sherlock icon indicating copy to clipboard operation
sherlock copied to clipboard
verified publisher icon sherlock-project

Sherlock just Giving out false profiles

Open NanduBit opened this issue 1 year ago • 3 comments

Checklist

  • [x] I'm reporting a bug in Sherlock's functionality
  • [x] The bug I'm reporting is not a false positive or a false negative
  • [x] I've verified that I'm running the latest version of Sherlock
  • [x] I've checked for similar bug reports including closed ones
  • [x] I've checked for pull requests that attempt to fix this bug

Description

Sherlock just giving off found statement even though the profiles may be deleted, banned, inaccessible and even when the site is telling profile not found in some and also even fucking 404 in some.

Just check out this thing Screenshot_2024-05-16-19-01-53-099

NanduBit avatar May 16 '24 13:05 NanduBit

Hi I would like to take a go at the bug. I will check the http replys.

Manishmrgn avatar May 16 '24 15:05 Manishmrgn

Kick was addressed in #2123, which was merged about two days ago. The fix however was applied within Sherlock itself and not to the manifest, so it would require an update (relates to waf filtering).

If you're running the PyPI (pip) or Homebrew image then it'll be pushed out shortly.

Otherwise...

Seems that Cults3D doesn't like dots in usernames. Likely needs a regexCheck added. EyeEm and Star Citizen are also reproducible.

Other sites listed I was unable to reproduce. Could be a regional difference. Without any indication as to which ones are false positives, that's all I've got.

Feel free to open a pr if you have luck resolving the F+ @Manishmrgn !

ppfeister avatar May 16 '24 16:05 ppfeister

PyPI image updated with mentioned WAF fingerprinting changes for Kick (homebrew should soon follow, whenever the automation starts)

ppfeister avatar May 26 '24 09:05 ppfeister

Debugging the issue: @ppfeister I glanced through the code and the issue for EyeEm seems to be in the detection algorithm. The errorType is set to status_code, however a simple curl request to an unavailable username in EyeEm shows the response code as 200.

Potential solution All unavailable usernames are accompanied by the error message:

"Whoops! We can't find the page you're looking for..."

If you wish I can make a PR for making this change and fixing it for this website. I understand that error message is the least reliable detection mechanism hence if you have better ideas I am all ears for it.

pandyah5 avatar May 29 '24 22:05 pandyah5

@ppfeister I have opened a PR addressing the issue for EyeEm. I was going to look into the other site but noticed that @Manishmrgn wanted to work on it. If you need a hand with the other websites feel free to hit me up @Manishmrgn 😄

pandyah5 avatar May 29 '24 23:05 pandyah5

Appreciate the fix @pandyah5! It does seem like message is the right way to go here. I was able to validate and merge into master. Changes should be live in a few mins. Welcome to the contribution tree.

To keep things tidy for the next reviewers... Cults3D and Star Citizen remain.

ppfeister avatar May 30 '24 00:05 ppfeister