Skip to content

SECTION 1 — Practical Exercises / Challenges (Beginner → Advanced)

Challenge 1 — Beginner

Goal: Run Sherlock and understand results

  1. Pick a username (yours or a test one).
  2. Run Sherlock:
python3 sherlock username --output beginner.txt
  1. Open the file and check all ✔️ results.
  2. Manually verify 2–3 profiles: bio, profile picture, posts, links.

Outcome: You understand what exists online and how to verify it.

Challenge 2 — Intermediate

Goal: Correlate multiple usernames

  1. Pick 2–3 variations of the same username.
python3 sherlock username username2 username3 --json --tor

  1. Check patterns:

  2. Profile pictures

  3. Bio similarities
  4. Links

  5. Activity time zones

  6. Write a mini OSINT report (3–5 lines) describing if accounts likely belong to the same person.

Challenge 3 — Advanced

Goal: Extend Sherlock and automate reports

  1. Add a custom website to data.json:
"mytestsite": {
    "url": "https://mytestsite.com/{username}",
    "errorType": "status_code",
    "errorMsg": 404
}
  1. Run Sherlock with JSON output and Tor:
python3 sherlock username --json --output advanced.json --tor
  1. Create a Python script to parse JSON and generate a clean report:
import json

with open("advanced.json") as f:
    data = json.load(f)

print("OSINT Report\n------------")
for site, info in data.items():
    if info['status'] == "Found":
        print(f"{site}: {info['url']}")

Outcome: You now have a custom report for any investigation.

SECTION 2 — Deep-Dive OSINT Case Study

Scenario: Track the digital footprint of a brand or persona.

  1. Choose a target username (brand or alias).
  2. Run Sherlock for multiple username variations.
  3. Use Holehe to check linked emails:
holehe email@example.com
  1. Use WhatsMyName as a secondary search (different database).

  2. Compare results and correlate accounts across platforms:

  3. Same profile images

  4. Same bios
  5. Same links

Pro tip: Document everything in a timeline spreadsheet: platform, username, first seen, notes.

Outcome: You have a full digital footprint map, ready to detect impersonation or fraud.

SECTION 3 — Automation Scripts for Faster Investigations

Goal: Automate searches and report generation.

Python Script Example

import json, subprocess

usernames = ["njoxlee", "lee_njox"]
output_file = "auto_report.json"

# Run Sherlock for each username
for u in usernames:
    subprocess.run(f"python3 sherlock {u} --json --output {output_file}", shell=True)

# Parse JSON and print report
with open(output_file) as f:
    data = json.load(f)

print("Automated OSINT Report")
for site, info in data.items():
    if info['status'] == "Found":
        print(f"{site}: {info['url']}")

Outcome: One command runs multiple searches and outputs a ready report.

SECTION 4 — Pro Tips

1. Spotting Fake Accounts

  • Check for recently created accounts with few posts.
  • Same profile pictures reused across multiple accounts.
  • Inconsistent bios or spelling mistakes.
  • Low interaction with followers/friends.

2. Correlation Patterns

  • Look for username patterns (njoxlee, njox_lee, lee_njox).
  • Similar posting times → same timezone.
  • Same links → indicates ownership.
  • Same profile picture style across platforms.

3. Alerts for New Accounts

  • Schedule Sherlock to run weekly on usernames you track:
python3 sherlock username --output weekly_report.json
  • Compare JSON files using a Python script to detect new found accounts.

Action Plan for Today

  1. Pick a username or brand.
  2. Run Sherlock with multiple variations + Tor.
  3. Verify found accounts manually.
  4. Use Holehe or WhatsMyName for secondary checks.
  5. Generate an automated report with Python.
  6. Document correlations and suspicious accounts.