1
00:00:00,510 --> 00:00:01,620
Instructor: Have you managed to download

2
00:00:01,620 --> 00:00:03,000
the Sherlock tool?

3
00:00:03,000 --> 00:00:04,560
If you did, congrats.

4
00:00:04,560 --> 00:00:06,780
If not, let's see how we can get it

5
00:00:06,780 --> 00:00:08,730
and what we can do with it.

6
00:00:08,730 --> 00:00:10,500
So if you haven't already

7
00:00:10,500 --> 00:00:13,413
open up your Firefox and type Sherlock GitHub.

8
00:00:14,490 --> 00:00:16,320
The first link should be on the original link

9
00:00:16,320 --> 00:00:19,560
of the tool that should lead you to this GitHub page.

10
00:00:19,560 --> 00:00:21,180
Once you're on the Sherlock page

11
00:00:21,180 --> 00:00:24,450
you should see all of the files that belong to this tool.

12
00:00:24,450 --> 00:00:27,270
Down here we will see the installation

13
00:00:27,270 --> 00:00:29,250
so how we can install the tool.

14
00:00:29,250 --> 00:00:31,936
And right here we will also see the usage.

15
00:00:31,936 --> 00:00:34,516
But before we check how the usage of the tool

16
00:00:34,516 --> 00:00:37,113
let us go and download Sherlock first.

17
00:00:38,160 --> 00:00:40,470
So we already know how we can do that.

18
00:00:40,470 --> 00:00:45,156
Just copy the link to this tool, open up your terminal

19
00:00:45,156 --> 00:00:50,156
and type git clone, and then paste the link of the tool.

20
00:00:51,330 --> 00:00:52,163
Press enter

21
00:00:53,040 --> 00:00:56,250
and this should automatically download the tool for us.

22
00:00:56,250 --> 00:00:59,370
We can see this tool is a lot larger than the redhawk

23
00:00:59,370 --> 00:01:02,490
since it took a little bit more time to download.

24
00:01:02,490 --> 00:01:05,190
And once it finishes downloading, we should type LS

25
00:01:05,190 --> 00:01:07,800
and we will see the Sherlock folder inside

26
00:01:07,800 --> 00:01:09,093
of our desktop directory.

27
00:01:10,020 --> 00:01:15,020
Let us navigate to that folder, and if I type LS in it

28
00:01:15,300 --> 00:01:17,103
we should see all of these files

29
00:01:17,103 --> 00:01:20,130
that we saw on this page right here.

30
00:01:20,130 --> 00:01:21,120
Good.

31
00:01:21,120 --> 00:01:22,020
Let us close this.

32
00:01:22,020 --> 00:01:24,060
We are not going to be checking anything

33
00:01:24,060 --> 00:01:25,740
on this page anymore.

34
00:01:25,740 --> 00:01:28,110
And outside of all of these files

35
00:01:28,110 --> 00:01:31,230
we want to go to this Sherlock folder.

36
00:01:31,230 --> 00:01:36,032
So if we go cd, Sherlock, and type Ls right here.

37
00:01:36,032 --> 00:01:37,890
Here is the tool.

38
00:01:37,890 --> 00:01:39,900
It is a Python tool, and we know

39
00:01:39,900 --> 00:01:43,710
that this is the tool since it is named sherlock.py.

40
00:01:43,710 --> 00:01:46,560
All these other Python files are simply just

41
00:01:46,560 --> 00:01:49,110
the additional files for this tool that is probably

42
00:01:49,110 --> 00:01:51,243
getting imported inside of this.

43
00:01:52,110 --> 00:01:53,096
So, to run this

44
00:01:53,096 --> 00:01:57,543
we can type the command Python3 and then Sherlock.

45
00:01:59,130 --> 00:02:02,401
Hmm, no module named or request.

46
00:02:02,401 --> 00:02:05,071
So this could either mean one of two things.

47
00:02:05,071 --> 00:02:08,691
This tool is supposed to be ran with Python tool

48
00:02:08,691 --> 00:02:12,780
or this module does not exist for Python three.

49
00:02:12,780 --> 00:02:16,290
And if you get an error that some module doesn't exist

50
00:02:16,290 --> 00:02:21,290
what you want to do is you want to type pip3 install

51
00:02:21,570 --> 00:02:23,430
and then the name of the module.

52
00:02:23,430 --> 00:02:24,580
So I can just copy this

53
00:02:25,590 --> 00:02:29,924
copy selection and paste it right here.

54
00:02:29,924 --> 00:02:32,343
Let's see whether we can download this module.

