mirror
/
sherlock
mirror of https://github.com/sherlock-project/sherlock.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into patch-1

This commit is contained in:
Paul Pfeister 2025-02-03 03:00:53 -05:00 committed by GitHub
parent 86387d0baf 73df548532
commit 9eb100c819
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
12 changed files with 258 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/ISSUE_TEMPLATE/bug-report.yml vendored
View File

@ -19,6 +19,15 @@ body:
- Other (indicate below)
validations:
required: true
- type: input
id: package-version
attributes:
label: Package version
description: |
Knowing the version of the package you are using can help us diagnose your issue more quickly.
You can find the version by running `sherlock --version`.
validations:
required: true
- type: textarea
id: description
attributes:

1
.github/workflows/regression.yml vendored
View File

@ -49,7 +49,6 @@ jobs:
macos-latest,
]
python-version: [
'3.8',
'3.9',
'3.10',
'3.11',

19
docs/README.md
View File

@ -22,18 +22,21 @@
## Installation
> [!WARNING]
> Packages for ParrotOS and Ubuntu 24.04, maintained by a third party, appear to be __broken__.
> Users of these systems should defer to pipx/pip or Docker.
| | Command | Notes |
| - | - | - |
| PyPI | `pipx install sherlock-project` | `pip` may be used in place of `pipx` |
| Docker | `docker pull sherlock/sherlock` | |
| Debian family | `apt install sherlock` | Kali, Parrot, Debian Testing and Sid |
| BlackArch | `pacman -S sherlock` | |
| Homebrew | `brew install sherlock` | |
| Method | Notes |
| - | - |
| `pipx install sherlock-project` | `pip` may be used in place of `pipx` |
| `docker run -it --rm sherlock/sherlock` |
| `dnf install sherlock-project` | |
Community-maintained packages are available for Debian (>= 13), Ubuntu (>= 22.10), Homebrew, Kali, and BlackArch. These packages are not directly supported or maintained by the Sherlock Project.
See all alternative installation methods [here](https://sherlockproject.xyz/installation)
## Usage
## General usage
To search for only one user:
```bash

64
docs/removed-sites.md
View File

@ -1892,4 +1892,66 @@ __2024-06-10 :__ Http request returns 403 forbidden, and tries to verify the con
```
## Alik.cz
__2024-07-21 :__ Target is now BLACKLISTED from the default manifest due to the site recieving unnecessarily high traffic from Sherlock. This target is not permitted to be reactivited. Inclusion in unrelated manifests is not impacted, but it is discouraged.
__2024-07-21 :__ Target is now BLACKLISTED from the default manifest due to the site recieving unnecessarily high traffic from Sherlock (by request of the site owners). This target is not permitted to be reactivited. Inclusion in unrelated manifests is not impacted, but it is discouraged.
## 8tracks
__2025-02-02 :__ Might be dead again. Nobody knows for sure.
```json
"8tracks": {
"errorType": "message",
"errorMsg": "\"available\":true",
"headers": {
"Accept-Language": "en-US,en;q=0.5"
},
"url": "https://8tracks.com/{}",
"urlProbe": "https://8tracks.com/users/check_username?login={}&format=jsonh",
"urlMain": "https://8tracks.com/",
"username_claimed": "blue"
}
```
## Shpock
__2025-02-02 :__ Can likely be added back with a new endpoint (source username availability endpoint from mobile app reg flow?)
```json
"Shpock": {
"errorType": "status_code",
"url": "https://www.shpock.com/shop/{}/items",
"urlMain": "https://www.shpock.com/",
"username_claimed": "user"
}
```
## Twitch
__2025-02-02 :__
```json
"Twitch": {
"errorType": "message",
"errorMsg": "components.availability-tracking.warn-unavailable.component",
"url": "https://www.twitch.tv/{}",
"urlMain": "https://www.twitch.tv/",
"urlProbe": "https://m.twitch.tv/{}",
"username_claimed": "jenny"
}
```
## Fiverr
__2025-02-02 :__ Fiverr added CSRF protections that messed with this test
```json
"Fiverr": {
"errorMsg": "\"status\":\"success\"",
"errorType": "message",
"headers": {
"Content-Type": "application/json",
"Accept-Language": "en-US,en;q=0.9"
},
"regexCheck": "^[A-Za-z][A-Za-z\\d_]{5,14}$",
"request_method": "POST",
"request_payload": {
"username": "{}"
},
"url": "https://www.fiverr.com/{}",
"urlMain": "https://www.fiverr.com/",
"urlProbe": "https://www.fiverr.com/validate_username",
"username_claimed": "blueman"
}
```

