403 and 404 Errors Still Persist When Querying Usernames
CoffeeGeeker opened this issue · 7 comments
Installation method
PyPI (via pip)
Description
When I query a username, 403 and 404 errors are still being reported
Steps to reproduce
"When I query a username, 403 and 404 errors are still being reported."
And usernames that should have information, such as 'X', are not being found in the query results.
Additional information
No response
Code of Conduct
- I agree to follow this project's Code of Conduct
Can I pick this up?
I cannot understand the "Steps to Reproduce" as the sherlock.py file gives a list of links containing the provided username and not this table. Could you please elaborate? @CoffeeGeeker
I cannot understand the "reproduction steps," because the sherlock.py file provides a list of links containing the given username, rather than this table. Could you elaborate on that? @CoffeeGeeker
You can obtain it using sherlock --csv
Likely due to your IP being flagged / requiring captcha
Status code 403 and 404 signifies that user need to fill the captcha but he/she failed to fill that captcha which leads to failure of validation of the user and as a result the server is giving status code as 403 OR 404.
Status code 403 and 404 signifies that user need to fill the captcha but he/she failed to fill that captcha which leads to failure of validation of the user and as a result the server is giving status code as 403 OR 404.
Yes, it's usually caused by a bad IP score
To refocus the conversation:
The issue isn't "why am I seeing 404s" it's "why are 404s being returned as hits when they should be ignored"
Most targets use status codes to indicate positive/negative. Sometimes, however, this isn't doable for one reason or another. In these cases, redirect urls or error messages are sought instead. The problem with error messages is that they change over time, fail when different languages aren't added, or are more easily messed with by rate limiting/blocking.
There are several ways to fix this at scale and many ways to fix it on an individual target level, which should be evaluated. But that's the gist of it all.