55
00:02:33,420 --> 00:02:35,790
And it seems that the requirement has

56
00:02:35,790 --> 00:02:37,080
already been satisfied.

57
00:02:37,080 --> 00:02:41,370
So could be that we're missing this module for Python too.

58
00:02:41,370 --> 00:02:43,860
Let's try first to run it once again

59
00:02:43,860 --> 00:02:45,930
after running this command.

60
00:02:45,930 --> 00:02:48,630
So this command actually did something, as it says

61
00:02:48,630 --> 00:02:52,530
it performed building of wheels for collected packages

62
00:02:52,530 --> 00:02:54,660
and it managed to resolve our problem.

63
00:02:54,660 --> 00:02:56,670
So now we can run the tool.

64
00:02:56,670 --> 00:02:58,200
It does give us an error right here

65
00:02:58,200 --> 00:03:00,240
but this is just a syntax error that tells us

66
00:03:00,240 --> 00:03:03,483
that some arguments are required such as usernames.

67
00:03:04,560 --> 00:03:06,330
So let me just clear the screen

68
00:03:06,330 --> 00:03:10,233
and type python3 sherlock.py once again.

69
00:03:11,130 --> 00:03:12,120
And here are all

70
00:03:12,120 --> 00:03:14,970
of the available options that we can use with Sherlock.

71
00:03:14,970 --> 00:03:16,620
But the basic usage

72
00:03:16,620 --> 00:03:20,670
of this tool is specifying python3 sherlock.py

73
00:03:20,670 --> 00:03:24,690
And then after it comes a username, what this tool will do

74
00:03:24,690 --> 00:03:27,210
with that username is it is going to search

75
00:03:27,210 --> 00:03:30,840
through bunch of different platforms for the same username.

76
00:03:30,840 --> 00:03:34,012
So if you, for example, had a username that you discovered

77
00:03:34,012 --> 00:03:38,040
for some domain or for some company and you want to discover

78
00:03:38,040 --> 00:03:40,350
whether that person has some other accounts

79
00:03:40,350 --> 00:03:42,630
with the same username, you can throw it

80
00:03:42,630 --> 00:03:44,960
in this tool and it'll find you all

81
00:03:44,960 --> 00:03:48,510
of the other accounts that have that same username.

82
00:03:48,510 --> 00:03:50,340
What are we going to use here?

83
00:03:50,340 --> 00:03:52,551
Do you remember Our Harvester tool?

84
00:03:52,551 --> 00:03:54,810
It didn't work once we tried it out

85
00:03:54,810 --> 00:03:58,030
but what I did few minutes ago is I ran the command

86
00:03:58,030 --> 00:04:01,470
on the same domain that didn't work previously

87
00:04:01,470 --> 00:04:03,360
Once we tried it before.

88
00:04:03,360 --> 00:04:05,250
I also put the source to be Twitter.

89
00:04:05,250 --> 00:04:09,510
So it managed to find 10 users that have Twitter

90
00:04:09,510 --> 00:04:12,363
and these users are discovered from this domain.

91
00:04:13,200 --> 00:04:15,390
If I go and copy any one of them

92
00:04:15,390 --> 00:04:16,899
and, let's go with key frames

93
00:04:18,600 --> 00:04:20,110
and throw it in this tool

94
00:04:22,770 --> 00:04:26,430
I should be able to discover other accounts

95
00:04:26,430 --> 00:04:28,860
that have this same username.

96
00:04:28,860 --> 00:04:31,140
So, here we already got this one.

97
00:04:31,140 --> 00:04:35,430
And by the way, this is not really a unique username.

98
00:04:35,430 --> 00:04:38,310
So it might be that this account, for example

99
00:04:38,310 --> 00:04:40,800
doesn't belong to the same person.

100
00:04:40,800 --> 00:04:43,260
But if you were to find a unique username such as

101
00:04:43,260 --> 00:04:46,800
for example, maybe this one or this one

102
00:04:46,800 --> 00:04:49,620
or even this one and throw it inside

103
00:04:49,620 --> 00:04:52,920
of this tool and you manage to discover some other accounts.

104
00:04:52,920 --> 00:04:55,800
Those accounts will probably belong to that person.

105
00:04:55,800 --> 00:04:58,290
But if the username was something like media

106
00:04:58,290 --> 00:05:01,620
and we put media inside of the Sherlock tool

107
00:05:01,620 --> 00:05:02,850
well then most likely all

108
00:05:02,850 --> 00:05:05,500
of those accounts will not belong to the same person.

109
00:05:06,690 --> 00:05:10,140
Okay, so here is our output and it managed to discover

110
00:05:10,140 --> 00:05:14,403
a bunch of other accounts that also have the same username.

