Sherlock is a powerful recon automation tool designed to streamline the early phases of web application security assessments. Named after the legendary detective, it automates tasks like target scanning, excluding specific hosts, and more. With Sherlock, security professionals can perform their investigations efficiently while focusing on critical vulnerabilities.
- Single target scanning (
--target
or-t
). - Multi-target scanning from file (
--target-file
or-f
). - Ability to exclude specific targets from scans (
--exclude
or-e
). - Cross-platform support (Linux, macOS, Windows).
- Efficient automation of recon tasks like port scanning (using nmap).
- Open-source and extendable.
If you have Rust and Cargo installed, you can easily install Sherlock by running:
cargo install --path .
To compile Sherlock from the source code, first ensure that Rust is installed. Then, run the following commands:
git clone https://github.com/gbiagomba/sherlock
cd sherlock
cargo build --release
This will generate an optimized binary located in the target/release
directory.
- Scan a single target:
./sherlock --target 192.168.1.1
- Scan multiple targets from a file:
./sherlock --target-file targets.txt
- Scan multiple targets while excluding specific ones:
./sherlock --target-file targets.txt --exclude exclude.txt
- Build the project:
make build
- Run the project:
make run
- Clean the project:
make clean
- Run tests:
make test
- Add multi-thread parallel processing
- Limit amount of data stored to disk, use more variables
- Add Tenable API scanning/support [Queued]
- Add joomscan & droopescan scan [Queued]
- Add function to check if the script is running on latest version [inprogress]
- Add exclusion list config file
- Add flag support
- Convert sherlock to rust lang
We welcome contributions! Please follow the standard GitHub workflow:
- Fork the repository.
- Create a new feature branch.
- Submit a pull request after testing your changes.
Feel free to open issues or suggest improvements.
Sherlock is licensed under the GPL-3.0 License. For more information, see the LICENSE file.
."""-.
/ \
| _..--'-.
>.`__.-"";"`
/ /( ^\ (
'-`) =|-. )s
/`--.'--' \ .-.
.'`-._ `.\ | J /
jgs / `--.| \__/