Back to Blog

Sherlock: Hunt Down Social Media Accounts by Username Across 400+ Sites

Notion
6 min read
Kali-ToolTutorialCybersecuritySecurityPrivacy

What is Sherlock?

Sherlock is a powerful open-source OSINT tool that hunts down social media accounts by username across 400+ websites simultaneously. Given a username, Sherlock checks hundreds of platforms — from mainstream sites like Twitter, Instagram, and Reddit to niche forums, gaming platforms, and developer communities — and reports back which ones have an account with that exact username.

In OSINT investigations, Sherlock is a critical early-stage tool. A single username can be the thread that unravels an entire online identity. People tend to reuse usernames across platforms, and Sherlock exploits this pattern to map a subject's digital footprint in seconds.

Legal Notice: Only use Sherlock for legitimate OSINT purposes such as security research, authorized investigations, or checking your own digital footprint. Do not use it for harassment, stalking, or any illegal activity.

Installation

On Kali Linux

sudo apt update && sudo apt install sherlock

Or install via pip for the latest version:

pip install sherlock-project

Verify Installation

sherlock --version

Expected Output:

Sherlock v0.16.0

Install from GitHub (Latest Dev Version)

git clone https://github.com/sherlock-project/sherlock.git
cd sherlock
pip install -r requirements.txt
python3 sherlock.py --version

Core Concepts

Sherlock works by sending HTTP requests to hundreds of websites and checking if a profile page exists for the given username. It uses three detection methods:

  • Status Code — Checks if the profile URL returns HTTP 200 (exists) vs 404 (not found)
  • Response Body — Looks for specific error messages in the page content
  • Response URL — Checks if the site redirects to a different page (indicating the username doesn't exist) False positives can occur when sites return 200 for all usernames (showing a "user not found" page with a 200 status). Sherlock continuously updates its site database to minimize these.

Basic Usage

Search for a Single Username

sherlock johndoe

Expected Output:

[*] Checking username johndoe on:
 
[+] 7Cups: https://www.7cups.com/@johndoe
[+] About.me: https://about.me/johndoe
[+] Academia.edu: https://independent.academia.edu/johndoe
[+] AllMyLinks: https://allmylinks.com/johndoe
[+] Apple Developer: https://developer.apple.com/forums/profile/johndoe
[+] ArtStation: https://www.artstation.com/johndoe
[+] Bandcamp: https://www.bandcamp.com/johndoe
[+] BitBucket: https://bitbucket.org/johndoe/
[+] Blogger: https://johndoe.blogspot.com
[+] BuyMeACoffee: https://buymeacoffee.com/johndoe
[+] Chess.com: https://www.chess.com/member/johndoe
[+] Codecademy: https://www.codecademy.com/profiles/johndoe
[+] Codeberg: https://codeberg.org/johndoe
[+] DEV Community: https://dev.to/johndoe
[+] DeviantArt: https://johndoe.deviantart.com
[+] Disqus: https://disqus.com/by/johndoe/
[+] Dribbble: https://dribbble.com/johndoe
[+] Duolingo: https://www.duolingo.com/profile/johndoe
[+] Fiverr: https://www.fiverr.com/johndoe
[+] Flickr: https://www.flickr.com/people/johndoe
[+] GitHub: https://www.github.com/johndoe
[+] GitLab: https://gitlab.com/johndoe
[+] Gravatar: http://en.gravatar.com/johndoe
[+] HackerOne: https://hackerone.com/johndoe
[+] HackerRank: https://hackerrank.com/johndoe
[+] Instagram: https://www.instagram.com/johndoe
[+] Keybase: https://keybase.io/johndoe
[+] Kickstarter: https://www.kickstarter.com/profile/johndoe
[+] Letterboxd: https://letterboxd.com/johndoe
[+] LinkedIn: https://www.linkedin.com/in/johndoe
[+] Medium: https://medium.com/@johndoe
[+] npm: https://www.npmjs.com/~johndoe
[+] Patreon: https://www.patreon.com/johndoe
[+] Pinterest: https://www.pinterest.com/johndoe/
[+] Reddit: https://www.reddit.com/user/johndoe
[+] Replit: https://replit.com/@johndoe
[+] Scribd: https://www.scribd.com/johndoe
[+] Slack: https://johndoe.slack.com
[+] SlideShare: https://slideshare.net/johndoe
[+] Snapchat: https://www.snapchat.com/add/johndoe
[+] SoundCloud: https://soundcloud.com/johndoe
[+] Spotify: https://open.spotify.com/user/johndoe
[+] Steam: https://steamcommunity.com/id/johndoe
[+] Telegram: https://t.me/johndoe
[+] TikTok: https://tiktok.com/@johndoe
[+] Twitch: https://www.twitch.tv/johndoe
[+] Twitter: https://x.com/johndoe
[+] Vimeo: https://vimeo.com/johndoe
[+] YouTube: https://www.youtube.com/@johndoe
 
[*] Results: 49 found across 400+ sites
[*] Saved to: johndoe.txt

Search Multiple Usernames at Once

sherlock johndoe janedoe hacker42

Sherlock creates a separate results file for each username.

