Closed MillerMedia closed 10 months ago
Hi @MillerMedia, Thank you for taking the time to create this issue and for contributing to this project 🍻
I have tried a few more APIs, such as https://instagram-username.firebaseapp.com/ and https://api.zylalabs.com/instagram/username/availability?username=nuclei, but they don't seem to be working. If someone from the community could share any other API, we would update the template. Thank you once again
It's strange because when I tested Instagram directly, it didn't work yesterday but now I can go without a logged in account and see either a page that exists:
https://www.instagram.com/officialrickastley/
Or one that throws an error:
https://www.instagram.com/sdgfhdg/
Not sure how consistent this is? Is there a reason instagram.com wasn't used directly in the template initially?
@MillerMedia We have updated the templates, Let us know if the changes look good to you. Thanks
Nuclei Version:
2.9.11
Template file:
http/osint/instagram.yaml
Command to reproduce:
nuclei -tags osint-social -var user=officialrickastley -t nuclei-templates/http/osint/instagram.yaml -debug
Using debug in some instances, you can see that the site (https://www.picuki.com/profile/{{user}}) is protected by Cloudflare. It seems to flag nuclei requests pretty consistently. I tried from an AWS server and from behind a VPN and both were blocked. It worked when I ran directly from my local computer's IP. Perhaps there is another Instagram mirror that would return more consistent results?