Sherlock

Sherlock is a tool for incident response teams to quickly gather log files and find system resources and binaries that may have been tampered with by attackers. This tool can also be used to establish baselines before an attack.

Information

Blue teaming and incident response can be stressful, hopefully this tool makes it a little easier!
Has only been tested on Debian based systems so far.

Usage

make # uses makefile and builds in /src/sherlock
sudo src/sherlock help

Services supported

Nginx
Apache2
OpenSSH-Server
MySQL Server

Example

sudo ./sherlock help

sudo ./sherlock nginxConfigSave

Dev environment

git clone https://github.com/Akshay-Rohatgi/Sherlock
cd Sherlock && bash misc/install.sh

Name		Name	Last commit message	Last commit date
Latest commit History 41 Commits
misc		misc
src		src
.gitignore		.gitignore
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

misc

misc

src

src

.gitignore

.gitignore

LICENSE

LICENSE

Makefile

Makefile

README.md

README.md

Repository files navigation

Sherlock

Information

Usage

Services supported

Example

Dev environment

About

Releases 1

Languages

License

Akshay-Rohatgi/Sherlock

Folders and files

Latest commit

History

Repository files navigation

Sherlock

Information

Usage

Services supported

Example

Dev environment

About

Topics

Resources

License

Stars

Watchers

Forks

Languages