse image search of Neil's Letterboxd and Twitter profile images also locate another screen name the target uses: neil-breen. It leads back to an active Quora account where the target advises random strangers.

Already, we've taken one screen name, and through the profile image, found another screen name that we didn't initially know about.

Another common source of information are websites people use to share information. Things like SlideShare or Prezi allow users to share presentations that are visible to the public.

If the target has made any presentations for work or personal reasons, we can see them here. In our case, we didn't find much. But a search through the Reddit account we found shows that the account dates back to before Neil Breen got huge.

The first post is promoting his movie, so that plus the age of the account means it's likely this one is legit. We can see that Neil likes Armani exchange, struggles with technology, and is trying to get ideas for where to set his next movie.

Finally, our crown gem is an active eBay account, which allows us to see many things Neil buys and read reviews from sellers he's had transactions with.

The info here lets us dig into hobbies, professional projects, and other details leaked through purchases verified by eBay and listed publicly under that screen name.

Sherlock Can Connect the Dots Across User Accounts

As we found during our sample investigation, Sherlock provides a lot of clues to locate useful details about a target. From Venmo financial transactions to alternative screen names found through searching for favorite profile photos, Sherlock can bring in a shocking amount of personal details. The next step in our investigation would be to rerun Sherlock with the new screen names we've located during our first run, but we'll leave Neil alone for today.

I hope you enjoyed this guide to using Sherlock to find social media accounts! If you have any questions about this tutorial on OSINT tools, leave a comment below, and feel free to reach me on Twitter @KodyKinzie.

Just updated your iPhone? You'll find new features for Podcasts, News, Books, and TV, as well as important security improvements and fresh wallpapers. Find out what's new and changed on your iPhone with the iOS 17.5 update.

Cover image and screenshots by Kody/Null Byte


can you explain it in a wore better way in windows 2010

Why dont you just install any of the Security OS ? E.g Kali or Parrot OS. If you have an older PC you can install Ubuntu and only install the tools you need or the light version of Kali. If you got an newer PC you can dualboot and install Kali Linux which is abour 3.4 GB big. Most linux distros are running smoothly, even on older PCs. The best part they are opensource and for free => more individuality and for free

i have a error

how can i fix it?

Hello! try python username
or python2

I am Having the same Problem,
I gone through the few websites and they suggested that while instaling pip requiremnts
type python3 -m pip install -r requirements.txt

I tried but not worked for me, if any one find the solution please let me know.

Hello! i might be a bit late but try python username

A couple things happened. First after doing
pip3 install -r requirements.txt

I had same issue turns out had to cd to sherlock again this is where was located.

You have to load the missing php3 (Python3) modules from the package manager.
If you have Kali Linux we recommend the Synaptic Package Manager (sudo apt-get install synaptic).
There you can simply search for the missing modules. For me it was "torrequest" and "requests_futures".

If you have any outstanding questions, just write.

Translated with Google translator from Germany

I am having a similar issue with a module called "ModuleNotFoundError: No module named '_ctypes'. Can't figure out how to load it with Synaptic Package Manager. Any insight?


Figured it out! Thanks man , you Saved me!

Random question ...
How to identify actual number of a faked number
Like someone sent me a whatsapp msge from a fake mobile
How do I trace pls!!!!!

i need help. i have done everything right but whenever i input a username i get no result. it just gets stuck

Share Your Thoughts

  • Hot
  • Latest