1 00:00:00,520 --> 00:00:04,230 Have you managed to download the show like two, if you did, congrats. 2 00:00:04,580 --> 00:00:08,260 If not, let's see how we can get it and what we can do with it. 3 00:00:08,720 --> 00:00:13,520 So if you haven't already open up your Firefox and type Sherlock GitHub. 4 00:00:14,470 --> 00:00:18,940 The first thing should be at the original link of the tool that should lead you to this GitHub page, 5 00:00:19,550 --> 00:00:25,140 once you're on the Sherlock page, you should see all of the files that belong to this tool down here. 6 00:00:25,420 --> 00:00:28,690 We will see the installation so how we can install the tool. 7 00:00:29,170 --> 00:00:31,500 And right here we will also see the usage. 8 00:00:32,230 --> 00:00:36,970 But before we check out the usage of the tool, let us go and download Sherlock first. 9 00:00:38,150 --> 00:00:42,740 So we already know how we can do that, just copy the link to this to. 10 00:00:43,780 --> 00:00:50,040 Open up your terminal and type git clone and then based on the total. 11 00:00:51,410 --> 00:00:55,950 Press enter, and this should automatically download it tool for us. 12 00:00:56,240 --> 00:01:01,970 We can see this tool is a lot larger than the Redhawk since it took a little bit more time to download. 13 00:01:02,450 --> 00:01:07,910 And once it finishes downloading, we should type less and we will see the Sherlock folder inside of 14 00:01:07,910 --> 00:01:08,960 our desktop directory. 15 00:01:10,020 --> 00:01:11,550 Let us navigate to that folder. 16 00:01:12,600 --> 00:01:19,590 And if I type else in it, we should see all of these files that we saw on this page right here. 17 00:01:20,130 --> 00:01:20,460 Good. 18 00:01:21,100 --> 00:01:22,010 Let us close this. 19 00:01:22,020 --> 00:01:25,230 We are not going to be checking anything on this page anymore. 20 00:01:25,680 --> 00:01:30,890 And I would say all of these files, we want to go to this Sherlock folder. 21 00:01:31,230 --> 00:01:37,530 So if we go Sherlock and type files right here, here is the tool. 22 00:01:37,890 --> 00:01:39,300 It is a python tool. 23 00:01:39,300 --> 00:01:43,000 And we know that this is the tool since it is named Sherlock DCPI. 24 00:01:43,710 --> 00:01:49,560 All these other Python files are simply just the additional files for this tool that is probably getting 25 00:01:49,560 --> 00:01:51,120 imported inside of this. 26 00:01:52,110 --> 00:01:57,420 So to run this, we can type the comment Python three and then Sherlock. 27 00:01:59,080 --> 00:02:07,120 Hmmm, no module named to request, so this could either mean one of two things the tool is supposed 28 00:02:07,120 --> 00:02:12,210 to be ran with Python two or this module does not exist for Python three. 29 00:02:12,700 --> 00:02:19,540 And if you get an error that some module doesn't exist, what you want to do is you want to type three 30 00:02:20,470 --> 00:02:23,290 install and then the name of the module. 31 00:02:23,410 --> 00:02:28,990 So I can just copy this copy selection and paste it right here. 32 00:02:30,220 --> 00:02:32,230 Let's see whether we can download this module. 33 00:02:33,350 --> 00:02:38,960 And it seems that the requirement has already been satisfied, so it could be that we're missing this 34 00:02:38,960 --> 00:02:45,300 module for Python to let's try first to run it once again after running this comment. 35 00:02:45,920 --> 00:02:52,070 So this comment actually did something as it says, it performed a building of wills for collect packages 36 00:02:52,460 --> 00:02:54,630 and it managed to resolve our problem. 37 00:02:54,650 --> 00:02:56,090 So now we can run the tool. 38 00:02:56,660 --> 00:02:58,220 It does give us an error right here. 39 00:02:58,220 --> 00:03:03,320 But this is just a syntax error that tells us that some arguments are required, such as usernames. 40 00:03:04,580 --> 00:03:10,070 So let me just clear the screen and type Python three Sherlock Dogpile once again. 41 00:03:11,070 --> 00:03:16,830 And here are all of the available options that we can use, which are luck, but the basic usage of 42 00:03:16,830 --> 00:03:20,210 this tool is specifying Python three Sherlock up. 43 00:03:20,610 --> 00:03:23,000 And then after it comes a username. 44 00:03:23,370 --> 00:03:28,860 What this tool will do with that username is it is going to search through a bunch of different platforms 45 00:03:28,860 --> 00:03:30,220 for the same username. 46 00:03:30,810 --> 00:03:37,170 So if you, for example, had a username that you discovered for some domain or for some company, and 47 00:03:37,170 --> 00:03:42,510 you want to discover whether that person has some other accounts with the same username, you can throw 48 00:03:42,510 --> 00:03:47,790 it in this tool and it will find you all the other accounts that have that same username. 49 00:03:48,450 --> 00:03:49,660 What are we going to use here? 50 00:03:50,370 --> 00:03:52,040 Do you remember our harvester tool? 51 00:03:52,950 --> 00:03:54,840 It didn't work once we tried it out. 52 00:03:54,840 --> 00:04:01,280 But what it did a few minutes ago is I ran the command on the same domain that didn't work previously. 53 00:04:01,440 --> 00:04:02,600 Once we tried it before. 54 00:04:03,270 --> 00:04:05,210 I also put the source to be Twitter. 55 00:04:05,220 --> 00:04:12,240 So it managed to find 10 users that have Twitter and these users are discovered from this domain. 56 00:04:13,180 --> 00:04:16,810 If I go and copy any one of them and let's go with keyframes. 57 00:04:18,560 --> 00:04:20,030 And throw it in this tool. 58 00:04:22,760 --> 00:04:28,380 I should be able to discover other accounts that have this same username. 59 00:04:28,880 --> 00:04:30,450 So here we already got this one. 60 00:04:31,070 --> 00:04:35,480 And by the way, this is not really a unique username. 61 00:04:35,480 --> 00:04:40,210 So it might be that this account, for example, doesn't belong to the same person. 62 00:04:40,760 --> 00:04:47,570 But if you were to find a unique username, such as, for example, maybe this one or this one or even 63 00:04:47,570 --> 00:04:53,270 this one, and throw it inside of this tool and you managed to discover some other accounts, those 64 00:04:53,270 --> 00:04:55,280 accounts will probably belong to that person. 65 00:04:55,770 --> 00:05:02,300 But if the username was something like media and we put media inside of Destructo, well, then most 66 00:05:02,300 --> 00:05:05,230 likely all of those accounts will not belong to the same person. 67 00:05:06,620 --> 00:05:13,580 OK, so here is our output, and it managed to discover a bunch of other accounts that also have the 68 00:05:13,580 --> 00:05:14,300 same username. 69 00:05:15,880 --> 00:05:22,840 So let's try with another username, if I go all the way down and control, see this, then clear the 70 00:05:22,840 --> 00:05:23,260 screen. 71 00:05:24,750 --> 00:05:28,410 And let's pick, for example, this username. 72 00:05:29,690 --> 00:05:33,440 Kopit and I threw it inside of the school once again. 73 00:05:36,410 --> 00:05:41,030 Let us see whether we managed to find another platform that has this same account. 74 00:05:41,900 --> 00:05:45,500 So it seems that most of them are giving us not found. 75 00:05:46,660 --> 00:05:53,860 Let's wait for final results, and here they are, so we already get the output for Wikipedia, we got 76 00:05:53,860 --> 00:05:56,310 our username that we discovered from the Twitter profile. 77 00:05:57,100 --> 00:06:00,970 If I go all the way up, let's see whether we manage to find something else. 78 00:06:01,300 --> 00:06:05,080 And it seems that all of the others have not found. 79 00:06:05,320 --> 00:06:08,410 And here is also Kaspi profile with the same username. 80 00:06:08,420 --> 00:06:11,080 So that is another result that we manage together. 81 00:06:11,950 --> 00:06:12,670 OK, great. 82 00:06:12,680 --> 00:06:15,400 So that would basically be it for this tool. 83 00:06:16,240 --> 00:06:20,490 Now, another thing that this tool does is it also saves our results in a file. 84 00:06:20,710 --> 00:06:25,600 So if I go and see this through the screen and type Altez. 85 00:06:27,430 --> 00:06:32,440 Oh, never mind, it seems that it didn't save it, maybe if we specified an option 86 00:06:35,260 --> 00:06:37,330 for it to save, let us run the help menu. 87 00:06:37,530 --> 00:06:39,230 No such for directory. 88 00:06:39,580 --> 00:06:42,850 Yeah, that's because we are in the wrong folder. 89 00:06:42,850 --> 00:06:47,770 So let me go to the Sherlock folder and find the Python three Sherlock. 90 00:06:48,100 --> 00:06:49,480 Why does that help? 91 00:06:50,260 --> 00:06:56,230 And yeah, we actually probably had to run this output command and after the output we specified the 92 00:06:56,230 --> 00:07:01,630 filename and the output of the result will be saved to this file so it doesn't save it by default. 93 00:07:02,720 --> 00:07:08,090 And you can also check out other options as well, but the purpose of this and previous video was to 94 00:07:08,090 --> 00:07:10,220 figure out how we can download additional tools. 95 00:07:10,460 --> 00:07:13,460 You might never use this tool again or you might use it every time. 96 00:07:13,460 --> 00:07:18,710 It depends on which type of penetration test you perform and what kind of strategy you planned for your 97 00:07:18,710 --> 00:07:19,220 attacks. 98 00:07:19,850 --> 00:07:23,450 But it is always good to have a bunch of different tools and options that you can use. 99 00:07:24,140 --> 00:07:29,990 Now that we know how we can download tools from GitHub every time a certain tool breaks or you don't 100 00:07:29,990 --> 00:07:35,810 get the desired result with some tool, you can go to GitHub and try to find a similar tool that will 101 00:07:35,810 --> 00:07:37,100 give you better results. 102 00:07:37,880 --> 00:07:38,630 OK, good. 103 00:07:38,660 --> 00:07:43,130 So in the next video, I will give you a bonus tool that I created in Python three. 104 00:07:43,410 --> 00:07:48,260 It will be able to gather much more emails than the already built in tools in Linux.