5
pyproject.toml
View File

@ -40,7 +40,7 @@ repository = "https://github.com/sherlock-project/sherlock"
"Bug Tracker" = "https://github.com/sherlock-project/sherlock/issues"
[tool.poetry.dependencies]
python = "^3.8"
python = "^3.9"
certifi = ">=2019.6.16"
colorama = "^0.4.1"
PySocks = "^1.7.0"
@ -48,8 +48,7 @@ requests = "^2.22.0"
requests-futures = "^1.0.0"
stem = "^1.8.0"
torrequest = "^0.1.0"
# pandas can likely be bumped up to ^2.0.0 after fc39 EOL
pandas = ">=1.0.0,<3.0.0"
pandas = "^2.2.1"
openpyxl = "^3.0.10"
[tool.poetry.extras]

4
sherlock_project/__main__.py
View File

@ -14,8 +14,8 @@ if __name__ == "__main__":
# Check if the user is using the correct version of Python
python_version = sys.version.split()[0]
if sys.version_info < (3, 8):
print(f"Sherlock requires Python 3.8+\nYou are using Python {python_version}, which is not supported by Sherlock.")
if sys.version_info < (3, 9):
print(f"Sherlock requires Python 3.9+\nYou are using Python {python_version}, which is not supported by Sherlock.")
sys.exit(1)
from sherlock_project import sherlock