111
00:05:15,900 --> 00:05:18,480
So let's try with another username.

112
00:05:18,480 --> 00:05:22,380
If I go all the way down and Control+C this then

113
00:05:22,380 --> 00:05:23,320
clear the screen

114
00:05:24,840 --> 00:05:29,117
and let's pick for example, this username copy it

115
00:05:30,641 --> 00:05:33,490
and I threw it inside of this tool once again

116
00:05:36,420 --> 00:05:37,920
let us see whether we manage to

117
00:05:37,920 --> 00:05:41,910
find another platform that has this same account.

118
00:05:41,910 --> 00:05:45,603
So it seems that most of them are giving us not found.

119
00:05:46,680 --> 00:05:50,160
Let's wait for final results, and here they are.

120
00:05:50,160 --> 00:05:53,400
So we already get the output for Wikipedia.

121
00:05:53,400 --> 00:05:55,200
We got our username that we discovered

122
00:05:55,200 --> 00:05:57,120
from the Twitter profile.

123
00:05:57,120 --> 00:05:59,880
If I go all the way up, let's see whether we manage to

124
00:05:59,880 --> 00:06:01,380
find something else.

125
00:06:01,380 --> 00:06:05,370
And it seems that all of the others have not found.

126
00:06:05,370 --> 00:06:08,370
And here is also a cash.me profile with the same username.

127
00:06:08,370 --> 00:06:12,000
So that is another result that we manage to gather.

128
00:06:12,000 --> 00:06:12,833
Okay, great.

129
00:06:12,833 --> 00:06:16,290
So that would basically be it for this tool.

130
00:06:16,290 --> 00:06:19,050
Now another thing that this tool does is it also

131
00:06:19,050 --> 00:06:20,700
saves our results in a file.

132
00:06:20,700 --> 00:06:25,660
So if I go and Control+C this, clear the screen and type Ls

133
00:06:27,480 --> 00:06:29,610
oh, nevermind, it seems that it didn't save it.

134
00:06:29,610 --> 00:06:32,553
Maybe if we specified an option.

135
00:06:35,250 --> 00:06:37,530
For it to save, let us run the help menu.

136
00:06:37,530 --> 00:06:39,630
No such far directory.

137
00:06:39,630 --> 00:06:42,870
Yeah, that's because we are in wrong folders.

138
00:06:42,870 --> 00:06:45,060
So let me go to the Sherlock folder

139
00:06:45,060 --> 00:06:50,060
and run the Python3 sherlock.py -- help.

140
00:06:50,280 --> 00:06:51,113
And yeah

141
00:06:51,113 --> 00:06:54,270
we actually probably had to run this output command.

142
00:06:54,270 --> 00:06:57,000
And after the output we specify the file name

143
00:06:57,000 --> 00:07:00,090
and the output of the result will be saved to this file.

144
00:07:00,090 --> 00:07:01,740
So it doesn't save it by default.

145
00:07:02,790 --> 00:07:05,820
And you can also check out other options as well.

146
00:07:05,820 --> 00:07:08,340
But the purpose of this in previous video was to figure

147
00:07:08,340 --> 00:07:10,500
out how we can download additional tools.

148
00:07:10,500 --> 00:07:12,030
You might never use this tool again

149
00:07:12,030 --> 00:07:13,440
or you might use it every time.

150
00:07:13,440 --> 00:07:16,560
It depends on which type of penetration test you perform

151
00:07:16,560 --> 00:07:19,469
and what kind of strategy you plan for your attacks.

152
00:07:19,469 --> 00:07:21,330
But it is always good to have a bunch

153
00:07:21,330 --> 00:07:24,210
of different tools and options that you can use.

154
00:07:24,210 --> 00:07:26,956
Now that we know how we can download tools from GitHub

155
00:07:26,956 --> 00:07:29,430
every time a certain tool breaks

156
00:07:29,430 --> 00:07:31,740
or you don't get the desired result

157
00:07:31,740 --> 00:07:33,882
with some tool, you can go to GitHub and try to

158
00:07:33,882 --> 00:07:37,493
find a similar tool that will give you bad results.

159
00:07:37,493 --> 00:07:38,670
Okay, good.

160
00:07:38,670 --> 00:07:39,994
So in the next video

161
00:07:39,994 --> 00:07:42,360
I will give you a bonus tool that I created

162
00:07:42,360 --> 00:07:45,720
in Python3 that will be able to gather much more emails

163
00:07:45,720 --> 00:07:48,423
than the already built in tools in Cal Linux.