403 and 404 Errors Still Persist When Querying Usernames #2308
Comments
|
Can I pick this up? |
|
I cannot understand the "Steps to Reproduce" as the sherlock.py file gives a list of links containing the provided username and not this table. Could you please elaborate? @CoffeeGeeker |
|
I cannot understand the "reproduction steps," because the sherlock.py file provides a list of links containing the given username, rather than this table. Could you elaborate on that? @CoffeeGeeker You can obtain it using sherlock --csv |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
|
To refocus the conversation: The issue isn't "why am I seeing 404s" it's "why are 404s being returned as hits when they should be ignored" Most targets use status codes to indicate positive/negative. Sometimes, however, this isn't doable for one reason or another. In these cases, redirect urls or error messages are sought instead. The problem with error messages is that they change over time, fail when different languages aren't added, or are more easily messed with by rate limiting/blocking. There are several ways to fix this at scale and many ways to fix it on an individual target level, which should be evaluated. But that's the gist of it all. |
Installation method
PyPI (via pip)
Description
When I query a username, 403 and 404 errors are still being reported
Steps to reproduce
"When I query a username, 403 and 404 errors are still being reported."
And usernames that should have information, such as 'X', are not being found in the query results.
Additional information
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: