Sherlock just Giving out false profiles

sherlock-project / sherlock

Hunt down social media accounts by username across social networks

https://sherlockproject.xyz

MIT License

52.98k stars 6.45k forks source link

Sherlock just Giving out false profiles #2126

Open NanduWasTaken opened 2 months ago

NanduWasTaken commented 2 months ago

Checklist

[x] I'm reporting a bug in Sherlock's functionality
[x] The bug I'm reporting is not a false positive or a false negative
[x] I've verified that I'm running the latest version of Sherlock
[x] I've checked for similar bug reports including closed ones
[x] I've checked for pull requests that attempt to fix this bug

Description

Sherlock just giving off found statement even though the profiles may be deleted, banned, inaccessible and even when the site is telling profile not found in some and also even fucking 404 in some.

Just check out this thing Screenshot_2024-05-16-19-01-53-099

Manishmrgn commented 2 months ago

Hi I would like to take a go at the bug. I will check the http replys.

ppfeister commented 2 months ago

Kick was addressed in #2123, which was merged about two days ago. The fix however was applied within Sherlock itself and not to the manifest, so it would require an update (relates to waf filtering).

If you're running the PyPI (pip) or Homebrew image then it'll be pushed out shortly.

Otherwise...

Seems that Cults3D doesn't like dots in usernames. Likely needs a regexCheck added. EyeEm and Star Citizen are also reproducible.

Other sites listed I was unable to reproduce. Could be a regional difference. Without any indication as to which ones are false positives, that's all I've got.

Feel free to open a pr if you have luck resolving the F+ @Manishmrgn !

ppfeister commented 2 months ago

PyPI image updated with mentioned WAF fingerprinting changes for Kick (homebrew should soon follow, whenever the automation starts)

pandyah5 commented 1 month ago

Debugging the issue: @ppfeister I glanced through the code and the issue for EyeEm seems to be in the detection algorithm. The errorType is set to status_code, however a simple curl request to an unavailable username in EyeEm shows the response code as 200.

Potential solution All unavailable usernames are accompanied by the error message:

"Whoops! We can't find the page you're looking for..."

If you wish I can make a PR for making this change and fixing it for this website. I understand that error message is the least reliable detection mechanism hence if you have better ideas I am all ears for it.

pandyah5 commented 1 month ago

@ppfeister I have opened a PR addressing the issue for EyeEm. I was going to look into the other site but noticed that @Manishmrgn wanted to work on it. If you need a hand with the other websites feel free to hit me up @Manishmrgn 😄

ppfeister commented 1 month ago

Appreciate the fix @pandyah5! It does seem like message is the right way to go here. I was able to validate and merge into master. Changes should be live in a few mins. Welcome to the contribution tree.

To keep things tidy for the next reviewers... Cults3D and Star Citizen remain.