0
sherlock_project/py.typed Normal file
View File

253
sherlock_project/resources/data.json
View File

@ -30,13 +30,6 @@
"urlMain": "https://www.7cups.com/",
"username_claimed": "blue"
},
"8tracks": {
"errorMsg": "This page has vanished",
"errorType": "message",
"url": "https://8tracks.com/{}",
"urlMain": "https://8tracks.com/",
"username_claimed": "blue"
},
"9GAG": {
"errorType": "status_code",
"url": "https://www.9gag.com/u/{}",
@ -72,13 +65,6 @@
"urlMain": "https://admireme.vip/",
"username_claimed": "DemiDevil"
},
"Air Pilot Life": {
"errorMsg": "Oops! That page doesn\u2019t exist or is private",
"errorType": "message",
"url": "https://airlinepilot.life/u/{}",
"urlMain": "https://airlinepilot.life/",
"username_claimed": "chris"
},
"Airbit": {
"errorType": "status_code",
"url": "https://airbit.com/{}",
@ -107,12 +93,6 @@
"urlMain": "https://allmylinks.com/",
"username_claimed": "blue"
},
"Amino": {
"errorType": "status_code",
"url": "https://aminoapps.com/u/{}",
"urlMain": "https://aminoapps.com",
"username_claimed": "blue"
},
"AniWorld": {
"errorMsg": "Dieses Profil ist nicht verf\u00fcgbar",
"errorType": "message",
@ -159,7 +139,8 @@
"__comment__": "'The resource could not be found' relates to archive downtime",
"errorMsg": [
"could not fetch an account with user item identifier",
"The resource could not be found"
"The resource could not be found",
"Internet Archive services are temporarily offline"
],
"errorType": "message",
"url": "https://archive.org/details/@{}",
@ -193,6 +174,12 @@
"urlMain": "https://ask.fm/",
"username_claimed": "blue"
},
"Atcoder": {
"errorType": "status_code",
"url": "https://atcoder.jp/users/{}",
"urlMain": "https://atcoder.jp/",
"username_claimed": "ksun48"
},
"Audiojungle": {
"errorType": "status_code",
"regexCheck": "^[a-zA-Z0-9_]+$",
@ -223,7 +210,7 @@
"BOOTH": {
"errorType": "response_url",
"errorUrl": "https://booth.pm/",
"regexCheck": "^[a-zA-Z0-9@_-]$",
"regexCheck": "^[\\w@-]+?$",
"url": "https://{}.booth.pm/",
"urlMain": "https://booth.pm/",
"username_claimed": "blue"
@ -259,12 +246,6 @@
"urlMain": "https://www.biggerpockets.com/",
"username_claimed": "blue"
},
"Bikemap": {
"errorType": "status_code",
"url": "https://www.bikemap.net/en/u/{}/routes/created/",
"urlMain": "https://www.bikemap.net/",
"username_claimed": "bikemap"
},
"BioHacking": {
"errorType": "status_code",
"url": "https://forum.dangerousthings.com/u/{}",
@ -298,11 +279,12 @@
"urlMain": "https://www.blogger.com/",
"username_claimed": "blue"
},
"BodyBuilding": {
"errorType": "response_url",
"errorUrl": "https://bodyspace.bodybuilding.com/",
"url": "https://bodyspace.bodybuilding.com/{}",
"urlMain": "https://bodyspace.bodybuilding.com/",
"BoardGameGeek": {
"errorType": "message",
"regexCheck": "^[a-zA-Z0-9_]*$",
"errorMsg": "User not found",
"url": "https://boardgamegeek.com/user/{}",
"urlMain": "https://boardgamegeek.com",
"username_claimed": "blue"
},
"BongaCams": {
@ -385,7 +367,7 @@
"Carbonmade": {
"errorType": "response_url",
"errorUrl": "https://carbonmade.com/fourohfour?domain={}.carbonmade.com",
"regexCheck": "^[a-zA-Z0-9@_-]$",
"regexCheck": "^[\\w@-]+?$",
"url": "https://{}.carbonmade.com",
"urlMain": "https://carbonmade.com/",
"username_claimed": "jenny"
@ -559,7 +541,7 @@
},
"Crevado": {
"errorType": "status_code",
"regexCheck": "^[a-zA-Z0-9@_-]$",
"regexCheck": "^[\\w@-]+?$",
"url": "https://{}.crevado.com",
"urlMain": "https://crevado.com/",
"username_claimed": "blue"
@ -628,6 +610,14 @@
"urlMain": "https://deviantart.com",
"username_claimed": "blue"
},
"DigitalSpy": {
"errorMsg": "The page you were looking for could not be found.",
"errorType": "message",
"url": "https://forums.digitalspy.com/profile/{}",
"urlMain": "https://forums.digitalspy.com/",
"username_claimed": "blue",
"regexCheck": "^\\w{3,20}$"
},
"Discogs": {
"errorType": "status_code",
"url": "https://www.discogs.com/user/{}",
@ -682,9 +672,7 @@
"Duolingo": {
"errorMsg": "{\"users\":[]}",
"errorType": "message",
"headers": {
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0"
},
"url": "https://www.duolingo.com/profile/{}",
"urlMain": "https://duolingo.com/",
"urlProbe": "https://www.duolingo.com/2017-06-30/users?username={}",
@ -697,6 +685,12 @@
"urlMain": "https://community.eintracht.de/",
"username_claimed": "mmammu"
},
"Empretienda AR": {
"errorType": "status_code",
"url": "https://{}.empretienda.com.ar",
"urlMain": "https://empretienda.com",
"username_claimed": "camalote"
},
"Envato Forum": {
"errorType": "status_code",
"url": "https://forums.envato.com/u/{}",
@ -712,10 +706,17 @@
},
"Exposure": {
"errorType": "status_code",
"regexCheck": "^[a-zA-Z0-9-]{1,63}$",
"url": "https://{}.exposure.co/",
"urlMain": "https://exposure.co/",
"username_claimed": "jonasjacobsson"
},
"exophase": {
"errorType": "status_code",
"url": "https://www.exophase.com/user/{}/",
"urlMain": "https://www.exophase.com/",
"username_claimed": "blue"
},
"EyeEm": {
"errorType": "status_code",
"url": "https://www.eyeem.com/u/{}",
@ -753,19 +754,6 @@
"urlMain": "https://www.finanzfrage.net/",
"username_claimed": "finanzfrage"
},
"Fiverr": {
"errorMsg": "\"status\":\"success\"",
"errorType": "message",
"regexCheck": "^[A-Za-z][A-Za-z\\d_]{5,14}$",
"request_method": "POST",
"request_payload": {
"username": "{}"
},
"url": "https://www.fiverr.com/{}",
"urlMain": "https://www.fiverr.com/",
"urlProbe": "https://www.fiverr.com/validate_username",
"username_claimed": "blueman"
},
"Flickr": {
"errorType": "status_code",
"url": "https://www.flickr.com/people/{}",
@ -896,14 +884,15 @@
"username_claimed": "bob"
},
"Giphy": {
"errorType": "status_code",
"errorType": "message",
"errorMsg": "<title> GIFs - Find &amp; Share on GIPHY</title>",
"url": "https://giphy.com/{}",
"urlMain": "https://giphy.com/",
"username_claimed": "blue"
"username_claimed": "red"
},
"GitBook": {
"errorType": "status_code",
"regexCheck": "^[a-zA-Z0-9@_-]$",
"regexCheck": "^[\\w@-]+?$",
"url": "https://{}.gitbook.io/",
"urlMain": "https://gitbook.com/",
"username_claimed": "gitbook"
@ -985,8 +974,8 @@
},
"HackTheBox": {
"errorType": "status_code",
"url": "https://forum.hackthebox.eu/profile/{}",
"urlMain": "https://forum.hackthebox.eu/",
"url": "https://forum.hackthebox.com/u/{}",
"urlMain": "https://forum.hackthebox.com/",
"username_claimed": "angar"
},
"Hackaday": {
@ -996,7 +985,7 @@
"username_claimed": "adam"
},
"HackenProof (Hackers)": {
"errorMsg": "<title>Web3\u2019s Largest Ethical Hackers Community | HackenProof</title>",
"errorMsg": "Page not found",
"errorType": "message",
"regexCheck": "^[\\w-]{,34}$",
"url": "https://hackenproof.com/hackers/{}",
@ -1069,8 +1058,7 @@
"username_claimed": "red"
},
"Houzz": {
"errorMsg": "The page you requested was not found.",
"errorType": "message",
"errorType": "status_code",
"url": "https://houzz.com/user/{}",
"urlMain": "https://houzz.com/",
"username_claimed": "blue"
@ -1089,12 +1077,18 @@
"username_claimed": "blue"
},
"HudsonRock": {
"errorMsg": "No results",
"errorMsg": "This username is not associated",
