aicoolies logo

Sherlock

Hunt down social media accounts by username across 400+ platforms

Share
open-sourceOpen Source
Visit Website →

Sherlock is a Python CLI tool that searches for a given username across 400+ social networks and websites simultaneously. It is widely used in OSINT investigations, security audits, red teaming exercises, and digital footprint analysis. Sherlock is included in Kali Linux and Parrot Security distributions and has over 76,000 GitHub stars, making it one of the most popular open-source security tools.

Sherlock is an open-source command-line intelligence tool that automates username enumeration across hundreds of online platforms. Given a username, it systematically queries over 400 social networks, forums, coding platforms, and web services to determine where accounts with that name exist. The results include direct URLs to discovered profiles, making it an essential utility for security professionals conducting reconnaissance, penetration testers mapping attack surfaces, and investigators performing digital forensics.

The tool operates by maintaining a curated database of site definitions, each specifying how to detect account existence through HTTP status codes, response content patterns, or redirect behavior. This approach yields high accuracy with minimal false positives compared to naive URL guessing. Sherlock supports concurrent requests for fast enumeration, proxy routing for operational security, output in multiple formats including CSV and JSON, and Tor network integration for anonymous lookups.

Sherlock has become a standard component in security-focused Linux distributions including Kali Linux and is referenced in OSINT training curricula worldwide. With over 76,000 GitHub stars, it is one of the highest-traction open-source security tools in existence. The project is MIT licensed and maintained by an active community. Beyond pure security use cases, developers use Sherlock for brand protection monitoring, pre-registration username availability checks, and building automated identity verification pipelines.

Pricing

Free and open-source under MIT license

Platforms

Windows, Linux, macOS (Python CLI)

Categories

Tags

Use Cases

Alternatives

Gitleaks logo

Gitleaks

Open-source secret detection for Git repositories

Gitleaks is an open-source secret scanner with 27K+ GitHub stars that detects hardcoded passwords, API keys, tokens, and private keys in Git repositories, files, directories, and full Git history. It integrates via GitHub Actions, pre-commit hooks, CI/CD pipelines, and single-binary local scans.

open-sourceOpen Source
osv-scanner logo

osv-scanner

Google's vulnerability scanner using the OSV database

OSV-Scanner is Google's official open-source vulnerability scanner that checks your project's dependencies against the OSV.dev database — the largest open vulnerability database covering all major ecosystems. Written in Go, it supports lockfiles from npm, pip, Maven, Cargo, Go modules, and more, providing actionable remediation guidance and CI/CD integration for automated security scanning.

open-sourceOpen Source
Trivy logo

Trivy

Comprehensive open-source vulnerability scanner

Trivy is an open-source vulnerability scanner with 24K+ GitHub stars by Aqua Security that scans container images, file systems, Git repositories, Kubernetes clusters, and IaC configurations for security issues. Detects OS package and language-specific vulnerabilities, misconfigurations, secrets, and license violations in a single tool. Runs as a simple CLI with zero configuration needed. Supports SBOM generation, VEX for vulnerability filtering, and CI/CD integration.

open-sourceOpen Source
Semgrep logo

Semgrep

Fast open-source SAST with custom rules

Semgrep is an AppSec platform with a widely used open-source engine for readable code rules plus commercial SAST, supply-chain and secrets workflows. Current product positioning emphasizes AI-assisted detection, triage and remediation, CI/pull-request integration and managed governance for security teams.

open-sourceOpen Source

Related Tools

Agent Governance Toolkit logo

Agent Governance Toolkit

Microsoft’s public-preview runtime governance toolkit for policy, identity, sandboxing, audit, and MCP security around AI agents.

Agent Governance Toolkit is Microsoft’s MIT-licensed public-preview toolkit for governing AI agent runtimes. It adds policy enforcement, zero-trust identity, execution sandboxing, audit, reliability, and MCP security-gateway patterns around tool calls and autonomous actions, helping platform teams move beyond prompt-only guardrails while preserving architecture review requirements.

open-sourceOpen SourceTelemetry
Baz logo

Baz

Telemetry-aware AI code reviewer that checks how pull requests may affect real services.

Baz is an AI code-review platform focused on production-aware pull requests. Instead of only reading the diff, Baz connects code changes to application telemetry so reviewers can understand what endpoints, services, and runtime behavior may be affected. That makes it a useful complement to existing AI PR bots when the question is not just whether a change looks correct, but whether it could break a live system.

freemiumTelemetry
rampart

Rampart

Microsoft’s pytest-native red teaming framework for turning AI agent safety findings into CI tests.

RAMPART is an open-source Microsoft framework for safety and security testing of agentic AI applications. It brings red-team findings into a pytest-native workflow so teams can turn prompt injection, unsafe tool use, and behavioral boundary failures into repeatable regression tests. The strongest aicoolies angle is developer workflow: RAMPART makes agent safety part of CI/CD instead of a one-off security review.

open-sourceOpen Source
Statewright logo

Statewright

State-machine guardrails for controlling which tools AI coding agents can use at each phase.

Statewright is a guardrail layer for AI coding agents that uses explicit state machines to control what an agent can do at each stage of a workflow. Instead of relying only on prompt instructions, teams can model phases such as plan, implement, test, and review, then constrain tool access for clients like Claude Code, Codex, Cursor, opencode, and related MCP workflows.

open-sourceOpen Source
Magika logo

Magika

AI-powered file-type detection at Google scale

Open-source AI-powered file-type detection tool from Google that uses a custom deep-learning model under a few megabytes to identify more than 200 binary and textual content types in milliseconds, even on a single CPU. Magika ships as a CLI, Python package, JavaScript/TypeScript library, and an ONNX model, achieves around 99% accuracy on its test set, and is already used at Google scale across Gmail, Drive, and Safe Browsing as well as by VirusTotal and abuse.ch.

freeOpen Source
Trent AI logo

Trent AI

Agentic AI security posture management

Trent AI is a specialized security platform for agentic AI applications providing AI Security Posture Management that compounds with every development cycle. Scans, judges, mitigates, and evaluates AI agent security detecting threats traditional tools miss including prompt injection attacks, tool misuse, unintended autonomous actions, data exfiltration through agent chains, and privilege escalation. Offers continuous assessment with remediation plan execution through Claude Code.

paid