Closed MillerMedia closed 10 months ago
princechaddha
commented
11 months ago Hi @MillerMedia, Thank you for taking the time to create this issue and for contributing to this project 🍻
I have tried a few more APIs, such as https://instagram-username.firebaseapp.com/ and https://api.zylalabs.com/instagram/username/availability?username=nuclei, but they don't seem to be working. If someone from the community could share any other API, we would update the template. Thank you once again
MillerMedia
commented
11 months ago It's strange because when I tested Instagram directly, it didn't work yesterday but now I can go without a logged in account and see either a page that exists:
https://www.instagram.com/officialrickastley/
Or one that throws an error:
https://www.instagram.com/sdgfhdg/
Not sure how consistent this is? Is there a reason instagram.com wasn't used directly in the template initially?
princechaddha
commented
10 months ago @MillerMedia We have updated the templates, Let us know if the changes look good to you. Thanks
Nuclei Version:
2.9.11
Template file:
http/osint/instagram.yaml
Command to reproduce:
nuclei -tags osint-social -var user=officialrickastley -t nuclei-templates/http/osint/instagram.yaml -debug
Using debug in some instances, you can see that the site (https://www.picuki.com/profile/{{user}}) is protected by Cloudflare. It seems to flag nuclei requests pretty consistently. I tried from an AWS server and from behind a VPN and both were blocked. It worked when I ran directly from my local computer's IP. Perhaps there is another Instagram mirror that would return more consistent results?