Net_Sherlock is a Python CLI for IP and domain reconnaissance. It resolves DNS, enriches public IPs with ownership and geolocation data, fingerprints exposed web services, performs concurrent TCP checks, stores local scan history, and exports reports in multiple formats.
- IP and domain target support
- DNS collection for
A,AAAA,MX,NS,TXT, andCNAME - Reverse DNS and subnet calculation
- Concurrent TCP port checks with custom port lists
- HTTP/TLS fingerprinting for reachable web services
- Public IP enrichment with geolocation, RDAP, and proxy/VPN/Tor signals
- Local SQLite history with search and summary views
- Export formats:
terminal,json,csv,markdown - Batch execution from a target list
Clone the repository:
git clone https://github.com/SerhatYavuz/net-sherlock-cli.git
cd net-sherlock-cliAlternatively, download the project as a ZIP archive from GitHub and extract it locally.
General setup:
python3 -m venv .venv
source .venv/bin/activate
python3 -m pip install --upgrade pip
pip install -r requirements.txtOptional local package install:
pip install .Kali/Debian prerequisites if needed:
sudo apt update
sudo apt install -y python3 python3-venv python3-pippython3 -m net_sherlock interactive
python3 -m net_sherlock scan 1.1.1.1
python3 -m net_sherlock scan example.com --format markdown --output report.md
python3 -m net_sherlock batch --input targets.txt --format json --output batch_reports
python3 -m net_sherlock history --limit 10 --sort risk
python3 -m net_sherlock history --statsCompatibility entrypoint:
python3 main.py- Default history is stored outside the repository at
~/.net_sherlock/history.db. - Public IP enrichment uses third-party services and can be rate-limited or temporarily unavailable.
- Non-public targets skip external enrichment and active lookups where appropriate.
- A single domain can resolve to multiple IPs; results are produced per resolved IP.
Optional environment variables:
NET_SHERLOCK_HOME=~/.net_sherlock
NET_SHERLOCK_DB_PATH=~/.net_sherlock/history.db
NET_SHERLOCK_REQUEST_TIMEOUT=10pytestThis project is provided for educational, defensive, and authorized security assessment use only.
You are solely responsible for how you use this software. Do not run it against systems, networks, or services that you do not own or do not have explicit permission to assess.
The author does not endorse misuse, unauthorized access, disruption, or unlawful activity, and assumes no responsibility or liability for any damage, claims, legal consequences, or losses resulting from misuse of this project.
MIT. See LICENSE.