"errorType": "message",
"url": "https://cavalier.hudsonrock.com/api/json/v2/osint-tools/search-by-username?username={}",
"urlMain": "https://hudsonrock.com",
"username_claimed": "testadmin"
},
"Hugging Face": {
"errorType": "status_code",
"url": "https://huggingface.co/{}",
"urlMain": "https://huggingface.co/",
"username_claimed": "Pasanlaksitha"
},
"IFTTT": {
"errorType": "status_code",
"regexCheck": "^[A-Za-z0-9]{3,35}$",
@ -1173,7 +1167,7 @@
},
"Itch.io": {
"errorType": "status_code",
"regexCheck": "^[a-zA-Z0-9@_-]$",
"regexCheck": "^[\\w@-]+?$",
"url": "https://{}.itch.io/",
"urlMain": "https://itch.io/",
"username_claimed": "blue"
@ -1194,7 +1188,7 @@
},
"Jimdo": {
"errorType": "status_code",
"regexCheck": "^[a-zA-Z0-9@_-]$",
"regexCheck": "^[\\w@-]+?$",
"url": "https://{}.jimdosite.com",
"urlMain": "https://jimdosite.com/",
"username_claimed": "jenny"
@ -1231,8 +1225,7 @@
},
"Kick": {
"__comment__": "Cloudflare. Only viable when proxied.",
"errorMsg": "Not Found",
"errorType": "message",
"errorType": "status_code",
"url": "https://kick.com/{}",
"urlMain": "https://kick.com/",
"urlProbe": "https://kick.com/api/v2/channels/{}",
@ -1249,8 +1242,7 @@
"Kongregate": {
"errorType": "status_code",
"headers": {
"Accept": "text/html",
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0"
"Accept": "text/html"
},
"regexCheck": "^[a-zA-Z][a-zA-Z0-9_-]*$",
"url": "https://www.kongregate.com/accounts/{}",
@ -1289,24 +1281,24 @@
"username_claimed": "blue"
},
"LibraryThing": {
"errorMsg": "Catalog your books online",
"errorMsg": "<p>Error: This user doesn't exist</p>",
"errorType": "message",
"headers": {
"Cookie": "LTAnonSessionID=3159599315; LTUnifiedCookie=%7B%22areyouhuman%22%3A1%7D; "
},
"url": "https://www.librarything.com/profile/{}",
"urlMain": "https://www.librarything.com/",
"username_claimed": "blue"
},
"Lichess": {
"errorMsg": "Page not found!",
"errorType": "message",
"errorType": "status_code",
"url": "https://lichess.org/@/{}",
"urlMain": "https://lichess.org",
"username_claimed": "blue"
"username_claimed": "john"
},
"LinkedIn": {
"errorType": "status_code",
"headers": {
"User-Agent": "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http://www.google.com/bot.html) Chrome/W.X.Y.Z Safari/537.36"
},
"regexCheck": "^[a-zA-Z0-9]{3,100}$",
"request_method": "GET",
"url": "https://linkedin.com/in/{}",
@ -1664,8 +1656,7 @@
"username_claimed": "blue"
},
"ProductHunt": {
"errorMsg": "We seem to have lost this page",
"errorType": "message",
"errorType": "status_code",
"url": "https://www.producthunt.com/@{}",
"urlMain": "https://www.producthunt.com/",
"username_claimed": "jenny"
@ -1679,16 +1670,23 @@
"PyPi": {
"errorType": "status_code",
"url": "https://pypi.org/user/{}",
"urlProbe": "https://pypi.org/_includes/administer-user-include/{}",
"urlMain": "https://pypi.org",
"username_claimed": "Blue"
},
"Rajce.net": {
"errorType": "status_code",
"regexCheck": "^[a-zA-Z0-9@_-]$",
"regexCheck": "^[\\w@-]+?$",
"url": "https://{}.rajce.idnes.cz/",
"urlMain": "https://www.rajce.idnes.cz/",
"username_claimed": "blue"
},
"Rarible": {
"errorType": "status_code",
"url": "https://rarible.com/marketplace/api/v4/urls/{}",
"urlMain": "https://rarible.com/",
"username_claimed": "blue"
},
"Rate Your Music": {
"errorType": "status_code",
"url": "https://rateyourmusic.com/~{}",
@ -1825,12 +1823,6 @@
"urlMain": "https://www.shitpostbot.com/",
"username_claimed": "blue"
},
"Shpock": {
"errorType": "status_code",
