Sherlock is a cross-platform recon automation script that streamlines web application security assessments by automating tasks like port scanning and target enumeration.
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Security professionals use Sherlock to efficiently perform the initial reconnaissance phase of web application assessments by automating scans across single or multiple targets. It helps save time by integrating tools such as nmap and enabling exclusion of specific hosts, making it ideal for penetration testers and security auditors.
Sherlock requires Rust and Cargo for installation and compilation, so users should have these prerequisites installed. The tool is still under active development with planned features like multi-threading and integration with additional scanners (Tenable, joomscan, droopescan). Users should monitor updates for new capabilities and ensure they run the latest version for best results.
Ensure Rust and Cargo are installed on your system
Clone the repository: git clone https://github.com/gbiagomba/sherlock
Navigate into the cloned directory: cd sherlock
To install via Cargo, run: cargo install --path .
Alternatively, compile from source using: cargo build --release
The optimized binary will be located in target/release directory./sherlock --target 192.168.1.1
Scan a single target IP address
./sherlock --target-file targets.txt
Scan multiple targets listed in a file
./sherlock --target-file targets.txt --exclude exclude.txt
Scan multiple targets while excluding specific hosts
make build
Build the project using the Makefile
make run
Run the project using the Makefile
make clean
Clean the project build artifacts
make test
Run tests defined in the project