Skip to content

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

License

Notifications You must be signed in to change notification settings

gbiagomba/Sherlock

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

alt tag

Sherlock - Web Inspector

GitHub Tip Me via PayPal

Background/Lore

Sherlock is a powerful recon automation tool designed to streamline the early phases of web application security assessments. Named after the legendary detective, it automates tasks like target scanning, excluding specific hosts, and more. With Sherlock, security professionals can perform their investigations efficiently while focusing on critical vulnerabilities.

Features

  • Single target scanning (--target or -t).
  • Multi-target scanning from file (--target-file or -f).
  • Ability to exclude specific targets from scans (--exclude or -e).
  • Cross-platform support (Linux, macOS, Windows).
  • Efficient automation of recon tasks like port scanning (using nmap).
  • Open-source and extendable.

Installation

Using Cargo

If you have Rust and Cargo installed, you can easily install Sherlock by running:

cargo install --path .

Compiling from source

To compile Sherlock from the source code, first ensure that Rust is installed. Then, run the following commands:

git clone https://github.com/gbiagomba/sherlock
cd sherlock
cargo build --release

This will generate an optimized binary located in the target/release directory.

Usage

Examples

  • Scan a single target:
    ./sherlock --target 192.168.1.1
  • Scan multiple targets from a file:
    ./sherlock --target-file targets.txt
  • Scan multiple targets while excluding specific ones:
    ./sherlock --target-file targets.txt --exclude exclude.txt

Using the Makefile

  • Build the project:
    make build
  • Run the project:
    make run
  • Clean the project:
    make clean
  • Run tests:
    make test

TODO

  • Add multi-thread parallel processing
  • Limit amount of data stored to disk, use more variables
  • Add Tenable API scanning/support [Queued]
  • Add joomscan & droopescan scan [Queued]
  • Add function to check if the script is running on latest version [inprogress]
  • Add exclusion list config file
  • Add flag support
  • Convert sherlock to rust lang

Contributing

We welcome contributions! Please follow the standard GitHub workflow:

  1. Fork the repository.
  2. Create a new feature branch.
  3. Submit a pull request after testing your changes.

Feel free to open issues or suggest improvements.

License

Sherlock is licensed under the GPL-3.0 License. For more information, see the LICENSE file.

Outtro

           ."""-.
          /      \
          |  _..--'-.
          >.`__.-"";"`
         / /(     ^\    (
         '-`)     =|-.   )s
          /`--.'--'   \ .-.
        .'`-._ `.\    | J /
  jgs  /      `--.|   \__/