"url": "https://www.shpock.com/shop/{}/items",
"urlMain": "https://www.shpock.com/",
"username_claimed": "user"
},
"Signal": {
"errorMsg": "Oops! That page doesn\u2019t exist or is private.",
"errorType": "message",
@ -1866,7 +1858,8 @@
"username_claimed": "blue"
},
"SlideShare": {
"errorType": "status_code",
"errorType": "message",
"errorMsg": "<title>Username available</title>",
"url": "https://slideshare.net/{}",
"urlMain": "https://slideshare.net/",
"username_claimed": "blue"
@ -1880,6 +1873,7 @@
},
"SmugMug": {
"errorType": "status_code",
"regexCheck": "^[a-zA-Z]{1,35}$",
"url": "https://{}.smugmug.com",
"urlMain": "https://smugmug.com",
"username_claimed": "winchester"
@ -1919,11 +1913,10 @@
"username_claimed": "adam"
},
"Speedrun.com": {
"errorMsg": "Not found",
"errorType": "message",
"url": "https://speedrun.com/user/{}",
"errorType": "status_code",
"url": "https://speedrun.com/users/{}",
"urlMain": "https://speedrun.com/",
"username_claimed": "3Tau"
"username_claimed": "example"
},
"Spells8": {
"errorType": "status_code",
@ -1964,9 +1957,7 @@
},
"Spotify": {
"errorType": "status_code",
"headers": {
"user-agent": "PostmanRuntime/7.29.2"
},
"url": "https://open.spotify.com/user/{}",
"urlMain": "https://open.spotify.com/",
"username_claimed": "blue"
@ -1993,8 +1984,7 @@
"username_claimed": "blue"
},
"Strava": {
"errorMsg": "Strava | Running, Cycling &amp; Hiking App - Train, Track &amp; Share",
"errorType": "message",
"errorType": "status_code",
"regexCheck": "^[^.]*?$",
"url": "https://www.strava.com/athletes/{}",
"urlMain": "https://www.strava.com/",
@ -2014,12 +2004,19 @@
"urlProbe": "https://ch.tetr.io/api/users/{}",
"username_claimed": "osk"
},
"TLDR Legal": {
"Tiendanube": {
"url": "https://{}.mitiendanube.com/",
"urlMain": "https://www.tiendanube.com/",
"errorType": "status_code",
"regexCheck": "^[a-zA-Z0-9]{3,20}$",
"url": "https://tldrlegal.com/users/{}/",
"urlMain": "https://tldrlegal.com/",
"username_claimed": "kevin"
"username_claimed": "blue"
},
"Topcoder": {
"errorType": "status_code",
"url": "https://profiles.topcoder.com/{}/",
"urlMain": "https://topcoder.com/",
"username_claimed": "USER",
"urlProbe": "https://api.topcoder.com/v5/members/{}",
"regexCheck": "[a-zA-Z0-9 ]"
},
"TRAKTRAIN": {
"errorType": "status_code",
@ -2129,20 +2126,16 @@
"urlMain": "https://tweakers.net",
"username_claimed": "femme"
},
"Twitch": {
"errorType": "status_code",
"url": "https://www.twitch.tv/{}",
"urlMain": "https://www.twitch.tv/",
"urlProbe": "https://m.twitch.tv/{}",
"username_claimed": "jenny"
},
"Twitter": {
"errorMsg": "<div class=\"error-panel\"><span>User ",
"errorMsg": [
"<div class=\"error-panel\"><span>User ",
"<title>429 Too Many Requests</title>"
],
"errorType": "message",
"regexCheck": "^[a-zA-Z0-9_]{1,15}$",
"url": "https://x.com/{}",
"urlMain": "https://x.com/",
"urlProbe": "https://nitter.net/{}",
"urlProbe": "https://nitter.privacydev.net/{}",
"username_claimed": "blue"
},
"Typeracer": {
@ -2184,6 +2177,12 @@
"urlMain": "https://vsco.co/",
"username_claimed": "blue"
},
"Velog": {
"errorType": "status_code",
"url": "https://velog.io/@{}/posts",
"urlMain": "https://velog.io/",
"username_claimed": "qlgks1"
},
"Velomania": {
"errorMsg": "\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043d\u0435 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d \u0438 \u043d\u0435 \u0438\u043c\u0435\u0435\u0442 \u043f\u0440\u043e\u0444\u0438\u043b\u044f \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430.",
"errorType": "message",
