sherlock: False positives
False positives for any username
Here’s an example output for a “random” username:
https://www.capfriendly.com/users/amffdsfjvidsvck
https://www.codechef.com/users/amffdsfjvidsvck
https://www.ebay.com/usr/amffdsfjvidsvck
https://www.gpsies.com/mapUser.do?username=amffdsfjvidsvck
https://www.twitter.com/amffdsfjvidsvck
Total Websites Username Detected On : 5
GPSies moved its website. CapFriendly is especially weird. It seems to generate random details for nonexistent users. The other ones say that the user doesn’t exist.
False positives for usernames with .
https://ask.fm/fghfgn.tiojydf
https://profil.chatujme.cz/fghfgn.tiojydf
https://coderwall.com/fghfgn.tiojydf
https://my.flightradar24.com/fghfgn.tiojydf
https://www.house-mixes.com/profile/fghfgn.tiojydf
https://www.ifttt.com/p/fghfgn.tiojydf
http://fghfgn.tiojydf.insanejournal.com/profile
https://tamtam.chat/fghfgn.tiojydf
https://www.taringa.net/fghfgn.tiojydf
https://t.me/fghfgn.tiojydf
https://trashbox.ru/users/fghfgn.tiojydf
https://easyen.ru/index/8-0-fghfgn.tiojydf
https://elwo.ru/index/8-0-fghfgn.tiojydf
http://ingvarr.net.ru/index/8-0-fghfgn.tiojydf
https://www.metacritic.com/user/fghfgn.tiojydf
http://pedsovet.su/index/8-0-fghfgn.tiojydf
https://radioskot.ru/index/8-0-fghfgn.tiojydf
False positives for usernames with _
https://fghfgn_tiojydf.en.aptoide.com/
Hostnames can’t contain underscores, by the way. Aptoide redirects to the homepage.
False positives for usernames with -
https://my.flightradar24.com/fghfgn-tiojydf
https://t.me/fghfgn-tiojydf
https://www.opennet.ru/~fghfgn-tiojydf
Others
Yandex sometimes redirects to a captcha, originating a false positive.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 8
- Comments: 31 (20 by maintainers)
I can confirm with latest version false positives for: https://www.clozemaster.com/ (uses method status_code but non existing accounts 302 redirects to /dashboard) https://4pda.ru - displays an error for non existing account but sherlock gives me false positive
@sdushantha Found a GET API from Polarsteps that would suit us better.
https://api.polarsteps.com/users/byusername/USERNAME
Also, the previously claimed username is a mistake, it didn’t exist. 😦
@roopeshvs If remember correctly, the checking of the redirect url does not actually work. https://github.com/sherlock-project/sherlock/blob/master/sherlock/sherlock.py#L356
Its been a very long time since I’ve properly looked at the source code, so Im not entirely sure what is going on. But Im sure if I take look at it when I get some time, I’ll get a better understanding of whats going on
@rodrigograca31 Regex would be nice. That means that I’d have to change the code a little in
sherlock.py. Because at the moment, we are check if theerrorMsgis inr.text. Instead, we could do are.findall(REGEX, r.text).I’ll try do add that into
sherlock.pyand see if everything works properly. But it might be a while before I get started because I’m pretty busyOh… True… I git cloned the repo 3 months ago… I should update… My bad.
I was about to ask why to remove TikTok but I gave it a trie and seems not easy to figure out if a user exists or not.
EDIT: Actually Im not sure if this will be useful but doing a
wgeton an existing user returns a page with JSON that includesmetaParamsobject/string in the code… (regex could detect that.)Just to clarify, some of these “false positives” may occur because your IP is being flagged as suspicious. If this is happening, capturing the error/captcha page would be helpful to note a fail/error.