Skip to content
/ Sherlock Public

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

License

GPL-3.0 license
82 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gbiagomba/Sherlock

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

284 Commits
.github/workflows
.github/workflows
 
 
img
img
 
 
legacy
legacy
 
 
rsc
rsc
 
 
src
src
 
 
CHANGELOG.MD
CHANGELOG.MD
 
 
Cargo.toml
Cargo.toml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

alt tag

Sherlock - Web Inspector

GitHub Tip Me via PayPal

Background/Lore

Sherlock is a powerful recon automation tool designed to streamline the early phases of web application security assessments. Named after the legendary detective, it automates tasks like target scanning, excluding specific hosts, and more. With Sherlock, security professionals can perform their investigations efficiently while focusing on critical vulnerabilities.

Features

  • Single target scanning (--target or -t).
  • Multi-target scanning from file (--target-file or -f).
  • Ability to exclude specific targets from scans (--exclude or -e).
  • Cross-platform support (Linux, macOS, Windows).
  • Efficient automation of recon tasks like port scanning (using nmap).
  • Open-source and extendable.

Installation

Using Cargo

If you have Rust and Cargo installed, you can easily install Sherlock by running:

cargo install --path .

Compiling from source

To compile Sherlock from the source code, first ensure that Rust is installed. Then, run the following commands:

git clone https://github.com/gbiagomba/sherlock
cd sherlock
cargo build --release

This will generate an optimized binary located in the target/release directory.

Usage

Examples

  • Scan a single target: 
    ./sherlock --target 192.168.1.1
  • Scan multiple targets from a file: 
    ./sherlock --target-file targets.txt
  • Scan multiple targets while excluding specific ones: 
    ./sherlock --target-file targets.txt --exclude exclude.txt

Using the Makefile

  • Build the project: 
    make build
  • Run the project: 
    make run
  • Clean the project: 
    make clean
  • Run tests: 
    make test

TODO

  • Add multi-thread parallel processing
  • Limit amount of data stored to disk, use more variables
  • Add Tenable API scanning/support [Queued]
  • Add joomscan & droopescan scan [Queued]
  • Add function to check if the script is running on latest version [inprogress]
  • Add exclusion list config file
  • Add flag support
  • Convert sherlock to rust lang

Contributing

We welcome contributions! Please follow the standard GitHub workflow:

  1. Fork the repository.
  2. Create a new feature branch.
  3. Submit a pull request after testing your changes.

Feel free to open issues or suggest improvements.

License

Sherlock is licensed under the GPL-3.0 License. For more information, see the LICENSE file.

Outtro

           ."""-.
          /      \
          |  _..--'-.
          >.`__.-"";"`
         / /(     ^\    (
         '-`)     =|-.   )s
          /`--.'--'   \ .-.
        .'`-._ `.\    | J /
  jgs  /      `--.|   \__/

About

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Topics

security security-audit sherlock cybersecurity web-security cyber-security security-scanner red-team security-automation security-tools websecurity web-sec-scanner security-testing red-team-engagement redteaming websec redteam red-teaming security-team

Resources

Readme

License

GPL-3.0 license
Activity

Stars

82 stars

Watchers

6 watching

Forks

15 forks
Report repository

Releases 1

v2.0.0-dev Latest
Sep 23, 2024

Packages

 
 
 

Contributors 2

Languages