@ -2205,7 +2204,8 @@
"username_claimed": "jenny"
},
"Vero": {
"errorType": "status_code",
"errorMsg": "Not Found",
"errorType": "message",
"request_method": "GET",
"url": "https://vero.co/{}",
"urlMain": "https://vero.co/",
@ -2225,6 +2225,12 @@
"urlProbe": "https://www.virustotal.com/ui/users/{}/avatar",
"username_claimed": "blue"
},
"VLR": {
"errorType": "status_code",
"url": "https://www.vlr.gg/user/{}",
"urlMain": "https://www.vlr.gg",
"username_claimed": "optms"
},
"WICG Forum": {
"errorType": "status_code",
"regexCheck": "^(?![.-])[a-zA-Z0-9_.-]{3,20}$",
@ -2247,7 +2253,7 @@
},
"WebNode": {
"errorType": "status_code",
"regexCheck": "^[a-zA-Z0-9@_-]$",
"regexCheck": "^[\\w@-]+?$",
"url": "https://{}.webnode.cz/",
"urlMain": "https://www.webnode.cz/",
"username_claimed": "radkabalcarova"
@ -2261,6 +2267,7 @@
},
"Weebly": {
"errorType": "status_code",
"regexCheck": "^[a-zA-Z0-9-]{1,63}$",
"url": "https://{}.weebly.com/",
"urlMain": "https://weebly.com/",
"username_claimed": "blue"
@ -2287,7 +2294,7 @@
},
"Wix": {
"errorType": "status_code",
"regexCheck": "^[a-zA-Z0-9@_-]$",
"regexCheck": "^[\\w@-]+?$",
"url": "https://{}.wix.com",
"urlMain": "https://wix.com/",
"username_claimed": "support"
@ -2375,9 +2382,7 @@
},
"YouTube": {
"errorType": "status_code",
"headers": {
"User-Agent": "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http://www.google.com/bot.html) Chrome/W.X.Y.Z Safari/537.36"
},
"url": "https://www.youtube.com/@{}",
"urlMain": "https://www.youtube.com/",
"username_claimed": "youtube"
@ -2395,7 +2400,10 @@
"username_claimed": "blue"
},
"babyRU": {
"errorMsg": "\u0421\u0442\u0440\u0430\u043d\u0438\u0446\u0430, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0432\u044b \u0438\u0441\u043a\u0430\u043b\u0438, \u043d\u0435 \u043d\u0430\u0439\u0434\u0435\u043d\u0430",
"errorMsg": [
"\u0421\u0442\u0440\u0430\u043d\u0438\u0446\u0430, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0432\u044b \u0438\u0441\u043a\u0430\u043b\u0438, \u043d\u0435 \u043d\u0430\u0439\u0434\u0435\u043d\u0430",
"Доступ с вашего IP-адреса временно ограничен"
],
"errorType": "message",
"url": "https://www.baby.ru/u/{}/",
"urlMain": "https://www.baby.ru/",
@ -2660,7 +2668,7 @@
},
"nnRU": {
"errorType": "status_code",
"regexCheck": "^[a-zA-Z0-9@_-]$",
"regexCheck": "^[\\w@-]+?$",
"url": "https://{}.www.nn.ru/",
"urlMain": "https://www.nn.ru/",
"username_claimed": "blue"
@ -2677,6 +2685,14 @@
"urlMain": "https://www.npmjs.com/",
"username_claimed": "kennethsweezy"
},
"omg.lol": {
"errorMsg": "\"available\": true",
"errorType": "message",
"url": "https://{}.omg.lol",
"urlMain": "https://home.omg.lol",
"urlProbe": "https://api.omg.lol/address/{}/availability",
"username_claimed": "adam"
},
"opennet": {
"errorMsg": "\u0418\u043c\u044f \u0443\u0447\u0430\u0441\u0442\u043d\u0438\u043a\u0430 \u043d\u0435 \u043d\u0430\u0439\u0434\u0435\u043d\u043e",
"errorType": "message",
@ -2738,7 +2754,7 @@
},
"skyrock": {
"errorType": "status_code",
"regexCheck": "^[a-zA-Z0-9@_-]$",
"regexCheck": "^[\\w@-]+?$",
"url": "https://{}.skyrock.com/",
"urlMain": "https://skyrock.com/",
"username_claimed": "red"
@ -2809,5 +2825,12 @@
"url": "https://v0.dev/{}",
"urlMain": "https://v0.dev",
"username_claimed": "t3dotgg"
},
"Bluesky": {
"errorType": "status_code",
"url": "https://bsky.app/profile/{}.bsky.social",
"urlProbe": "https://public.api.bsky.app/xrpc/app.bsky.actor.getProfile?actor={}.bsky.social",
"urlMain": "https://bsky.app/",
"username_claimed": "mcuban"
}
}