Show Only Found Results

sherlock --print-found johndoe

Hides the [-] Not Found lines, showing only confirmed accounts.

Output Options

Save Results to Specific File

sherlock --output results/johndoe_report.txt johndoe

Save as CSV

sherlock --csv johndoe

Creates johndoe.csv with columns: username, name, url_main, url_user, exists, http_status, response_time

Save as XLSX (Excel)

sherlock --xlsx johndoe

Save to Specific Output Folder

sherlock --folderoutput ./osint_results/ johndoe janedoe

All result files get saved into the specified directory.

Filtering and Customization

Search Only Specific Sites

sherlock --site github --site twitter --site reddit johndoe

Set Request Timeout

sherlock --timeout 10 johndoe

Default timeout is 60 seconds per site. Lower it for faster scans.

Use a Proxy (Tor or SOCKS)

sherlock --proxy socks5://127.0.0.1:9050 johndoe

Route all requests through Tor for anonymity.

Use Tor Directly

sherlock --tor johndoe

Requires Tor to be running on your system.

Browse Results in Browser

sherlock --browse johndoe

Automatically opens every found profile URL in your default browser.

List All Supported Sites

sherlock --site-list

Outputs all 400+ sites that Sherlock checks.

Real-World OSINT Workflows

Workflow 1: Map a Subject's Digital Footprint

Given a username discovered during an investigation:

# Step 1: Run Sherlock with CSV output
sherlock --csv --print-found target_username
 
# Step 2: Review results
cat target_username.csv
 
# Step 3: Check variations of the username
sherlock --csv --print-found target_username target_username1 target_username_ targetusername

Workflow 2: Cross-Reference Multiple Usernames

If you've found multiple usernames linked to the same person:

# Search all known aliases
sherlock --folderoutput ./investigation/ --csv \
  alias1 alias2 alias3 alias4
 
# Compare results to find overlapping platforms
comm -12 <(sort alias1.txt) <(sort alias2.txt)

Workflow 3: Your Own OPSEC Audit

Check your own exposure:

# See where your username exists
sherlock --print-found --csv your_username
 
# Review and decide which accounts to deactivate
cat your_username.csv | grep "True" | wc -l

Workflow 4: Combine with Other OSINT Tools

# Step 1: Sherlock finds the GitHub profile
sherlock --site github target_user
 
# Step 2: Clone their repos and search for secrets
git clone https://github.com/target_user/repo.git
grep -r "API_KEY\|SECRET\|PASSWORD" repo/
 
# Step 3: Check email from git commits
cd repo && git log --format='%ae' | sort -u

Handling False Positives

Sherlock can produce false positives. Here's how to verify:

Quick verification methods:

  • Open the URL in a browser — does a real profile appear?

  • Check the HTTP status code: curl -o /dev/null -s -w "%{http_code}" URL

  • Look for signs of activity (posts, followers, join date) Common false positive patterns:

  • Sites that return 200 for every URL (e.g., some forum platforms)

  • Reserved/placeholder profiles with no actual activity

  • Sites behind login walls where the profile page loads but is empty

Useful Flags Reference

Summary

Sherlock is a fast, focused OSINT tool that answers one critical question: "Where else does this username exist on the internet?" It's an essential early-stage tool in any investigation pipeline. Combined with other tools like theHarvester (for email discovery) and Maltego (for relationship mapping), Sherlock helps build a comprehensive picture of someone's online presence.

Key Takeaways:

  • Use sherlock username for a quick sweep across 400+ sites
  • Use --print-found to filter noise and see only confirmed accounts
  • Use --csv for structured output you can analyze programmatically
  • Use --proxy or --tor for anonymous reconnaissance
  • Always verify results manually to filter out false positives
  • Run against username variations (underscores, numbers, abbreviations)
Sherlock: Hunt Down Social Media Accounts by Username Across 400+ Sites | Abishek Lakandri