38
sherlock_project/sherlock.py
View File

@ -24,6 +24,7 @@ import re
from argparse import ArgumentParser, RawDescriptionHelpFormatter
from json import loads as json_loads
from time import monotonic
from typing import Optional
import requests
from requests_futures.sessions import FuturesSession
@ -167,14 +168,14 @@ def multiple_usernames(username):
def sherlock(
username,
site_data,
username: str,
site_data: dict,
query_notify: QueryNotify,
tor: bool = False,
unique_tor: bool = False,
dump_response: bool = False,
proxy=None,
timeout=60,
proxy: Optional[str] = None,
timeout: int = 60,
):
"""Run Sherlock Analysis.
@ -261,7 +262,7 @@ def sherlock(
# A user agent is needed because some sites don't return the correct
# information since they think that we are bots (Which we actually are...)
headers = {
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0",
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:129.0) Gecko/20100101 Firefox/129.0",
}
if "headers" in net_info:
@ -412,8 +413,10 @@ def sherlock(
# be highly targetted. Comment at the end of each fingerprint to
# indicate target and date fingerprinted.
WAFHitMsgs = [
'.loading-spinner{visibility:hidden}body.no-js .challenge-running{display:none}body.dark{background-color:#222;color:#d9d9d9}body.dark a{color:#fff}body.dark a:hover{color:#ee730a;text-decoration:underline}body.dark .lds-ring div{border-color:#999 transparent transparent}body.dark .font-red{color:#b20f03}body.dark', # 2024-05-13 Cloudflare
'{return l.onPageView}}),Object.defineProperty(r,"perimeterxIdentifiers",{enumerable:' # 2024-04-09 PerimeterX / Human Security
r'.loading-spinner{visibility:hidden}body.no-js .challenge-running{display:none}body.dark{background-color:#222;color:#d9d9d9}body.dark a{color:#fff}body.dark a:hover{color:#ee730a;text-decoration:underline}body.dark .lds-ring div{border-color:#999 transparent transparent}body.dark .font-red{color:#b20f03}body.dark', # 2024-05-13 Cloudflare
r'<span id="challenge-error-text">', # 2024-11-11 Cloudflare error page
r'AwsWafIntegration.forceRefreshToken', # 2024-11-11 Cloudfront (AWS)
r'{return l.onPageView}}),Object.defineProperty(r,"perimeterxIdentifiers",{enumerable:' # 2024-04-09 PerimeterX / Human Security
]
if error_text is not None:
@ -474,7 +477,7 @@ def sherlock(
raise ValueError(
f"Unknown Error Type '{error_type}' for " f"site '{social_network}'"
)
if dump_response:
print("+++++++++++++++++++++")
print(f"TARGET NAME : {social_network}")
@ -784,7 +787,24 @@ def main():
os.path.join(os.path.dirname(__file__), "resources/data.json")
)
else:
sites = SitesInformation(args.json_file)
json_file_location = args.json_file
if args.json_file:
# If --json parameter is a number, interpret it as a pull request number
if args.json_file.isnumeric():
pull_number = args.json_file
pull_url = f"https://api.github.com/repos/sherlock-project/sherlock/pulls/{pull_number}"
pull_request_raw = requests.get(pull_url).text
pull_request_json = json_loads(pull_request_raw)
# Check if it's a valid pull request
if "message" in pull_request_json:
print(f"ERROR: Pull request #{pull_number} not found.")
sys.exit(1)
head_commit_sha = pull_request_json["head"]["sha"]
json_file_location = f"https://raw.githubusercontent.com/sherlock-project/sherlock/{head_commit_sha}/sherlock_project/resources/data.json"
sites = SitesInformation(json_file_location)
except Exception as error:
print(f"ERROR: {error}")
sys.exit(1)

7
tests/sherlock_interactives.py
View File

@ -7,8 +7,8 @@ class Interactives:
def run_cli(args:str = "") -> str:
"""Pass arguments to Sherlock as a normal user on the command line"""
# Adapt for platform differences (Windows likes to be special)
if platform.system == "Windows":
command:str = f"py -m sherlock {args}"
if platform.system() == "Windows":
command:str = f"py -m sherlock_project {args}"
else:
command:str = f"sherlock {args}"
@ -20,8 +20,7 @@ class Interactives:
raise InteractivesSubprocessError(e.output.decode())
# -> list[str] is prefered, but will require deprecation of support for Python 3.8
def walk_sherlock_for_files_with(pattern: str) -> list:
def walk_sherlock_for_files_with(pattern: str) -> list[str]:
"""Check all files within the Sherlock package for matching patterns"""
pattern:re.Pattern = re.compile(pattern)
matching_files:list[str] = []

2
tests/test_probes.py
View File

@ -44,7 +44,7 @@ class TestLiveTargets:
# Known positives should only use sites trusted to be reliable and unchanging
@pytest.mark.parametrize('site,username',[
('BodyBuilding', 'blue'),
('Keybase', 'blue'),
('devRant', 'blue'),
])
def test_known_positives_via_response_url(self, sites_info, site, username):

1
tox.ini
View File

@ -41,4 +41,3 @@ python =
3.11: py311
3.10: py310
3.9: py39
3.8: py38